Hello,
I hope you are well.
I was wondering if you add veth to the main bridge as described below, does this affect its hardware offloading capabilities? Any other negative consequences (beyond security implications)?
Specific device in question is CRS309-1G-8S+IN.
If talking about L2 HW offload ... then it's allways only operations which only involve switch-connected ports that are entirely handled by switch chip (e.g. ether1<->ether2). Anything involving other interfaces (wifi, L2 tunnels, anything else) will have to go via CPU.
So if there's traffic between e.g. ether2 and veth (or eoip), nothing will be offloaded, traffic will pass the normal L2 stack on CPU ... as if L2 HW offload didn't exist.
OK, not entirely true, if VLAN is involved, then handling of 802.1Q headers for the wired port will be handled by switch chip (all traffic over bridge is then tagged). But that's about it.