diff --git a/src/components/NavigationDocs.jsx b/src/components/NavigationDocs.jsx
index 81cf14ea..54ae9643 100644
--- a/src/components/NavigationDocs.jsx
+++ b/src/components/NavigationDocs.jsx
@@ -107,6 +107,7 @@ export const docsNavigation = [
{ title: 'Configuring default routes for Internet traffic', href: '/how-to/configuring-default-routes-for-internet-traffic' },
{ title: 'Configuring routes with access control', href: '/how-to/configuring-routes-with-access-control' },
{ title: 'Resolve overlapping routes', href: '/how-to/resolve-overlapping-routes' },
+ { title: 'New network concept (WIP)', href: '/how-to/new-network-concept' },
]
},
{
diff --git a/src/pages/how-to/new-network-concept.mdx b/src/pages/how-to/new-network-concept.mdx
new file mode 100644
index 00000000..10f3da64
--- /dev/null
+++ b/src/pages/how-to/new-network-concept.mdx
@@ -0,0 +1,232 @@
+# New Network concept
+
+On `v0.35.0` we've introduced a new concept for the Network object, where we've consolidated everything in the same place.
+
+You can now create a **Network** which contain access to other resources, such as single IP addresses, full subnets addresses and domain names. This new concept allows you to manage all the network configurations in a single place, making it easier to manage and understand your network resources.
+
+## Concepts
+### Networks
+Networks allow you to group multiple resources in the same location. You can create a network and add multiple resources to it, such as single IP addresses, full subnets addresses and domain names. This is also the place where you can assign routing peers to your network, allowing you to route packets between your NetBird peers and your other networks.
+### Resources
+**Resources** are the individual elements that you can add to a **Network**. You can add single IP addresses, full subnets addresses and domain names to a **Network**. You can attach multiple resources into a Network object and manage them in a single place.
+### Routing Peers
+**Routing Peers** are the peers that will route packets between your NetBird peers and your other networks. You can assign a routing peer to a **Network**, and all the peers connected to this routing peer will be able to send traffic to all the **Resources** in this **Network**.
+
+## Practical examples
+Let's say you your company has 2 Office locations, one in Berlin (subnet `10.10.0.0/16`) and another in London (subnet '10.20.0.0/16'), a database running on a AWS EC2 instance, with internal IP address of 172.20.0.46 (inside VPC subnet `172.20.0.0/22`) and finally a domain name `intranet.mycompany.com` that you want to route through a specific location.
+
+In order to create a network that contains all these resources, you'll need to make sure you have at least one NetBird peer in each of your locations; these peers will be assigned as routing peers to your **Network**.
+{/*
+
+NetBird provides fast and reliable end-to-end encryption between peers in your network. You can install the agent on every desktop, VM, container, or physical server and have a fast, secure peer-to-peer mesh network. That is the desired configuration, but some cases do not allow for agent installation or can slow down migration from legacy systems:
+
+- Side-by-side migrations where part of your network is already using NetBird but needs to access services that are not.
+- Systems that have limited operating system access. e.g., IoT devices, printers, and managed services.
+- Legacy networks where an administrator is unable to install the agent on all nodes.
+
+In these cases, you can configure network routes assigning routing peers to connect existing infrastructure. Routing peers will forward packets between your NetBird peers and your other networks; they can masquerade traffic going to your data centers or embedded devices, reducing the need for external route configuration and agent installation.
+
+
+
+
+
+
+ If you want to see the Network Routes feature in action, try our managed version at https://app.netbird.io/routes.
+
+ It's free and simple! :)
+
+
+## Concepts
+### Network routes
+A network route describes the network you want to connect with your NetBird peers. It has an identifier, a network range or list of domains, a routing peer, and some parameters available for managing priority and masquerading.
+
+
+ Network routes are available in NetBird [v0.9.0](https://github.com/netbirdio/netbird/releases) or later.
+
+
+#### Network identifiers and ranges
+Network identifiers are names for each network you want to route traffic from your peers, and ranges are IP ranges declared in CIDR notation which refers to an external network. The combination of identifiers and these ranges makes a single network.
+#### Routing peer
+A routing peer is a peer that routes packets between your routed network and the other NetBird peers.
+
+ Only Linux OS machines can be assigned as routing peers.
+
+#### Routing group
+A routing group is a set of routing peers. Each will route packets between your routed network and the other NetBird peers.
+
+ Only Linux OS machines can be assigned as routing peers.
+
+#### High availability routes
+A highly available route is a combination of multiple routes with the same network identifier and ranges. They have different routing peers or routing peer groups offering highly available paths for communication between your peers and external networks.
+Nodes connected to routing peers will choose one of them to route packets to external networks based on connection type and defined metrics.
+#### Masquerade
+Masquerade hides other NetBird network IPs behind the routing peer local address when accessing the target Network range. This option allows access to your private networks without configuring routes on your local routers or other devices.
+
+If you don't enable this option, you must configure a route to your NetBird network in your external network infrastructure.
+
+### DNS Routes
+An alternative to specifying a network range directly is to use DNS routes. Instead of adding the network directly, you can add multiple domains in a route that will be dynamically resolved on the client. The resolved IP addresses for these domains will be added as routes. For example, a network administrator can ensure that traffic to `website.com` or `api.website.com` is routed through a specific machine. So they configure DNS routes for these domains instead of specifying the IP ranges.
+
+By default, DNS routes are resolved every 60 seconds. You can adjust this interval using the `--dns-router-interval` flag:
+
+
+```bash
+netbird up --dns-router-interval 30s
+```
+
+Additionally, a keep routes switch is enabled by default.
+
+
+
+
+
+When the keep routes switch is on, and a domain no longer resolves to an IP address, the corresponding route will still be maintained (and any new resolved IP addresses will be added).
+If the switch is off, the routes will be replaced with the newly resolved IP addresses.
+
+The purpose of the keep routes functionality is to retain previously resolved routes after IP address updates, in order to maintain stable connections. For example, long-running connections to an IP address that are still valid even if the DNS now resolves to a different IP address (e.g., DNS-based load balancing).
+
+
+
+ DNS Routes are available for NetBird [v0.28.0](https://github.com/netbirdio/netbird/releases) or later.
+
+
+
+ Currently, wildcard domains are not supported for DNS routes.
+
+
+### Metric and priority
+Metric defines prioritization when choosing the main routing peer in a high availability network. Lower metrics have higher priority.
+Outside of high availability routes, the metric has no effect.
+
+
+### Distribution groups
+Distribution groups define that peers that belong to these groups set in this field will receive the network route.
+
+ It doesn't remove the need for the routing peer to be connected to these peers
+
+
+### Access Control Groups
+These groups provide granular control over internal services within your network. They are used as the destination
+groups in access control policies, allowing you to precisely define which internal services can be accessed by
+different network entities.
+
+When you associate these groups with specific routes, the routes will inherit the access control policies where
+the groups are defined as part of destination groups. This setup enforces access restrictions based on the policies,
+ensuring that only authorized traffic can reach the designated services.
+
+Routes that do not incorporate these groups will permit unrestricted access, allowing all traffic to pass through
+without any limitations.
+
+## Managing network routes
+A network route describes a network you want to connect with your NetBird peers. It has an identifier, a network range, a routing peer or set of peer groups, and some parameters available for managing priority and masquerading.
+
+### Creating a network route
+Access the `Network Routes` tab and click the `Add Route` button to create a new route.
+That will open a route configuration screen where you can add the information about the network you want to route:
+
+
+
+
+Now you can enter the details of your route.
+In the example below, we are creating a route with the following information:
+
+- Network identifier: `aws-eu-central-1-vpc`
+- Description: `Production VPC in Frankfurt`
+- Network range: `172.31.0.0/16`
+- Routing peer: `ec2-demo-node`
+- Distribution Groups: `All`
+
+
+
+
+
+
+Once you fill in the route information, you can click on the `Add Route` button to save your new route.
+
+
+
+Done! Now every peer connected to your routing peer will be able to send traffic to your external network.
+
+### Creating a network route with routing group
+You can use a peer group to automatically add any Linux peers from the groups as routing peers. To do so, follow the steps above but select the `Peer group` tab.
+Ensure that the peer groups have Linux peers, as traffic routing is only supported on Linux machines.
+Groups with multiple peers automatically provide [high availability routing](#high-availability-routes).
+
+
+
+
+
+Once you fill in the route information, you can click on the `Add Route` button to save your new route.
+
+
+
+
+
+Done! Now every peer connected to the peer member of the groups will be able to send traffic to your external network.
+
+### Creating highly available routes
+To avoid a single point of failure when managing your network, we recommend installing NetBird on every resource. However, when running NetBird on every machine is not feasible, you still want to ensure a reliable connection to your private network. The NetBird Network Routes feature has a High Availability (HA) mode, allowing one or more NetBird peers to serve as routing peers for the same private network.
+
+There are two options to enable HA routes:
+1. Use a peer group with more than one peer in it.
+2. Add more individual peers to the route.
+
+The first option is covered [above](#creating-a-network-route-with-routing-group).
+
+To enable the high-availability mode by adding individual peers, click on `Add Peer` in the High Availability column in the Network Routes
+table and select a peer in the `Routing Peer` field. Then select the `Distribution Groups` and click on `Add Route`. This
+routing configuration will be distributed to machines in the selected groups `Distribution Groups`.
+
+In the following example, we are adding the peer `aws-nb-europe-router-az-b` to the `aws-eu-central-1-vpc` route:
+
+
+
+
+
+This way, peers connected to `aws-nb-europe-router-az-a` and `aws-nb-europe-router-az-b` will have highly available access to the `172.31.0.0/16` network.
+
+
+
+
+
+
+ The number of routes that form a highly available route is unlimited.
+ Each connected peer will pick one routing peer to use as the router for a network.
+ NetBird agent bases this decision on metric prioritization (lower the metric, higher the priority) and connection attributes like direct or relayed connections.
+
+
+### Apply different routes to peers with group attribution
+You can select as many distribution groups as you want for your network route.
+Peers that belong to the specified group will use the route automatically to connect to the underlying network.
+
+Remember to link groups to peers that need to access the route and, if required,
+add access control rules ensuring connectivity between these peers and the routing peers.
+
+In the following example (see column `Distribution Groups`), peers that belong to the group `berlin-office` will use
+the `aws-nb-europe-router-az-a` routing peer to access the `aws-eu-central-1-vpc` network.
+While peers that belong to the `london-office` group will use the `aws-nb-europe-router-az-b` routing peer.
+
+
+
+
+
+### Routes without masquerading
+If you want more transparency and would like to manage your external network routers, you may choose to disable masquerade for your network routes.
+In this case, the routing peer won't hide any NetBird peer IP and will forward the packets to the target network transparently.
+
+That will require a routing configuration on your external network router pointing your NetBird network back to your routing peer.
+This way, devices that don't have the agent installed can communicate with your NetBird peers.
+
+
+
+
+
+## Get started
+
+
+
+
+- Make sure to [star us on GitHub](https://github.com/netbirdio/netbird)
+- Follow us [on Twitter](https://twitter.com/netbird)
+- Join our [Slack Channel](https://join.slack.com/t/netbirdio/shared_invite/zt-2utg2ncdz-W7LEB6toRBLE1Jca37dYpg)
+- NetBird [latest release](https://github.com/netbirdio/netbird/releases) on GitHub */}
+
+
+
+
+
+
+
+
+
+
+