Border Gateway Protocol

What mechanism to use for fault tolerance when BGP to ISP?

Good afternoon.
There is a task to create a fault-tolerant solution for availability between AS and ISP.
There are AS, PI, two providers (ISP) with a /30 network.
From our side, two cisco 3900 series. BGP was raised from us to providers (eBGP to providers, iBGP between our ciscos). From each of the providers we get default gateway. BGP is configured in such a way that one of the ciscos is the main one and all outgoing traffic goes through it. The second cisco is essentially on standby.
On internal interfaces, HSRP is raised for the availability of the default gateway.
Now, if, for example, you reboot the "main" cisco, it turns out that one of the channels is not working, it works with BGP and the backup becomes the "main" channel.
Whether it is possible to make so that at "fall" of one of cisco (for example reboot) - the channel "moved" on reserve. But if the channel "fell", then BGP would work and the backup channel would be used.
Of the solutions that come to mind:
1) Request a /29 network from the provider and raise hsrp on external interfaces and build a BGP neighbor on the virtual IP.
Since this has never been done, there is no certainty that such a configuration will work correctly. I do not want to experiment on a live network. Such a solution, it seems to me, looks more like a crutch.
2) Request a /29 network from the provider and ask for 2 BGP sessions from each provider.
This solution seems to me the most correct and attractive.
Perhaps there are better methods?
For clarity, a diagram from everyone's favorite cpt.