I wanted to bounce an idea off of the community regarding the security of VRFs. I am looking to deploy 3 routers with switches modules built into them at three different physical locations. These locations are maintained by a single third party who is advising their network team to create a VRF lite domain to link these routers together. My question is we are looking at having this third party use VRF to maintain a routing domain for use to link our equipment together at these 3 physical location, while utilizing their existing network routing infrastructure. From my understanding VRF will be able to do this no problem, however I am concerned with securing my data as it traverse the VRF built by the third party. What is preventing them from eaves dropping on our traffic? Should I be IPSEC'ing the traffic on each of my 3 routers "VRF"-edge interface? Are there any other security practices applicable to this type of scenarios?
Thanks all!
