As a novice but very keen MikroTik user & advocate, I agree with Ulrich that it would be very helpful to simultaneously show the commands appearing in Winbox. I learnt something new too and love these short training videos :)

Probably a good idea, luckily most of the time "IP/address/" is located under IP menu and then under address.. sadly this is not always the case if i recall correctly. and not all functionality has a GUI, can't recall any specific one's just remember there being some.

It's because the girl is Russian :)

@@user-wr6hr6ve9n I understood that:)

also looking forward to that but in the meantime - check out "The Network Berg" he has some pretty impressive videos about BGP and VRF on mikrotik

Still have bugs , reported but progress so slow

Plenty of cases where this can become a problem. If two companies merge is the most common. Also, if you're providing a WAN service to multiple customers, you'll often find that many of them have a LAN range of 10.0.0.0/24 or 192.168.0.0/24. This allows you to have that configuration that would otherwise conflict. A real-world example for you. A customer was bought by another company. For a while we hosted a couple of their servers that were previously at their main site so that their branch office could continue to access them. Those servers were on 10.0.0.0/24 and would have clashed. We were able to run their hosted servers in a VRF and provide access to their branch office via VPN. It can also be useful if you have conflicting routing requirements. I have IPSEC tunnel interfaces from my home office and routes to IP ranges down those tunnels. I don't want those routes to be used by my guest network. I could prevent access with ACLs but that would mean that the guest network wouldn't be able to access those IP ranges at all when they should be able to access them like any public IP. The tunnels give extra access that shouldn't be public. I should point out that these real-world setups are not on Mikrotik setups but the theory should be the same, I believe.

You can use netmap instead of masquearade rule in firewall, the command like: ip firewall nat add action=netmap chain=srcnat out-interface=ether5 src-address=172.111.0.0/24 to-addresses=192.168.1.0/24 Where 172.111.0.0 network addreses is on "client" router and 192.168.1.0 network addreses is on "main" router WAN interface. Manual wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT

no need. fasttrack works with conntrack (it's just a faster conntrack). what would not work with this is a firewall no-track rule, which disables conntrack.

I did the same as in this tutorial. When my device in VRF network ping works, it looks like the Internet works, but if I launch speedtest I have a speed around zero. After I turned off "fast path" it started working normally.

merch.mikrotik.com

Connected routes from the interfaces assigned to the VRF will be installed in the right routing table automatically. If you want to use any services with that IP addresses, please configure vrf for service as well. For example "interface/l2tp-client/set vrf=vrf1..."

@@mikrotik i'm happy with your answer

@@mikrotik one more thing, i got interface into vrf and i want to ssh/telnet, i got them on vrf as well, still can log in via vrf, has that been properly implemented?

sooooooon!

@@mikrotik yassss ;)

@Vinsent Levitzky Я в курсе, но я чего то решил что девушка русскоговорящая.. ☺️ В любом случае - молодец! 👍

@Vinsent Levitzky вог первых по акценту, а во вторых ну имя ольга ну явно из снг

@@maxpla1035 К таком невероятно сложному выводу по методу Холмса Вас привело имя Ольга :)))

It means that the gateway will be resolved in the main table

For clarity. It is not mandatory to add @main in case of main vrf, but it is mandatory in case you use other vrfs.

Because that way you know it's the interface on WAN side. Another reason is that in many cases it's not a wan interface but rather a WAN interface list (eg 2 ISP used for failover).

The RB3011 is a software based router. It has no ability to route in hardware. For that you will need a CRS3xx, CRS5xx or a CCR2116 or CCR2216

@@Andrew_Thrift I don't want HWO, V7 tries to applies and it doesn't work.

muito bom mesmo, eu irei replicar o laboratório no EVE-NG, executar os testes e trazer o material aqui pro canal, siga-nos para mais novidades. obrigado

Tem legenda em PT-BR

for provider. no matter what subnets the clients use.

@@michaelklehr7509 Hmmm. Ok… Surely as a provider you give your clients an ip address range for their network to use as the gateway. Doing incoming traffic will be impossible as how will it know which interface to send the traffic to when they are both identical?

@@SirHackaL0t. you don't give your clients an subnet. they have there subnets already and you provide service. if all your clients can have the same subnet, no problem.

@@michaelklehr7509 Well, not sure how it works where you are but my ISP gives me an IP address on their network and my network connects through that using NAT. Problem solved without the need of this. It just seems to be a solution looking for a problem to fix.

@Clive Flint the clients have LOCAL NETS too and these networks mostly are established with some yet set up ranges you for instance play ISP then and need to handle different clients and need to route (e.g. because of IPsec tunnels from sites of your customers) traffic which would overlap on layer 3 with VRFs you could seperate that and also ad RDs to your VRFs!! think of a VRF like a VLAN ... but the VRF operates at layer3 instead like VLAN on layer2! if you don't know what VRF is and what it can do for you - you do not need it

All of these products are available, but the quantities are not as high as they could be. The devices sell out quite fast. When we do release new products, I would suggest to immediately place an order / reservation with the nearest distributor.

@@mikrotik Is it in connection with the chip shortage? That is why I see your products selling for higher prices here in the Philippines.

@@mikrotik I don't even want to know how long I should wait for a replacement device if there is a technical problem like with the current Mikrotik RB5009UPr with poe, which gets stuck in the bootloop due to a cold solder point and only boots when it's over 40 °C. You need to finally fix your supply chain and not always reassure users because it's no use to anyone

@@seantellsit1431 rb4011 breaks after 13 months on shelve doing nothing and 2 months at customer??? What did you do to it to break it so fast!

@@markarca6360 yes, it absolutely is the chip shortage.....and that goes for any electronics.

MikroTik is a Latvian company and we don’t have native English speakers