The internal users are users that have an active account in your application. External user could for instance be anonymous users, they do not have an account. And indeed if you want to have more active accounts you need to upgrade your license unless if I recall correctly you have the enterprise license.
Sudden spikes are handled by the platform. As with every platform it is always good to do some load testing on the application that you build. The number of accounts do not have a limit. But the size off your node should grow according to the number of accounts but you can always add hardware to your environment. So you have the standard plans but can upgrade such plan with extra memory, hard drive space or CPU. When you have an on premise license you can offcourse determine your own hardware. And on premis means that Mendix is running on your own server instead of a server controlled by Mendix.
For further questions contact sales of your Mendix partner of Mendix directly.
I was struggeling with the meaning of internal and external users as well, so I called Mendix to elaborate. This is their answer.
Internal users are users with an email address in the company domain, that is an employee working at the company who owns the license. Lets say Google bought the Mendix license, the Mendix user requires an @google.com email address and is then defined as an internal user. External could be other users that access the app, not working at the company who bought the license. Different domain, different email address.
Example. You have a Mendix license for 50 internal and 500 external users. This means you are allowed to have 50 internal users with @google.com email addresses. But then you are not allowed to have external users anymore. If you want to add 40 internal users, you can have an extra 100 external users on this license. If you want 30 internal users, you are allowed 200 external users together. The internal/external ratio needs to be roughly 1/10.