We make extensive use of VRFs to segregate subnetworks according to the network policies in effect. Subnetworks within a VRF can communicate (fairly) unfettered, but to cross between VRFs traffic has to (normally) pass through a policy device. VRF-Lite merges all of the information into a common set of tables, but in a full VRF network things like the ARP and Routing tables are completely segregated by the routing instance. This allows traffic to get high-speed routing between networks with a common security profile, and consistently apply the right set of policy devices.
Here is an sample of some of the VRFs we operate ( from a Juniper router)
SNMPv2-SMI::enterprises.2622.214.171.124.126.96.36.199.2.97.99 = STRING: "ac"
SNMPv2-SMI::enterprises.26188.8.131.52.184.108.40.206.2.102.110 = STRING: "fn"
SNMPv2-SMI::enterprises.26220.127.116.11.18.104.22.168.2.114.104 = STRING: "rh"
SNMPv2-SMI::enterprises.2622.214.171.124.126.96.36.199.2.117.119 = STRING: "uw"
SNMPv2-SMI::enterprises.26188.8.131.52.184.108.40.206.220.127.116.11.116 = STRING: "mgmt"
SNMPv2-SMI::enterprises.2618.104.22.168.22.214.171.124.126.96.36.199.116 = STRING: "test"
SNMPv2-SMI::enterprises.26188.8.131.52.184.108.40.206.220.127.116.11.118 = STRING: "uwtv"
SNMPv2-SMI::enterprises.2618.104.22.168.22.214.171.124.126.96.36.199.112 = STRING: "voip"
SNMPv2-SMI::enterprises.26188.8.131.52.184.108.40.206.220.127.116.11.105 = STRING: "wifi"
So, when a router is in MPLS mode some of the tables are global, others may be scoped by router instance, as described in this document:
To access the ARP tables for the ac routing instance then the snmp community is 'ac@community'
I'd like UDT to be enhanced to maintain a list of VRFs to scan for ARP data, and prepend vrf@ to the community when retrieving data separated by instance.