--- title: "Active-Active Architecture Patterns: Multi-Region, Data Replication, and Split-Brain Resolution" description: "Deep guide to active-active architecture covering what it actually means to serve production traffic from multiple regions simultaneously, data replication strategies, conflict resolution, split-brain scenarios, session management, CAP theorem tradeoffs, and the real cost of running active-active." url: https://agent-zone.ai/knowledge/infrastructure/active-active-architecture/ section: knowledge date: 2026-02-22 categories: ["infrastructure"] tags: ["active-active","multi-region","high-availability","data-replication","split-brain","cap-theorem","disaster-recovery","conflict-resolution"] skills: ["multi-region-architecture","data-replication-design","high-availability-patterns"] tools: ["terraform","aws-cli","gcloud","az","consul","cockroachdb"] levels: ["intermediate","advanced"] word_count: 1292 formats: json: https://agent-zone.ai/knowledge/infrastructure/active-active-architecture/index.json html: https://agent-zone.ai/knowledge/infrastructure/active-active-architecture/?format=html api: https://api.agent-zone.ai/api/v1/knowledge/search?q=Active-Active+Architecture+Patterns%3A+Multi-Region%2C+Data+Replication%2C+and+Split-Brain+Resolution --- ## What Active-Active Actually Means Active-active means both (or all) regions are serving production traffic simultaneously. Not standing by. Not warmed up and waiting. Actually processing real user requests right now. A user in Frankfurt hits the EU region; a user in Virginia hits the US-East region. Both regions are authoritative. Both can read and write. This is fundamentally different from active-passive, where the secondary region exists but does not serve traffic until failover. The distinction matters because active-active introduces a class of problems that active-passive avoids entirely -- primarily, what happens when two regions modify the same data at the same time. ``` Active-Passive: Users ──> Region A (primary, serves all traffic) Region B (standby, receives replicated data, serves nothing) Active-Active: EU Users ──> Region EU (serves traffic, reads AND writes) US Users ──> Region US (serves traffic, reads AND writes) ↕ bidirectional replication ↕ ``` ## Data Replication Strategies The central challenge of active-active is keeping data consistent across regions. Every approach involves tradeoffs between consistency, latency, and availability. **Synchronous replication** waits for all regions to confirm a write before returning success to the client. This guarantees consistency -- every region has the same data at all times. The cost is latency. A write from US-East to EU-West adds 80-120ms of round-trip time to every write operation. For a checkout flow that does 5 sequential writes, that is 400-600ms of additional latency. Synchronous replication across regions is rarely practical for user-facing writes. **Asynchronous replication** confirms the write locally, then replicates to other regions in the background. Writes are fast (local latency only), but there is a replication lag window where regions have different data. Typical lag is 50-500ms under normal conditions, but can spike to seconds or minutes during network degradation. This means a user who writes in Region A and immediately reads from Region B might not see their own write. **Conflict-free Replicated Data Types (CRDTs)** are data structures designed to merge concurrent updates without conflicts. Counters, sets, and registers can be implemented as CRDTs. They trade generality for guaranteed convergence -- not every data model fits into a CRDT structure, but those that do never produce conflicts. ``` Synchronous: Write → Replicate to all regions → Confirm → Return to client Latency: local + cross-region RTT (100-200ms added) Consistency: strong Asynchronous: Write → Confirm → Return to client → Replicate in background Latency: local only (1-5ms) Consistency: eventual (50-500ms lag typical) ``` ## Conflict Resolution With asynchronous replication, two users in different regions can modify the same record simultaneously. You need a conflict resolution strategy. **Last-writer-wins (LWW)**: the write with the latest timestamp wins. Simple to implement but loses data silently. If User A updates their address in EU and User B updates the same address in US at the same moment, one update disappears. Requires synchronized clocks across regions (use NTP or a logical clock). DynamoDB global tables use LWW by default. **Application-level merge**: the application understands the data semantics and merges conflicting writes. For a shopping cart, merge means union of items. For a document, merge might use operational transformation. Complex to implement but preserves intent. **Region-affinity writes**: route all writes for a given entity to a single "home" region based on a shard key (user ID, account ID). Other regions can read (with eventual consistency) but writes for that entity always go to the same place. This eliminates write conflicts entirely at the cost of cross-region write latency for users not near their home region. ``` Region-affinity routing: User 12345 (home: EU) ──write──> Region EU (authoritative for this user) User 12345 (traveling in US) ──write──> Route to Region EU (adds latency) User 67890 (home: US) ──write──> Region US (authoritative for this user) ``` ## Split-Brain Scenarios Split-brain occurs when regions lose connectivity with each other but both continue operating. Each region believes it is the sole authority. When connectivity is restored, the regions have diverged. This is the most dangerous failure mode in active-active. Both regions accepted writes. Both regions served reads from their local (now divergent) data. Merging the diverged state is application-specific and often requires manual intervention. Mitigation strategies: **Quorum-based writes** require a majority of regions to acknowledge a write. In a three-region setup, a write needs two confirmations. If one region is isolated, it cannot form a quorum and stops accepting writes (choosing consistency over availability). CockroachDB and other distributed databases implement this natively. **Fencing tokens** use a coordination service (etcd, ZooKeeper, Consul) to issue monotonically increasing tokens. A region must hold a valid token to accept writes. During a split, only one region can hold the token. **Operational response**: detect split-brain via monitoring (replication lag exceeding threshold, cross-region health checks failing) and fail one region to read-only mode. Accept the downgrade rather than risk divergence. ## Session Management Across Regions If a user's request can land in any region, session state must be accessible everywhere. Three approaches: **Centralized session store** (Redis Global Datastore, DynamoDB Global Tables): sessions are replicated across regions. Any region can read the session. Write conflicts are possible if a session is modified simultaneously in two regions, but this is rare in practice since a single user's requests typically go to one region. **Stateless sessions** (JWT tokens): no server-side session state. The token contains all necessary claims. The simplest approach for active-active because there is nothing to replicate. The downside is that you cannot invalidate individual sessions without maintaining a revocation list, which reintroduces the distributed state problem. **Session affinity at the DNS level**: use geolocation or latency-based routing so a user consistently hits the same region. Not foolproof -- DNS changes, VPN usage, and mobile network switching can cause region switches mid-session. ## CAP Theorem in Practice The CAP theorem states that a distributed system can provide at most two of three guarantees: Consistency, Availability, and Partition tolerance. Since network partitions are inevitable in multi-region deployments, you are choosing between consistency and availability during a partition. In practice, most active-active systems choose availability (AP). During a partition, both regions continue serving traffic with potentially stale data. When the partition heals, the system reconciles. This is acceptable for most web applications -- showing a user slightly stale data is better than showing them an error page. Systems that require consistency (CP) -- financial transactions, inventory management -- must sacrifice availability during a partition. One region stops accepting writes. This is why banks typically run active-passive for transactional systems and active-active only for read-heavy workloads like account balance display. ## The Real Cost of Active-Active Active-active costs substantially more than a single-region deployment. Plan for these multipliers: **Infrastructure**: 2x or more baseline compute, storage, and networking in each region. You cannot run each region at 50% capacity because if one fails, the surviving region must handle 100% of traffic. Each region needs headroom -- typically running at 60-70% capacity, making the real multiplier 2.5-3x for compute. **Data transfer**: cross-region replication bandwidth is not free. AWS charges $0.02/GB for inter-region data transfer. A database replicating 100GB/day across regions costs roughly $60/month in transfer alone. For high-throughput systems, this adds up fast. **Operational complexity**: two of everything means two sets of deployments, two sets of monitoring alerts, two sets of scaling configurations. The team maintaining this needs to understand distributed systems, not just single-region operations. Expect a 2-3x increase in operational overhead during the first year. ``` Cost comparison (typical web application, 1000 RPS): Single region: $10,000/month (baseline) Active-passive: $15,000/month (1.5x — standby runs minimal resources) Active-active: $25,000-30,000/month (2.5-3x — both regions fully provisioned) ``` **When it is worth it**: active-active is justified when your RPO must be zero (no data loss), your RTO must be seconds (not minutes), or you have genuine multi-region user bases where latency to a single region is unacceptable. If you can tolerate 5-15 minutes of downtime during failover, active-passive is dramatically cheaper and simpler.