A lot of engineers when they hear Virtual Routing and Forwarding (VRF’s) they think MPLS VPN’s and associate it to a Service Provider feature. Although VRF’s are widely used with MPLS in SP environments, in today’s networks, a lot of companies will opt to use the VRF feature alone in order to obtain L3 isolation. Similar to VLAN’s that isolate broadcast domains at L2, VRF’s (also called VRF-lite) isolate routing information at L3 by creating local virtual routing tables.
The main reason, that I’ve personally implemented VRF’s in networks, was in order to join several private overlapping address topologies. Even though VRF-lite is only locally significant, GRE tunnels can be used to extend VRF information. In fact, you can make a GRE tunnel VRF-aware with the use of the “tunnel vrf <vrf name>” command. While VRF’s offer a layer of security by isolating routing information locally, it does not offer any kind of security when passing data from one point to the other of the network, and for that reason, I would always suggest coupling GRE tunnels with IPSEC.
A common misconception I’ve heard from network engineers is that since a network is already using VRF’s you might as well implement MPLS to increase the forwarding speed of the network. This is a bogus argument as with CEF enabled on all routers, MPLS will not offer any speed increase at the forwarding level. In fact, you will lose speed as the overhead of the MPLS + IP calculation factor will make your forwarding decision process a little slower. It’s very important to note that MPLS and VRF are two different separate technologies that aren’t interdependent of each other at all but rather compliment one another in certain situations.