I wanted to follow up on this since I made some progress. I was able to delete the 1 gigabit connection in the console, which then allowed me to configure the 10 gigabit NIC and get the kind of performace I would expect, which felt like a big deal after so long. I hate to say this, but in the GUI the fact there was an alias assigned on the NIC made me think I had configured it as static IP (I thought that's what an alias *meant*). But when I clicked through, it was still DHCP. I had tried a few times to set it to static IP, but for whatever reason it wasn't sticking and I needed to nuke it from the console - wish I'd done that months ago! I thought I was diligent about clicking the multiple confirmations when changing settings, but who knows?
I did attempt to implement a VLAN on the firewall and switch for a separate subnet that would allow preserving the 1 gigabit connection, but I did not get it working smoothly at all. So I'll come back to that some other time.
I'm also temporarily just using the 2x 10 gigabit ports directly on the main Mikrotik CRS328 switch, but will add back in the 4x 10gigabit switch now that the main issue is solved.
After some tuning, using NFS I'm getting a ~850/950 megabytes/sec read/write on the Mac, and ~1 gigabyte/sec read on Linux (need to test write with fio, expecting the same-ish). This is with a combo of fio tests on both, and Blackmagic Disk Speed test on the Mac. The fio test file size was larger than my 128GB RAM so I don't think ARC caching would skew results, but I do also have 2x1TB striped NVMe for L2 ARC. Basically, speeds are in line with what I would have hoped from a single 10 gigabit NIC.
I have managed to mess up my permissions though, but that is going to have to be a separate thread if I can't figure it out. I wanted to see if I could use the WiFi bridge connection included with the firewall to connect to the NAS via NFS without needing the wired 10G connection, if I just wanted access without concern for performance. However, connecting from the Mac wirelessly didn't work out the box, but after some ACL shenanigans it was working - only for me to realize I could no longer modify files. So considering I'm the only user, I'm just going to figure out how to reset/create new users, shares, and ACLs. To be honest, I kind of ignored ACLs because I thought they were not an issue for NFS as in my mind every client was root.
Finally, I think I made a mistake when I initially was setting Scale up by sharing the root level of my pool as my NFS share. So when I mount it on a client, the ix-applications folder is also shared. I did not read that this was a no-no for NFS, but that it is for SMB. However I notice that the share permissions at pool root level are all very stripped down and are basically root, so I think I need to shift the NFS share to a child folder where I get the full edit options.
Overall, I only have one project on the NAS right now and I'm the only user, so it will not break too much if I end up needing to change what is currently my only share mount path.