I would HIGHLY recommend getting rid of HSRP and using routing over the tunnels (both up all the time), whether OSPF or EIGRP. Set an inferior metric on one of the tunnels at both ends. Problem solved.
HSRP is BAD NEWS over WAN. I am struggling to see what use the HSRP is. As you're now seeing it also causes a lot of issues when overlaid on top of routing.
There is a reason they're called First Hop Redundancy Protocols in the textbook, their place is to provide redundancy for LAN client's default gateways i.e. the first hop.
This is entirely normal behaviour with a duplex mismatch.
Why was only downstream affected and not upstream?
Since the computer is operating in full duplex mode, it isn't utilizing CSMA-CD. This means it doesn't check if the medium is idle before it transmits, nor will it perceive any data it receives while transmitting as a collision. As such, the upload from the computer would remain largely unaffected.
Conversely, the switch is utilizing CSMA-CD and will wait for the medium to be idle before it transmits. In addition, when the switch detects a collision, it immediately stops transmitting the frame and follows the CSMA-CD collision detect procedure. This has a significant performance impact on the traffic sent to the computer.
When the traffic is TCP, the negative effect will be multiplied as any lost TCP ACK's going to the computer will cause a TCP retransmission.
Are these real collisions? Since cable has separate transmit and receive pairs.
Yes, they are real collisions; even in a full half duplex environment (i.e. hubs) there are separate transmit and receive pairs. The reason is that in a half duplex environment the hubs will repeat the signal received on one port out all other ports. If two stations were to try to transmit at the same time, the signal that gets repeated will not be usable.
Since the switch is operating in half duplex mode, it operates like it is in such an environment and can only transmit or receive at any given time. Any time the switch is sending a frame and detects other traffic on the medium (i.e. the computer, which isn't checking for an idle medium), this is treated as a collision and the switch will follow the collision detection procedure (which includes a wait or back off period of time).
As the computer is not operating this way (i.e. it starts transmitting automatically when there is data to send), you end up with many more collisions than you would get in a environment that was entirely made up of half duplex devices.
Edit: I did come across a reference to these this weekend while searching an unrelated matter where they were referred to as false collisions. I would disagree with this viewpoint since the switch clearly sees them as a collision and handles them as such. Rather, I would think of them as unnecessary collisions in that they should not exist in a switched network.
As an aside, this is the most often reported type of duplex mismatch (where the switch is set to auto and the computer to full duplex). Most people download much more than they upload, they tend to notice this condition more easily to report it.
Best Answer
You don't need fabricpath to run a vPC+ from a FEX. Fabricpath is really only useful in large data centers where you have a multiple tier topology (Core, Aggregation, Access). In a smaller setup using a collapsed core type design, vPC is simpler and accomplishes the same goal of getting rid of spanning tree.