Hello Tmckay--Enabling a routing protocol (L3) on a vPC as you have done is not a recommended practice, as the illusion that the vPC pair is a single switch doesn't stand up in L3. That is, for purposes of the routing protocol, the peers are separate even though at L2 they appear as a single switch. This inconsistency causes all sorts of problems, and your flap is likely one of them as the routing protocol tries to reconcile the mismatch.
Take a look at this document. https://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf.
It contains a very good section on L3 and vPC and a list of both supported and unsupported designs. The design you mocked up is specifically called out as unsupported. (This is pretty much The Document for vPC. I would recommend reading the whole thing, but for purposes of your scenario, start reading on page 74.
Hope this helps, MM
The back-to-back vPC design is a supported design, so long as the whole thing is L2 only.
The problem with L3 over vPC is that the behavior isn't human deterministic. You won't get any misbehavior from the system if the L3 ECMP hash aligns with the vPC hash behavior. The problem is when you get ECMP sending the packet one way (based on IP address), but the receiving vPC peer switch is the "wrong" switch (based on the MAC address of the next hop). The vPC peer will then forward the traffic across the peer-link, which will blackhole the traffic for any endpoint that is not an orphan.
Does that make sense? MM