we are currently trying to get a mixture of Hardware LAG, VLAN Tagging and Flowtable Offloading working on our debian12 system using a ConnectX-6 Lx

Creating the HW Lag using the card running in switchdev works like charm.

Creating the VLANs and performing some filtering afterwards gets a bit more complicated. I tried to simply create a tagged version of the vlan and tell the nftable rules to perform some filtering. Thats working fine but seems to run in the kernel/software instead of getting ofloaded to the hardware since the system is running on full load handling the interrupts.

Is there any (recommended) way of building such a setup. Should I use several virtual functions and tag them?

Thank you for posting your query on our community. Please refer to this article on configuring VLAN offload using tc and let us know if it helps - ESPCommunity



the link only points to the starting page of the Enterprise Support Portal.

In the best case I want to offload firewall rules using nftables in combination with flowtables and the offload flag

My vision would be to define a flowtable using something like that:
flowtable f {

hook ingress priority 0; devices = { bond0.123, bond0.124 };

flags offload;


where bond0.123 and bond0.124 are a tagged version of a LACP Bond using the HW LAG functionality of my mellanox cards running in switchdev mode.

To sum up I would like to have several vlans → one bond → mellanox card

From my first tests offloading to the mellanox card it sellf seems to work but the bond in between seems to cause some problems…