VRRP Active-Active

VRRP Active-Active mode allows you to have two active VRRP masters in conjunction with MLAG by applying an ACL on the ISC links in order to block VRRP updates.

When you configure VRRP with MLAG, you have the option to make VRRP operate in active-active mode. For MLAG peers to operate in VRRP active-active mode, configure the following ACL on both ends of the ISC link.

entry vrrp-act {    
if match all {    
    destination-address 224.0.0.18/32 ;   
} then {    
    deny ;   
       }    
}

There are two caveats that you need to be aware of that are illustrated in VRRP Active-Active :

An ARP request from 10.0.0.4 results in duplicate ARP replies (one from each MLAG switch).
For this to work correctly, you have to configure the virtual IP address to be a different address from either of the MLAG peer interface addresses. When an MLAG switch generates an ARP request it uses the vMAC instead of its own switch MAC, and the response (if the reverse path hashing chooses the other MLAG switch) is consumed by the peer MLAG switch.