Are you sure about this? I seem to be able to transfer at wire speed across all the ports without hitting the CPU. This is NOT the case through the bridging method. I was seeing <100Mbps that way.
...
Unless Mikrotik has made some design changes recently, very sure. When you go from one vlan to another, it will use routing for this and this has to go via CPU. The Hex POE has a shared 1Gb path to CPU for all ports, from my understanding you only tested one direction, i.e. from one port/vlan to another hence you got the full 1Gb performance as per 1Gb path to CPU, should you have done two, i.e.from Port 2 / Vlan 12 to Port 3 / Vlan 13 and at the same time another test from Port 4 / Vlan 14 to Port 5 / Vlan 15, these to transfer tests will share the 1Gb path to CPU and theoretically your transfer rate will half
The only time you will get HW Offload benefit, is when for example Ports 2 & 3 were in same Vlan, i.e. Vlan 12 as then it does not need to route between vlans via CPU and access directly on Layer 2 between devices, just being switched
Hope it make sense
...
I do have another issue. Now I can't add a VLAN to an interface including the bridge. I can't put the untagged trunk port in the bridge on the upstream router, and I can't add a VLAN to the bridge...
Can you post your config? i.e. export hide-sensitive