This is awesome!
You really should celebrate this! Announce on publicity materials.
I didn’t test it yet… (I will do it soon).
VRF parameter It is missing on Winbox, but this is a minor issue…
Congrats!
In general VRF-aware services are pretty cool yes, but we are missing the possibility to have a service working in multiple VRFs (eg vrf=main,mgmt) or just being able to use “all” or “any”.
What will solve your issue is some type of route-leaking between VRFs.
https://help.mikrotik.com/docs/display/ROS/v7+Routing+Protocol+Status#:~:text=Some%20kind%20of,N/A
The service will be attached to a specific VRF, but the routing between VRF will allow communication between those VRFs and then reach that service.
This is the best solution if you need non-blocking performance between VRF.
Another solution to that is a Virtual Tunnel interconecting VRFs (a virtual coffin hook).
Considering we are talking about Management this is the best solution!
With this, we can dedicate an ACL (Firewall Rules) to this interface and protect the box.
Yes, it is possible to use workarounds mentioned by fischerdouglas, but adding support form multiple VRFs is in a TODO list.
Actually, considering other vendors implementations, and best pratices considering the separation between Control-Plane and Data-Plane, Management Services should listen only to one VRF.
Does this mean we can define exactly which interface we want to use for management/monitoring? I’m used to cisco/arista devices where essentially all of that can be done from the mgmt0 interface which can be set on its own vrf, and you can define the source-interface to be used for services like ssh/tftp to upload/download images.
I believe that this “vrf” thing of IP services has to do only with the listeners/sockets of services.
I don’t think this is related to the source ip/interface of communications outgoing from router-os.
Those services are servers, so yes settings are for listeners.
For client side tools, that also could be executed on RouterOS has their own parameter, like
/system/telnet 1.1.1.1 vrf=my_mgmt
The multi VRF support would be great.
Has anyone successfully accessed the management from a different VRF using the route leaking workaround ?
I see a lot of scenarios where it is cool to have multi-vrf.
Sometimes it is just nice to have the possibility to manage a device “in-band” and “out-of-band” for example.
Or think of the deployment of a redundant connected CPE (combining DSL and LTE in two VRFs). Very nice too, being able to manage the device on both links if one fails. 
Any ETA here? Doing staging using “remote hands” it is often very anoying if one has to switch VRFs all the time. And as you often have a “chicken and egg problem” you need to use two services (e.g. ssh and winbox).
It would be very cool if “all” would be the default setting and the you could just change to the VRF (usually MGMT) where you need the service when going into production.
Me too… multi VRF support requested, come on
in version 6 it worked after updating to version 7, I could not do it
i tried leaking and marking