By default it seems that hardware offloading for 802.1q frames, breaks XDP to see and thus forward them to the correct place. Disabling it fixes it...
The VyOS instance will still be able to ping/generate frames to send onto devices within those networks, but frames being routed by XDP disappear.
# sudo xdp_stats -d eth3 Collecting stats from BPF map - BPF map (bpf_map_type:6) id:89 name:xdp_stats_map key_size:4 value_size:16 max_entries:5 XDP-action XDP_ABORTED 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:0.250128 XDP_DROP 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:0.250130 XDP_PASS 233320526 pkts ( 2970 pps) 15915955 Kbytes ( 1 Mbits/s) period:0.250135 XDP_TX 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:0.250141 XDP_REDIRECT 1269 pkts ( 0 pps) 84 Kbytes ( 0 Mbits/s) period:0.250147 XDP-action XDP_ABORTED 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:2.000229 XDP_DROP 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:2.000235 XDP_PASS 233326590 pkts ( 3032 pps) 15916331 Kbytes ( 2 Mbits/s) period:2.000235 XDP_TX 0 pkts ( 0 pps) 0 Kbytes ( 0 Mbits/s) period:2.000236 XDP_REDIRECT 1269 pkts ( 0 pps) 84 Kbytes ( 0 Mbits/s) period:2.000237 # sudo ethtool -k eth3 | grep vlan rx-vlan-offload: on tx-vlan-offload: on # ethtool --offload bond0 rxvlan off txvlan off # sudo ethtool -k eth3 | grep vlan rx-vlan-offload: off tx-vlan-offload: off
XDP_REDIRECT will no longer increment and hosts will receive frames as expected again.