Hello:
Answers to your questions:
1 - Yes, you can use different VR's for traffic from the Core Switch to the Server Farm Switch. The only caution is making sure that the traffic is mutually exclusive. While there are many VR's, there is only one subscriber. If the IDP subscriber sees the same traffic twice, it will think it is malicious traffic and drop it.
As far as seperating the traffic, you can create rules based on Zone, VLAN, SRC/DST IP addresses/networks, etc
2 - Yes, since the IDP is inline for traffic, it can be a bottleneck. I don't know which IDP you are using, but if it is an IDP-8200, it supports around 10Gb of traffic, but with the "Recommended" policy. Any differing policy becomes an X-factor, and differing what the IDP can handle. Remember that 10Gb/s is total traffic, not per VR. So if you are processing traffic on two VR's, be aware that the IDP can handle only the total of both VR's.
regards,
BR