I want to mention the reason why woul dany1 use dot1q encapsulation for VRF.
for example you have a core router which connect sto Metro ethernet service using 10 gig interface.
the metro ISP will form layer 2 connectivity between your core PE route and tons of customers.
now, e ach customer shouldn’t be able to communicate with another one through the same L2 service so each customer has its own VLAN as teh service access point (SAP) to the L2 metro ISP.
usually the customers will be connected via E-PIPE AKA VPWS or VPLS, depends on your network redundancy so the Metro ISP would look invisible for your PE router and your customer (L2 VPN).
so you will assign on that 10 gig port different vlans for each customer and some of them might want to have some L3 seperation using VRF with some far office on the other side of the world, while they are also seperated in the L2 metro which you as an ISP shouldn’t care about because it is different service to acomplish the same achivement.
int that case you should have vrf instance toward the 10gig interface that encapsulate only thet vlan data of that particular customer while other customers wouldn’t have to bother you with vrf and so you will configure them just with the regular dot1q encapsulation