Cyberoam team presents their work on active active cluster. They’ve done a 2 nodes active active setup, with a primary and an auxiliary sytem. The primary take care of load balancing. The setup is using virtual MAC addresses.
To avoid split-brain problem, the primary take all decisions by always treating the SYN packet. It also transfer the NAT, marks to the auxiliary thanks to a module. This is done via a module called ipt_SYNDATA. It is placed in PREROUTING
Another problem that they need to fix was to arp resolution. They need to have only one answer and one request. For that they developed an arptable extension which is used to have the primary that does all the request and it transfers the answer on the dedicated link between the two nodes.