Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claims 1-11, 13-14 and 21-27 are presented for examination.
Claims 1 and 9 are amended. 

Response to Arguments
Regarding 35 U.S.C. 103(a) applicant’s arguments, see page 10 – page 15, filed May 10, 2021, with respect to claims 1-5, and 7-13 have been fully considered and are persuasive. The 35 U.S.C. 103(a) rejections of claims 1-5, and 7-13 have been withdrawn.

Allowable Subject Matter
Claim(s) 1-11, 13-14, and 21-27 are allowed.
The following is an examiner’s statement of reasons for allowance: 
Claims 1-11, 13-14, and 21-27 are allowable over prior art since the prior art taken individually or in combination fails to particularly disclose, fairly suggests, or render obvious the following italic limitations:
In claims 1, and 9 … the first packet comprising a destination of a second host at the second site, wherein the first and second hosts are assigned to a stretched endpoint group (EPG) extending between the first and second sites, wherein the stretched EPG defines a security policy shared by the first and second hosts, change a source ID in the first packet to a unicast tunnel endpoint at the first site, upon determining that a path between the first and second hosts is unlearned, transmit the first packet from the first site to the second site using a multicast tunnel through the public network, receiving, after receiving the first packet, a second packet from the first host at the first site, the second packet comprising [[a]] the destination of the second host at the second site; and upon determining that the path between the first and second hosts is learned, and after transmitting the first packet using the multicast tunnel, transmit the second packet from the first site to the second site using a unicast tunnels and not the multicast tunnel, through the public network… and in combination with other limitations recited as specified in claims 1, and 9.
In claim 21 … wherein the first site is at a different geographic location than the second site, wherein the first switching fabric is configured to: receive a packet from a first host at the first site, the packet comprising a destination of a second host at the second site, wherein the first and second hosts are assigned to a stretched endpoint group (EPG) extending between the first and second sites, wherein the stretched EPG defines a security policy shared by the first and second hosts, change a source ID in the packet to a unicast tunnel endpoint at the first site, upon determining that a path between the first and second hosts is unlearned, transmit the packet to the second site using a multicast tunnel through the public network, and upon determining that the path between the first and second hosts is learned, transmit the packet to the second site using a unicast tunnel through the public network; and a multi-site controller configured to: identify a subset of endpoints in the stretched EPG using a filtering criteria, create a micro-stretched EPG from the subset of endpoints, wherein the micro-stretched EPG extends between the first and second sites and wherein the subset of endpoints is removed from the stretched EPG, and configure the micro-stretched EPG to have at least one different policy than the stretched EPG, wherein the micro-stretched EPG is in a different bridge domain or subnet than the stretched EPG… and in combination with other limitations recited as specified in claim 21.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
Varadhan et al. (US Pub. No.: 2010/0043068) discloses an MPLS-aware firewall allows firewall security policies to be applied to MPLS traffic. The firewall, which may be integrated within a routing device, can be configured into multiple virtual security systems. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to the packets. The user interface allows the user to define different zones and policies for different ones of the virtual security systems. In addition, the user interface supports a syntax that allows the 
Yang (US Pub. No.: 2015/0063194) discloses a method, an apparatus, and a system for data transmission. A network device receives a first multicast protocol packet sent by a network virtualization edge, NVE, for joining a multicast group, obtains first information, establishes an NVE interface of the multicast group according to the first information, and determines second information according to the first information, wherein the first information comprises a correspondence between each NVE connected to the network device and a multicast group to which each NVE belongs, and the second information comprises each multicast group in which the network device is involved; and sends the second information to a NVO3 manager, so that the NVO3 manager establishes a unicast tunnel interface of the multicast group between the network device and the at least one another network device according to the second information.
Vattem (US Pub. No.:2019/0132241) discloses a process and system for optimizing traffic paths for orphaned hosts in a VXLAN system, by configuring virtual link trunking (VLT) peers to advertise MAC addresses learned from all multi-homed hosts in the system using Anycast VXLAN tunnel endpoint-Internet Protocol address (VTEP-IP); configuring the virtual link trunking (VLT) peers to advertise MAC addresses learned from all single-homed hosts in the system using a secondary VTEP-IP; directing unicast traffic destined to the single-homed hosts to directly connected VLT peers using the Secondary VTEP-IP; and directing Broadcast, unknown unicast, and multi-cast (BUM) traffic destined to the single-homed hosts to directly connected VLT peers using the Inclusive Multicast Ethernet Tag route.
Khanna (US Pub. No.:2008/0080509, IDS submitted – 5/28/2020) – discloses customer Edge (CE) network elements can automatically learn IPSec tunnel endpoints for other CEs connected to sites in a Virtual Private Network (VPN) so that manual configuration of IPSec tunnel endpoints is not required and so that a centralized database of IPSec tunnel endpoints is not required to be separately maintained. According to an embodiment of the invention, a BGP export route policy is set on all CEs, so that when they announce their VPN routes in the standard format, the application of this export route policy changes the announcement to replace the BGP peering point address that would ordinarily be advertised with the IPSec tunnel endpoint address. When any given site receives a VPN route update formatted in this manner, it processes the VPN route update and learns from the update the IPSec tunnel endpoint as well as the associated VPN routes. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to LAKERAM JANGBAHADUR whose telephone number is (571)272-1335.  The examiner can normally be reached on M-F 7 am - 4 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ian Moore can be reached on 571-272-3085.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 






/LAKERAM JANGBAHADUR/Primary Examiner, Art Unit 2469