Great thread. I have an additional question. The great thing about using an MX in NAT mode with two WAN connections is that it can detect quality problems and failover traffic (i.e., not just a route hard down, but the preferred path having bad loss, jitter, delay). If you set up MPLS connections on the LAN side, you do not get this feature, as far as I've been able to discover. Can you possibly confirm if this Is accurate? If you set up the MPLS connections as WAN connections with AutoVPN, you *would* get this behavior (especially desirable for VoIP). However, the link you provided uses the one-armed-concentrator model of auto-VPN, which will eliminate the abiltiy to use the link tracking quality failover feature on the HQ side. Is there some reason that the HQ end cannot also terminate the VPNs on WAN interfaces of a large MX operating in NAT mode?
... View more
