Securing network segments
For more complex networks, multiple VRFs can be created to segment the network and provide a boundary layer between those segments.
Traffic will not traverse between VRFs unless explictly allowed.
VRFs can include multiple VLANs and layer 2 and layer 3 networks
By default VLANs within the same VRF will have access to each other, but access rules can be created to block or allow traffic between them as necessary dependant on the security policies required.