So I've got a branch office connected by an ISP provided leased L2. The layer 2 circuit is connected to my core MS350 stack (secondary - port 17) on the HQ side, and to an MS250 switch on the branch side.
MX400pair(HQ) ------------> MS350stack(HQ)-------ISP Leased line transit network------>BranchMS250
Are there any best practices here for uplink port configuration at either side? STP vs RSTP? Loop/rootguard etc.
I hate to answer a question with a question but is your telco provider limiting you to L2 or do you just have the switches and switch ports configured that way? Even if you don't need it now, I would go L3 in case you need to add another VLAN in the future, or if you want to put ACLs on either side.
Of course if the telco is limiting you to L2 for whatever reason then you don't really have a choice. Although I don't know any reason they'd do that, if they are dropping off straight Ethernet. Which, if you have the circuits plugged directly into your switches, it seems they are handing you off straight Ethernet.
>Are there any best practices here for uplink port configuration at either side? STP vs RSTP? Loop/rootguard etc.
Stick with RSTP. It is better in everyway compared to STP. You only have a single link between the sites, so the situation is simple.
I would lower the spanning tree priority on your core switch to make sure it is the root of the spanning tree.