Hi Darren, After a brief overview regarding our use cases, we will deploy MX105 in Routed mode. In the very close future we will not have any Edge devices - just ISP router and C3850 as L3. All the subnets from C3850 should be migrated to MX105 (planned downtime) leaving C3850 only as a L2 switch terminating access switches. MX105 will act as a Hub, while remote branches as a Spokes. In this case we can achieve IoT and Guest networks setup and FW rules on MX105. In case of passthrough mode packets are not translated and we will have no other edge device than ISP not-managed router, if we connect MX105 to the LAN side behind C3850 it will just forward traffic from DC server --> C3850 --> ISP router. This is not the best design. C3850 should do its job switching packets, MX105 should do its job routing packets. Between C3850 and MX105 i see just routed port /30 with C3850 having 0.0.0.0 route towards MX105. Also we need to statically NAT two servers (cannot do this on C3850) plus our ISP is giving us public IP which we are unable to NAT without NAT-capable appliance.. I hope it does make sense to you.
... View more
