Consider a global e-commerce platform serving customers across six continents. During peak shopping events, traffic can spike 100x normal levels within minutes. A single active server—even with a standby ready—cannot handle this load. The company needs every server working simultaneously, sharing the traffic, each capable of handling any request from any user.

This is the domain of active-active redundancy: an architectural pattern where multiple nodes simultaneously serve production traffic, each fully capable of handling the complete workload. Unlike active-passive systems where standby nodes sit idle, active-active configurations maximize resource utilization while providing inherent fault tolerance.

But this power comes with complexity. When multiple nodes can modify the same data simultaneously, you introduce the possibility of conflicts. When traffic can arrive at any node, you need mechanisms to maintain consistency. When failures occur, remaining nodes must absorb additional load without dedicated standby capacity.

Active-active redundancy is essential for systems that must scale horizontally while maintaining high availability. Understanding its patterns, tradeoffs, and implementation strategies is critical for any engineer designing systems at scale.

Active-active redundancy, also known as multi-master, multi-primary, or peer-to-peer replication, is a high availability pattern where all nodes actively handle production traffic simultaneously. Each node maintains the full dataset and can serve both read and write requests.

The Core Principle:

Instead of designating one node as primary and others as standby, active-active treats all nodes as equals. Traffic is distributed across all nodes, and any node can process any request. When one node fails, the others continue serving traffic without interruption—there's no failover delay because there's no failover.

Key Characteristics:

• Full read-write capability on all nodes: Any node can accept modifications to the data
• Bidirectional replication: Changes made on one node propagate to all others
• No single point of failure: System continues operating if any subset of nodes remains healthy
• Horizontal scalability: Add more nodes to increase total capacity
• Geographic distribution: Nodes can be placed in different regions for latency optimization

When to Choose Active-Active:

High throughput requirements: When a single node cannot handle write volume, distributing writes across nodes becomes necessary.

Global user base: When users are distributed globally/regionally, active-active allows each region to have a local primary, reducing latency.

Maximum resource utilization: When cost efficiency demands that all provisioned capacity serves production traffic.

Zero-downtime requirements: When even brief failover windows are unacceptable, active-active's instant redistribution is essential.

When NOT to Choose Active-Active:

Strong consistency requirements: Financial transactions, inventory counts, and other scenarios requiring strict consistency are challenging with active-active.

Simple architecture preference: When operational simplicity is prioritized over performance optimization.

Limited engineering resources: Active-active systems require more expertise to design, implement, and operate correctly.

Active-active systems can be arranged in various topologies, each with distinct characteristics for replication, failure handling, and operational complexity.

1. Mesh Topology (Peer-to-Peer)

Every node connects directly to every other node. Changes propagate directly from source to all peers.

• Advantages: Low latency propagation, no single point of failure, simple mental model
• Disadvantages: O(n²) connections as nodes increase, complex conflict resolution
• Best for: Small clusters (2-5 nodes), lowest latency requirements

2. Ring Topology

Each node connects to adjacent nodes in a circular arrangement. Changes propagate around the ring.

• Advantages: O(n) connections, simplified replication logic
• Disadvantages: Higher propagation latency, single node failure affects propagation path
• Best for: Medium clusters, ordered event propagation requirements

3. Star Topology (Hub-and-Spoke)

A central coordinator receives all changes and distributes to all peers.

• Advantages: Simplified conflict resolution at hub, reduced connection count
• Disadvantages: Hub becomes bottleneck and single point of failure for replication
• Best for: Write-light workloads, centralized conflict resolution needs

4. Hybrid Topology

Combines patterns—for example, mesh within regions with ring between regions.

• Advantages: Optimized for specific deployment characteristics
• Disadvantages: Increased operational complexity
• Best for: Large-scale global deployments with varying latency and bandwidth constraints

The defining challenge of active-active systems is conflict resolution. When multiple nodes can modify the same data simultaneously, conflicting changes are inevitable. Consider this scenario:

Time T1: User in NYC updates product price to $99 (Node A)
Time T1: User in London updates same product price to £85 (Node B)
Time T2: Both changes replicate to all nodes
Question: What should the price be?

Without a deterministic conflict resolution strategy, different nodes could end up with different values, violating consistency. Active-active systems must define clear rules for handling conflicts.

Conflict Resolution Strategies:

1. Last-Write-Wins (LWW)

The most recent change (by timestamp) overwrites earlier changes. Simple to implement but has significant drawbacks:

• Requires synchronized clocks across nodes (challenging at scale)
• Silently discards the "losing" write without user notification
• Clock skew can cause newer data to be overwritten by older data
• May violate user expectations (both users think their change saved)

2. First-Write-Wins (FWW)

The earliest change persists; later conflicting changes are rejected. Useful when the first value has special significance.

3. Merge Resolution

Conflicting changes are combined rather than one overwriting the other. Examples:

• Numeric fields: Sum deltas instead of replacing values
• Sets: Union of all additions and deletions
• Text: Operational transformation or CRDT-based merging

4. Application-Specific Resolution

Business logic determines the winner. For example:

• Higher price wins (maximize revenue)
• More recent user activity wins (freshest data)
• Human review required for certain conflict types

Active-active systems introduce fundamental questions about consistency. When data can be modified on multiple nodes simultaneously, what guarantees can we provide about the visibility and ordering of those modifications?

Eventual Consistency

The most common model for active-active systems. All replicas will eventually converge to the same state, but at any given moment, different replicas may return different values.

• Guarantee: Given no new updates, all replicas eventually agree
• Latency: Reads always return immediately with local data
• Tradeoff: Clients may read stale data; writes may conflict
• Use cases: Social feeds, content caching, non-critical counters

Causal Consistency

Operations that are causally related (one depends on the other) are seen in the same order by all nodes. Concurrent operations may be seen in different orders.

• Guarantee: If A→B (A caused B), all nodes see A before B
• Implementation: Vector clocks, Lamport timestamps
• Tradeoff: More complex than eventual, less strict than strong
• Use cases: Collaborative editing, message ordering

Strong Consistency (Linearizability)

All operations appear to occur instantaneously at a single point in time. Reads always return the most recent write.

• Guarantee: Global ordering of all operations
• Implementation: Requires distributed consensus (Paxos, Raft)
• Tradeoff: High latency, reduced availability during partitions
• Use cases: Financial transactions, inventory counts

Choosing the Right Consistency Model:

The choice depends on your application's tolerance for inconsistency:

Use eventual consistency when:

• Temporary inconsistency is acceptable
• Low latency is critical
• High availability trumps data freshness
• Conflicts can be resolved automatically

Use causal consistency when:

• Related operations must be ordered
• Users expect to see their own writes
• Collaboration features require sensible ordering
• Stronger than eventual, lighter than strong

Use strong consistency when:

• Correctness requires seeing latest data
• Financial or inventory accuracy is required
• Conflicts could cause business problems
• Latency and availability can be sacrificed

In active-active systems, distributing traffic across nodes is critical for both performance and failure resilience. The distribution strategy affects latency, resource utilization, and conflict probability.

Geographic Routing

Route users to the nearest datacenter based on geographic location:

• Implementation: GeoDNS, Anycast IP, CDN routing
• Benefits: Lowest latency for users, natural traffic distribution
• Challenges: Data affinity, cross-region conflicts, uneven regional traffic

Key-Based Routing (Sharding)

Route requests for specific data to specific nodes:

• Implementation: Consistent hashing, partition maps
• Benefits: Eliminates conflicts for partitioned data, cache locality
• Challenges: Hot partitions, rebalancing on node changes

Round-Robin Distribution

Distribute requests evenly across all nodes regardless of content:

• Implementation: Load balancer weighted distribution
• Benefits: Simple, even utilization, no sticky sessions
• Challenges: No data locality, higher conflict potential

Workload-Aware Distribution

Route based on request characteristics and node capacity:

• Implementation: Smart load balancers, service mesh
• Benefits: Optimal resource utilization, specialized nodes
• Challenges: Complex routing logic, monitoring requirements

One of active-active's primary advantages is simplified failure handling. Without failover, node failures cause traffic redistribution rather than promotion ceremonies.

Immediate Traffic Redistribution

When a node fails in active-active:

1. Health checks detect the failure
2. Load balancers remove the node from rotation
3. Traffic immediately routes to remaining healthy nodes
4. No promotion, no state transition, no split-brain risk

This process typically completes in seconds versus the minutes required for active-passive failover.

Capacity Planning for Failures

Because active-active has no dedicated standby capacity, you must plan for failures:

N+1 Capacity: Provision one extra node so that if any single node fails, the remaining nodes can handle full load.

N+X Capacity: Provision X extra nodes to handle X simultaneous failures. The value of X depends on your availability requirements.

Automatic Scaling: Cloud environments can auto-scale to replace failed nodes, but this takes time. You need buffer capacity to handle load during scale-up.

Handling Network Partitions

Network partitions are particularly challenging for active-active:

• Nodes on each side of the partition continue accepting writes
• Conflict volume increases dramatically
• Partition detection becomes critical

Strategies for handling partitions:

1. Quorum-based writes: Require majority of nodes to acknowledge writes
2. Partition detection: Reduce functionality during detected partitions
3. Conflict queuing: Queue conflicting writes for manual resolution
4. Automatic healing: Resolve conflicts systematically when partition heals

CockroachDB

CockroachDB implements active-active with strong consistency using the Raft consensus protocol:

• All nodes can accept reads and writes
• Writes are coordinated through Raft for consistency
• Automatic data distribution and rebalancing
• Survives datacenter failures transparently

Amazon DynamoDB Global Tables

DynamoDB Global Tables provide active-active across AWS regions:

• Full read/write capability in all regions
• Last-writer-wins conflict resolution
• Eventually consistent with optional read consistency
• Automatic replication with sub-second latency

Cassandra Multi-Datacenter

Apache Cassandra supports active-active across datacenters:

• Tunable consistency levels (ONE, QUORUM, ALL)
• Last-write-wins with timestamps
• Lightweight transactions for when-needed consistency
• Linear scalability within and across datacenters

MySQL Group Replication (Multi-Primary)

MySQL Group Replication can operate in multi-primary mode:

• All members accept writes
• Certification-based conflict detection
• Conflicting transactions rolled back automatically
• Virtual synchrony for ordering guarantees

Active-active redundancy maximizes resource utilization and enables global scale, but requires careful handling of conflicts, consistency, and capacity planning.

Next Steps:

Active-active provides maximum utilization but assumes homogeneous failure probability. In the next page, we'll explore N+1 redundancy, a capacity planning pattern that explicitly quantifies how much extra capacity to maintain for failure tolerance.