Which Cisco SD-WAN feature segments traffic into isolated VPNs across the overlay fabric?

The main idea this question tests is how traffic is kept separate in a Cisco SD-WAN environment. VPN segmentation means creating separate virtual routing domains (VRFs) for different traffic streams, tenants, or applications. Each VPN has its own routing table, security policies, QoS, and service settings, so traffic assigned to one VPN remains isolated from traffic in another—even though all use the same physical underlay. This allows multiple customers or apps to share the same network without interference or address conflicts because routes and policies live in distinct VPN contexts. In Cisco SD-WAN, VPNs form the overlay segments, so isolating traffic into different VPNs across the fabric is how isolation is achieved. The other options address different functions: service chaining is about routing traffic through a sequence of services, BFD echo is for quick liveness checks of links, and OMP reflection relates to route distribution mechanics, not segmentation into isolated VPNs.