Looks pretty straightforward Alex, now reason you can't use your AS for iBGP as well though. If you need to go between the VRF's just setup a vlan and route between them as required, we do this for management of customer VRF's so we have a leg in for monitoring etc. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Friday, 21 October 2016 11:28 AM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Question Hi I am looking at consolidating some Virtual routers installs into physical ccr1036 (&72) Current my vm's handle public internet and private p-t-p links. My thought was to use VRF to isolate the routing tables on the new consolidated ccr's. I am presuming all the interfaces that where the old private would get tagged with a vrf tag=??? And all the internet packet would get tagged with a different vrf tag. On the router I would have these interfaces A) Internet - B) Private - C) FromInside. I want to allow C to A or B and A to C or B to C. but never A <=> B (don't want to act as a transit). On B I am using bgp to clients and on A I am using BGP to ISP's. I was going to use a private BGP AS for the private links and not to mix it with my public AS on the internet. This sounds like stock standard stuff. Any gotchas to look for ? A _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au