Thank you, when MX cannot reach to VPN registry or Meraki Cloud the existing VPN peer over DPLC/MPLS still up normal? It is still up or it had period time-out when MX detect no connection to VPN registry?
The existing connections should stay up, but if they do go down, then they will not re-establish until the access to the Meraki cloud VPN registry has been restored. In our case we can take down our internet access at the main DC and we don't see any interruption to the site-to-site connections over the MPLS.
You mentioned correctly. 1. If we disconnect internet for DC HUB, VPN still up and user traffic still can forward normal. 2. If MX DC HUB and SPOKE use internet the same connection (DPLC or MPLS NAT to Internet the same ISP), it will be retries to Cloud same time. As I notice VPN will be down after 5 minutes after internet connection down. Please correct me if I am wrong.