Hello Champion
This is actually expected behavior. The PE routers don’t need to be able to reach the loopback of the CE routers. They don’t need that information in their routing tables because you will never have direct communication between a PE router and the customer network. However, PE routers must be able to direct transient traffic (traffic that doesn’t originate from themselves) to the intended destination, and this is achieved using the BGP VPN table, which we can see with the command show ip bgp vpnv4 all like so:
PE1#show ip bgp vpnv4 all
BGP table version is 4, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf CUSTOMER)
*> 1.1.1.1/32 192.168.12.1 0 0 12 i
*>i 5.5.5.5/32 4.4.4.4 0 100 0 12 i
PE1#
Here, you can see that PE1 has a next hop assigned for both the 1.1.1.1 and the 5.5.5.5 networks, which route traffic to their intended destinations.
I hope this has been helpful!
Laz