At the start traffic from Site A properly uses the MPLS to site B. A failure it transitions to the static route (at an AD over 200, weight 0, local preference 90) to use the VPN. The problem is that when the failure is repaired it does *not* fail back, the BGP has to be cleared for it to revert back to the BGP routes instead of the static.
Site A should prefer to use the MPLS circuit to reach site B. In the event site B has circuit problems and it's route advertisement drops, site A should use its static route to pass the traffic over a VPN to site B. Once the circuit is functioning properly again, site A should fail back to the MPLS.
Site A: 126.96.36.199/24
Site B: 188.8.131.52/24
Hosts -> Cisco L3 switch (BGP AS 65000) that has a connection to a firewall and an MPLS managed router. Site A passes through several BGP ASs to reach site B.
L3 Switch: 184.108.40.206/24 (inside), 220.127.116.11/29 (shared with firewall)
MPLS managed router (BGP AS 65000): 18.104.22.168/24 (inside, neighbor with the L3 switch)
Firewall to Internet: 22.214.171.124/29
ip prefix-list siteb permit 126.96.36.199/24
route-map VPNBACKUP 10
match ip address prefix-list siteb
set local-preference 90
set weight 0
ip route 188.8.131.52 255.255.255.0 184.108.40.206 205
router bgp 65001
network 220.127.116.11 mask 255.255.255.0 route-map VPNBACKUP
The way I understand the configuration is that the 205 administrative distance on the static route makes it locally less desireable than the BGP route. The route map setting weight on the network to advertisement to a weight of 0 has it not redirect routes to it for that network. The local preference is intended to have it fail back... but it isn't.
Edit: This involves many different sites, so site A isn't the only one that needs to be impacted by this. It is also important that nothing but the 18.104.22.168/24 is impacted for routing.