The following are limitations of SD-AVC:

• For the SD-AVC Network Service, running on a host device, if the host interface that is used as a gateway interface is attached to a VRF, see Operating the SD-AVC Network Service with Host Interface Attached to a VRF for configuration details.

• SD-AVC requires a few minutes to learn from the network traffic before the application data is sent to the SD-AVC Network Service and compiled at the network level. See SD-AVC and Application Recognition.

• SD-AVC provides application classification for server-based applications. The SD-AVC application rules pack is less relevant for client-to-client traffic, which is more granular and dynamic. Client-to-client traffic is classified by NBAR running on each network element.

• In the case of a proxy or content delivery network (CDN), multiple applications may use the same IP/port combination. The network devices themselves classify such traffic fully. However, for these applications, the SD-AVC agent operating on a device may report application data to the SD-AVC network service with a lesser degree of detail: they may be reported with less detailed classification granularity or not at all.