Hi,

in some circumstances you may need that physical interface without tunnel-interface configuration. Because command "tunnel-interface" hard-codes interface to run /send/receive only specific type of traffic, basically makes interface "SD-WAN interface" and you can't do regular routing over it.

Let me explain in one simple-classical case:

Suppose you have controllers in DC, you have SD-WAN border router on DC. And your branch router (also runs SD-WAN) want to reach controllers over DC border router. Topology:

DC_CONTROLLERS --- DC_Border --- WAN (example MPLS) --- BRANCH_Border.

In this case, if you configure tunnel interface on physical port (that is connected to MPLS WAN), then branch can't connect to controllers through DC_Border. This is because regular routing (L3 packet switching i.e getting packet on one interface and sending over another) can't be done through tunnel-interface. Tunnel-interface should receive SD-WAN specific traffic, that is: tunnel traffic (gre or ipsec) or native traffic (dns,netconf,sshd etc) that destined to router itself.

In this type of cases, you may create loopback interface, bind it to physical interface,add tunnel configuration to loopback interface, but not configure tunnel-interface on physical. Since, tunnel-interface is not configured on physical ,it can do regular L3 packet switching routing and in our case, branch router can connect to dc-controllers over dc-border router.

In short, answer to your question is: after adding tunnel-configuration to loopback, you bind it to one physical interface, so loopback (software interface) can understand over which physical interface (hardware interface) it allowed to send traffic.

There are several other cases where loopback method can be useful. Read Cisco SD-WAN Design Guide (excellent document), link below.

https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/cisco-sdwan-design-guide.html#LoopbackInterfaceTunnels

HTH,