It was support that indicated we are exceeding the limit of flows the MX can handle - I haven't found a way to verify/monitor the overall flows on an MX. The symptoms that initiated the support request was extremley high latency and packet loss. ... View more

Thank you for the replies.   @ww  If I understand correctly, the secondary MX would be creating a longer AS Path to cause the primary MX to be chosen as the route to a spoke network. All MXs are in a single AS as they are all part of the same organization, would this work with more than 2 MXs as there would only be two AS numbers?   @alemabrahao  I have reviewed the BGP page and understand these statements, however, the following is not clear when we introduce multiple MXs. MX 1 and MX 2 will both have identical local networks as they are providing connectivity to the same DC. Will this be permitted to add the same local networks on multiple MXs? (I know this is prevented when an MX in routed mode exists in the organization). Would this be required to have them added this way as these routes will be shared through BGP anyway? A one-armed VPN concentrator will advertise local networks which are not directly connected and are configured on the site-to-site VPN settings page via iBGP, but not via eBGP to external peers   @PhilipDAth  The MX models are MX 450 with about 120 spoke sites. The limitation is the number of flows (500k), tunnels, traffic, etc. are not close to becoming an issue. ... View more