I have VPN network where all MX devices are configured as Hub(Full Mesh) I want to install a new MX at the primary site and migrate the remote sites one at a time to use the new MX for the same networks. This means I would advertise the same routes from 2 Sites to the VPN. One option would be to move all remotes to Spokes instead of Hub(Full Mesh), but I wanted to see what my options for leaving the sites as Hub and just advertising the same routes from 2 sites in Full Mesh mode? Thanks!
Why do you want to do the migrating one by one? Seems to me you're only making it more complicated as you'll have two routers in your primary site at the same time. That brings questions and issues like, which one will be default gateway, etc.
While it should be a pretty easy job.
This should be a pretty quick job if well prepared.
We want to take a staged approached as apposed to cutting all the site at once to the new MX. I am looking for options that would allow both MX devices to be connected simultaneously. If possible, I would prefer to build a separate VPN cloud as opposed to having just one for the entire org.
You can not have two AutoVPN nodes (spoke or hub) directly attached to the same subnet - the dashboard wont allow you to configure this.
You can have a hub with a stub network connecting to another layer 3 device (such as a layer 3 switch) that uses a static route to the ultimate network - and redistribute that into AutoVPN.
If you use this method, then you can have more than one MX advertise that same route.
However there are caveats. If only uses one of the MXs advertising the route. Also I don't think the failover works in all cases.
To make it really work you need to be using the hubs in VPN concentrator mode, and BGP peer to another layer 3 device, and rely on that to inject the routers into AutoVPN.
All in all - don't do it. Just arrange for 10 minutes of downtime, and cut across to using the new units.