We are dealing with the same problem in a three different customers. All MX are one arm vpn concentrator and all of them are in version 15.43 from 8th Aug.   It seems both MX are replying to frames cause both physical ports where they are connected to are added to the MAC address table as a source of the same VRRP Virtual MAC address. That should be a bug. Only the one with the master role (VRRP priority 255) should be replying frames with that destination MAC on it, and only that MAC address should be dynamically learned by that unique port.   Another thing that is strange...even in Meraki documentation says that VRRP message are correct as they are being sent. https://documentation.meraki.com/MX/Networks_and_Routing/Routed_HA_Failover_Behavior   RFC stays that IP header is wrong. IP source from IP header should be the uplink IP, not the virtual one, for the advertisment sent. You can see meraki sends the VRRP advertismen with the IP header IP source as the virtual one. https://datatracker.ietf.org/doc/html/rfc3768 Any thoughts? ... View more