I am looking for  the upgrade process not an RMA operation.

Do MX250 auto port channel?

My current implementation is poor so I want to move to the best practices model

MX250 Active / standby

Each MX240 connected to port channels on a stack of MS410.

I believe I basically need each MX DOT1Q do the MS for the TRUST/INTERNAL SVI

Each ISP on an access port on the MS with its own VLAN ISP1 and ISP2 then plugged into each MX so that the VRRP for the Virtual is heard  across those vlans. for the UNTRUST/EXTERNAL.  Right now we are using a small netgear for this which is not desired.

I will need to prune those VLANS off the MX to MS Trunk I believe.

@JED2021, what you are intending to do is mostly achievable, but there are a few point to note:

• The MX does not support port-channel/LAG/LACP (or whatever you want to call it). The recommended approach is a connection from each MX to each of the switches in the stack and rely on STP to ensure ports are blocked appropriately so no Layer 2 loops are created.
• You can certainly bring your ISP connections through the MS410 stack and back onto the WAN port of the MXs, keeping each one in its own VLAN and using access ports (and remove the VLANs from the trunks), but it will likely mess with your traffic and statistics on the Dashboard (all depends how much you use them). You might want to keep the separate switch(es) for the WAN links, upgrade them if you want and consider putting them in a separate network if you use Meraki switches.
• VRRP does not run on the WAN ports of the MX. If you have a VIP configured the active MX will own the VIP for the WAN connection, but there is no VRRP running between the MXs on the WAN side. VRRP runs on the LAN side only - Layer 2 heart beats are sent over every VLAN configured on the MX, and the active MX owns the Layer 3 IP addresses for all the VLANs; the inactive MX has no IP addresses on the VLANs.

If. no VRRP on the wan weeks / VIP configuration then what is the specified requirement to have a separate broadcast domain for ISP1 plugged into both MX and ISP 2 needs a broadcast domain and plugged into both MX?

@JED2021 you don't have to have a shared broadcast domain across both the WAN1 interfaces (or both the WAN2 interfaces) in a HA configuration for routed/NAT mode, you only need that if you run a VIP, and you don't have to have a VIP. (A VIP is only a necessity in a HA VPN concentrator configuration).

You can run HA with ISP1 to WAN1 on the active MX, and ISP2 to WAN1 on the standby MX, and it all works fine. ISP2 is only used for telemetry from the standby MX, there is no traffic using it unless a failover occurs. You can only configure the WAN1 bandwidth once for both the active and standby MX, so either the ISP services should be similarly sized (or use WAN2 on the standby, so WAN2 is empty on the primary MX and WAN1 is empty on the secondary MX). And, if you don't have a VIP, when a failover occurs all current sessions have to be reinitiated, and all VPN tunnels rebuilt (because of the IP address change), but that doesn't take long.

The current pair of MX84 are

Primary Master

Spare Passive ready

Both WAN ports are active and do have traffic

We have client VPN and Generic 2 VPNs to a cloud provide.  We would like to add a second pair of VPNs off the ISP2.

This is what it is (. do not get confused that our of coincidence the 4th octet is the same for different ISPs,  Maybe just luck)

CARRIER A assigned A.A.A.64/29

CARRIER A assigned B.B.B.64/29

MX84 SMMARY Screen

General
PUBLIC IP. A.A.A.66
WAN 1
TYPE IPV4
CONFIGURED AS VIRTUAL
STATUS ACTIVE
IP ADDRESS A.A.A.66
VIRTUAL IP. A.A.A.67
GATEWAY A.A.A.65

WAN 2
TYPE IPV4
CONFIGURED AS. VIRTUAL
STATUS. ACTIVE
IP ADDRESS. B.B.B.66
VIRTUAL IP B.B.B.67
GATEWAY B.B.B.65

https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair

I am moving toward a core pair of MS devices in stack with aggregation switches connected via port channels  for  floors in the building

I am using a VIRTUAL IP currently and thise VIRTUAL IPs connect to VPNS at a cloud provider.

NOTE

• and behave appropriately.

Additionally, the following other considerations should be kept in mind:

• If a virtual IP is being used, then each uplink of the two MXs must share the same broadcast domain on the WAN side.

QUESTION.  What protocol do the the MX use on the WAN side?

On the WAN side the MX just uses Ethernet (for Link Layer) and TCP/IP (for Network Layer) - that's basically it, there is no VRRP or anything else at these Layers.