Bridge horizon disables HW offload. To use port isolation and still have HW offload too, it is necessary to use Switch port isolation instead.
Just curious, why isn’t the former implemented in terms of the latter? It looks like basically the same thing: for any ingress port with horizon set, set switch forward override to a set of egress ports for which horizon value is different (including none). It would be easier to configure and less error-prone, or am I missing something and there is actually some significant difference between these features? The most intuitive way is actually for N ports a matrix of N*N bits (except the diagonal) like in SwOS and probably what actually gets programmed to switch chip registers.
Perhaps because horizon has been around for a long time and works on all platforms (I believe)
Switch port isolation not so much. Use Switch port isolation if available.
The same can be said about the bridge itself, for a long time it was software only while any HW offload was in the Switch menu and dependent on specific switch chip features. Later HW offload was implemented but this one feature was simply forgotten - or was there some reason for that? Some switch chips got HW offloaded VLAN filtering much later (7.x), but still no HW offloaded bridge horizon. Or is there some difference (other than HW offloading support or lack of it) between bridge horizon and switch port isolation?