Hi Experts ,  we have nexus 7ks as spine and nexus 5k2 as leaf switches and fabric path is configured on them.palo alto 5260 are connected to nexus 5k using vpc.n7k-1 is hsrp activeand n7k-2 is hsrp standby switch for the vlans configured on them.we have vrfs configured and layer 3 vlans are placed under respective vrfs.palo alto firewalls are in active/passive state.ospf is configured between nexus7k and palo alto firewalls on hand off layer 3 ,part of respective vrf.we have configured ospf priority of 5 and 10 on hand off vlans so that n7k-1 would be ospf DR and n7k-2 would be BDR.Palo alto is drother. When we have verified ospf routes of layer 3 vlans of vrfs we are learning through hand off vlan ip of hsrp standby switch ie n7k-2 on passive palo alto firewall , not from active hasrp switch ie n7k-1 on active palo alto firewall. If I configure opsf cost 1 on layer 3 vlans of respective vrfs on n7k-1 then I am seeing ospf routes through active hasp switch ie n7k-1 on active palo alto firewall. Why are we learning layer 3 vlans of vrfs on passive firewall instead of active firewall.we have so many layer 3 vlans configured under each vrf.Do I need to configure ospf cost 1 on n7k-1 and ospf cost 5 on n7k-2 so that ospf routes can be learned on active firewall fir all layer 3 vlans ?