Hi Slightly confused why would I need a vlan . if its on the same router. I had thought vrf was a way of segregating routing tables. So my routes in /ip route marked with router-mark = vrf1 would belong to vrf1. I'm looking at this http://wiki.mikrotik.com/wiki/Manual:Virtual_Routing_and_Forwarding I think I get the routing table, I add in the route-mark attribute to assign a route to a vrf. How to I associate an interface to a VRF, or do I use firewall mangle and mark then with routing-mark, But in the example they talk about /ip vrf ... I don't have that on my ccr ? what package to I need to install ? Plus can find vrf interface in http://wiki.mikrotik.com/wiki/Manual:Interface A -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Paul Julian Sent: Friday, 21 October 2016 11:43 AM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Question Looks pretty straightforward Alex, now reason you can't use your AS for iBGP as well though. If you need to go between the VRF's just setup a vlan and route between them as required, we do this for management of customer VRF's so we have a leg in for monitoring etc. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad - Yieldbroker Sent: Friday, 21 October 2016 11:28 AM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] Question Hi I am looking at consolidating some Virtual routers installs into physical ccr1036 (&72) Current my vm's handle public internet and private p-t-p links. My thought was to use VRF to isolate the routing tables on the new consolidated ccr's. I am presuming all the interfaces that where the old private would get tagged with a vrf tag=??? And all the internet packet would get tagged with a different vrf tag. On the router I would have these interfaces A) Internet - B) Private - C) FromInside. I want to allow C to A or B and A to C or B to C. but never A <=> B (don't want to act as a transit). On B I am using bgp to clients and on A I am using BGP to ISP's. I was going to use a private BGP AS for the private links and not to mix it with my public AS on the internet. This sounds like stock standard stuff. Any gotchas to look for ? A _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au