well... during fighting Entries Limits enforced by built-in device-tracking policies i've discovered that in case of AcGW SVIs we have Subject applied to SVI's VLAN:
 EdgeNode#show device-tracking policies vlan XYZ
Target Type Policy Feature Target range
vlan XYZ VLAN DT-PROGRAMMATIC Device-tracking vlan all
vlan XYZ VLAN LISP-DT-GUARD-VLAN Device-tracking vlan all
vlan XYZ VLAN LISP-AR-RELAY-VLAN Address Resolution Relay vlan all
EdgeNode#show device-tracking policy DT-PROGRAMMATIC | sec ^Device-tracking policy
Device-tracking policy DT-PROGRAMMATIC configuration:
security-level glean
device-role node
gleaning from Neighbor Discovery
gleaning from DHCP6
gleaning from ARP
gleaning from DHCP4
NOT gleaning from protocol unkn
limit address-count for IPv4 per mac 1
tracking (downlink only) enable
EdgeNode#show device-tracking policy LISP-DT-GUARD-VLAN | sec ^Device-tracking policy
Device-tracking policy LISP-DT-GUARD-VLAN configuration:
security-level guard
device-role node
gleaning from Neighbor Discovery
gleaning from DHCP6
gleaning from ARP
gleaning from DHCP4
NOT gleaning from protocol unkn
limit address-count for IPv4 per mac 4
limit address-count for IPv6 per mac 12
origin fabric
tracking enable reachable-lifetime 240
EdgeNode#show device-tracking policy LISP-AR-RELAY-VLAN | sec ^Device-tracking policy
EdgeNode#show device-tracking policy LISP-AR-RELAY-VLAN
Policy LISP-AR-RELAY-VLAN for feature Device-tracking does not exist

i guess one of 2 LISP-* entries corresponds to L2-instance associated with AcGW (l.s. 2nd one)
But how other 2 entries get generated?
All entries are built-in. This is where next Q comes from: what is the preference between their respective parameters?
Why we cannot see definition of "not-existing" LISP-AR-RELAY* policy & how does it look like?
Any comments from device-tracking gurus?