I'm already running bridge based VLAN, but using the pre 6.41 way, one bridge per VLAN, thinking to update that to the new way.
You don't run bridge based VLAN. In ROS, bridge is "kind of a switch". In pre-6.41 times bridge was a "dumb switch" and passed traffic around without regard to VLAN tags, only cared about dst-mac-address. In post-6.41 times bridge (if vlan-filtering is set to yes) became "smart switch" which knows about VLAN tags.
So what you do virtually have is a number of dumb switches, each spanning single VLAN. If you have VLANs configured in /interface ethernet switch
, then most of those "dumb switches" (per-VLAN bridges) don't do much as switch chip does the bulk of work (unless you have some wlan interface part of that bridge in which case the bridge does shuffle traffic to/from wlan interface. Same goes to all other non-ethernet interfaces that might be members of such bridge) [case 1a].
On the other hand, if you don't have anything in /interface ethernet switch
, but instead you have VLAN interfaces defined on each individual ethernet interface (and bridging those vlan interfaces), then all of the traffic already passes device's CPU [case 1b].
In the new way with bridge being "smart switch", all of traffic will pass through bridge (that's device's CPU). [case 2]
I don't think there's a big difference between cases [case 1b] and [case 2] CPU-load wise ... but you might want to test.