Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 05/17/2021 has been entered.

Response to Arguments

	On Pg. 6 to Pg. 7 of Applicant’s Remarks, with regard to claim 1, Applicant argues that neither Pai nor Hagger nor the combination of Pai and Hagger teach wherein the IP addresses of the MAC-IP bindings in the database are selectively and periodically refreshed by the first network device, selection based on message exchanges made with the plurality of second network devices under a secondary protocol independent of the ARP protocol and independent of the ND protocol.
	Applicant’s arguments have been considered. Since this is a RCE, additional search has been performed and art has been reconsidered. Therefore, in light of the newly amended claims, the newly applied reference, Rao et al. (US 2017/0026245) teaches this limitation.

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:



Claim(s) 1, 7, and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Kanekar et al. (US 2007/0121617), hereafter referred to as “Kanekar”, in view of Rao et al. (US 2017/0026245), hereafter referred to as “Rao”.

Regarding claim 1, Kanekar discloses: 
A system comprising:
a first network device (e.g. router 306a; [0032]) connected to a plurality of second network devices (e.g. active hosts; [0032]), each second network device having a Media Access Control (MAC) address (e.g. mobile host’s MAC address; [0008]) and a dynamically generated Internet Protocol (IP) address (e.g. IP address dynamically assigned by a DHCP server; [0008], “...the DHCP snooping protocol allows a mobile host to connect with a particular gateway and have its IP address dynamically assigned by a DHCP server...At a high level, when a host first connects to a particular gateway, it requests an IP address be assigned for its particular MAC address...;” [0009], “The gateway router typically maintains the binding between the mobile host's MAC address and dynamically assigned IP address...The gateway router maintains the bindings for a particular host in a DHCP Snooping database...;” [0032], “...router 306a will maintain DHCP Snooping Database 312a for its active hosts...”);
the first network device operatively connected to and using a database for storing MAC-IP bindings for each of the second network devices (e.g. DHCP Snooping database; [0032]);
the first network device including a handling system that initially populates the database with a MAC-IP binding (e.g. stores a binding entry in a DHCP Snooping Database, wherein the stored binding entry includes the IP and MAC address for the particular node; [0014]) for each of the plurality of second network devices (e.g. active hosts; [0032]) based on a communication between a respective said one of the plurality of second network devices (e.g. active hosts; [0032]) and a Dynamic Host Control Protocol (DHCP) server ([0008]), and according to it at least one of an Address Resolution (ARP) protocol ([0015]) and a Neighbor Discovery (ND) protocol ([0013], “...at a first network device (e.g. router), receiving a request and a response that together include an internet protocol (IP) address and a media access control (MAC) address for a particular node; (b) at the first network device, storing a binding entry in a DHCP Snooping Database, wherein the stored binding entry includes the IP and MAC address for the particular node; and (c) sending at least a portion of the binding entry from the first network device to a second network device, wherein the first and second network device belong to a same redundancy group;” [0014], “...operations (a) and (b) are repeated for a plurality of received pairs of a request and a response that each include an internet protocol (IP) address and a media access control (MAC) address for a particular node, and a plurality of binding entries are received into the first network device from the second network device, wherein the received binding entries include pairs of corresponding IP and MAC addresses for particular nodes and interface information for the particular nodes...;” [0015], “...the DHCP Snooping Database is used for dynamic ARP (address resolution protocol) inspection, proxy-ARP inspection, or Reverse ARP-inspection at the first network device...;” [0038], “...the DHCP Snooping Database of each router may be maintained by periodically exporting each locally learned binding and corresponding interface information to its router peer(s) in operation 408. The exporting of DHCP Snooping binding information may be initiated by either the sending or the receiving router...”);
Kanekar also doesn’t teach: wherein the IP addresses of the MAC-IP bindings in the database are selectively and periodically refreshed by the first network device, selection based on message exchanges made with the plurality of second network devices under a secondary protocol independent of the ARP protocol and independent of the ND protocol. In an analogous art, Rao teaches:
wherein the IP addresses of the MAC-IP bindings in the database are selectively and periodically refreshed by the first network device, selection based on message exchanges made with the plurality of second network devices under a secondary protocol independent of the ARP protocol and independent of the ND protocol (e.g. unsolicited neighbor advertisement; Abstract)
It would have been obvious to one skilled in the art, before the effective filling date of Applicant’s claimed invention to modify maintaining binding entries in a DHCP Snooping Database, wherein the 

Regarding claim 7, Kanekar discloses:
A method comprising:
initially populating a database with a MAC-IP binding (e.g. stores a binding entry in a DHCP Snooping Database, wherein the stored binding entry includes the IP and MAC address for the particular node; [0014]) for each of a plurality of second network devices (e.g. active hosts; [0032]) based on a communication between a respective said one of the plurality of second network devices (e.g. active hosts; [0032]) and a DHCP server ([0008]), and according to at least one of an ARP protocol ([0015]) and an ND protocol ([0013], “...at a first network device (e.g. router), receiving a request and a response that together include an internet protocol (IP) address and a media access control (MAC) address for a particular node; (b) at the first network device, storing a binding entry in a DHCP Snooping Database, wherein the stored binding entry includes the IP and MAC address for the particular node; and (c) sending at least a portion of the binding entry from the first network device to a second network device, wherein the first and second network device belong to a same redundancy group;” [0014], “...operations (a) and (b) are repeated for a plurality of received pairs of a request and a response that each include an internet protocol (IP) address and a media access control (MAC) address for a particular node, and a plurality of binding entries are received into the first network device from the second network device, wherein the received binding entries include pairs of corresponding IP and MAC addresses for particular nodes and interface information for the particular nodes...;” [0015], “...the DHCP Snooping Database is used for dynamic ARP (address resolution protocol) inspection, proxy-ARP inspection, or Reverse ARP-inspection at the first network device...;” [0038], “...the DHCP Snooping Database of each 
Kanekar also doesn’t teach: selectively and periodically refreshing the IP addresses of the MAC-IP bindings in the database, selection based on message exchanges made with the plurality of second network devices under a secondary protocol independent of the ARP protocol and independent of the ND protocol. In an analogous art, Rao teaches:
selectively and periodically refreshing the IP addresses of the MAC-IP bindings in the database, selection based on message exchanges made with the plurality of second network devices under a secondary protocol independent of the ARP protocol and independent of the ND protocol (e.g. unsolicited neighbor advertisement; Abstract)
It would have been obvious to one skilled in the art, before the effective filling date of Applicant’s claimed invention to modify maintaining binding entries in a DHCP Snooping Database, wherein the stored binding entries includes the IP and MAC address for the particular node as taught by Kanekar with the inclusion of updating an Address Resolution Protocol (ARP)/Neighbor Discovery Protocol (NDP) cache of the source host by sending, to the source host, a first ARP message/unsolicited neighbor advertisement specifying a Media Access Control (MAC) address of an edge router associated with the source host in the second DC as a destination MAC address for the first destination host as taught by Rao because a properly planned and operating data center network provides application and data integrity and optimizes application availability and performance.

Regarding claim 13, Kanekar discloses:
A non-transitory computer-readable medium ([0017]) containing stored program instructions, which, when executed by one or more processors ([0017]) of a computer system ([0017]), cause the one or more processors to perform steps of:
initially populating a database with a MAC-IP binding (e.g. stores a binding entry in a DHCP Snooping Database, wherein the stored binding entry includes the IP and MAC address for the particular node; [0014]) for each of a plurality of second network devices (e.g. active hosts; [0032]) based on a communication between a respective said one of the plurality of second network devices (e.g. active hosts; [0032]) and a DHCP server ([0008]), and according to at least one of an ARP protocol ([0015]) and an ND protocol ([0013], “...at a first network device (e.g. router), receiving a request and a response that together include an internet protocol (IP) address and a media access control (MAC) address for a particular node; (b) at the first network device, storing a binding entry in a DHCP Snooping Database, wherein the stored binding entry includes the IP and MAC address for the particular node; and (c) sending at least a portion of the binding entry from the first network device to a second network device, wherein the first and second network device belong to a same redundancy group;” [0014], “...operations (a) and (b) are repeated for a plurality of received pairs of a request and a response that each include an internet protocol (IP) address and a media access control (MAC) address for a particular node, and a plurality of binding entries are received into the first network device from the second network device, wherein the received binding entries include pairs of corresponding IP and MAC addresses for particular nodes and interface information for the particular nodes...;” [0015], “...the DHCP Snooping Database is used for dynamic ARP (address resolution protocol) inspection, proxy-ARP inspection, or Reverse ARP-inspection at the first network device...;” [0038], “...the DHCP Snooping Database of each router may be maintained by periodically exporting each locally learned binding and corresponding interface information to its router peer(s) in operation 408. The exporting of DHCP Snooping binding information may be initiated by either the sending or the receiving router...”).
Kanekar also doesn’t teach: selectively and periodically refreshing the IP addresses of the MAC-IP bindings in the database, selection based on message exchanges made with the plurality of second network devices under a secondary protocol independent of the ARP protocol and independent of the ND protocol. In an analogous art, Rao teaches:
selectively and periodically refreshing the IP addresses of the MAC-IP bindings in the database, selection based on message exchanges made with the plurality of second network devices under a secondary protocol independent of the ARP protocol and independent of the ND protocol (e.g. unsolicited neighbor advertisement; Abstract)
It would have been obvious to one skilled in the art, before the effective filling date of Applicant’s claimed invention to modify maintaining binding entries in a DHCP Snooping Database, wherein the .

Claim(s) 2-3, 8-9, and 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over Kanekar et al. (US 2007/0121617) in view of Rao et al. (US 2017/0026245), as applied to claim(s) 1, 7, and 13, in further view of Rzezak et al. (US 2018/0020000), hereafter referred to as “Rzenak”.

Regarding claim 2, Kanekar-Rao discloses the system of claim 1. Kanekar in view of Rao also doesn’t teach: wherein the MAC-IP bindings in the database are periodically refreshed based on station maintenance message exchanges made between a Cable Modem Termination Service (CMTS) and the plurality of second network devices. In an analogous art, Rzezak teaches:
wherein the MAC-IP bindings in the database are periodically refreshed based on station maintenance message exchanges made between a Cable Modem Termination Service (CMTS) and the plurality of second network devices (Fig. 1; Abstract, “...The network collector scans a first cable modem and receives and sends to the network data converger device identification for the first modem and an address of a first CMTS connected to the first cable modem. The network collector adds this information to a devices inventory. The network collector scans a second cable modem and receives and sends to the network data converger device identification and an address of a second CMTS connected to the second cable modem. The network data converger compares this information to the information in the devices inventory and may determine fraud based on the comparison;” [0028], “...The discovery scan is an SNMP scan where the network collector 140 uses the SNMP protocol to obtain information for the cable modems 110a-f....;”   [0048], “The NDC 150 may iterate over all the items in the watch list in a periodic process. If the time elapsed between the timestamp and the present is bigger than the watch list 
It would have been obvious to one skilled in the art, before the effective filling date of Applicant’s claimed invention to modify maintaining binding entries in a DHCP Snooping Database, wherein the stored binding entries includes the IP and MAC address for the particular node and updating an Address Resolution Protocol (ARP)/Neighbor Discovery Protocol (NDP) cache of the source host by sending, to the source host, a first ARP message/unsolicited neighbor advertisement specifying a Media Access Control (MAC) address of an edge router associated with the source host in the second DC as a destination MAC address for the first destination host as taught by Kanekar and Rao with the inclusion of SNMP scan where the network collector 140 uses the SNMP protocol to obtain information for the cable modems wherein the information is exchanged between cable modems and CMTS via DOCSIS and placing items in the watch list for the network data converger to perform comparison between devices in the devices inventory as taught by Rzezak because the CMTS to provide refreshed information to the network data converger for periodically iterating over the watch list for fraud entries and removing the fraud entries from the watch list.

Regarding claim 3, Kanekar-Rao discloses the system of claim 1. Kanekar in view of Rao also doesn’t teach: wherein the plurality of second network devices are cable modems. In an analogous art, Rzezak teaches:
wherein the plurality of second network devices are cable modems (Fig. 1; Abstract, “...The network collector scans a first cable modem and receives and sends to the network data converger 
It would have been obvious to one skilled in the art, before the effective filling date of Applicant’s claimed invention to modify maintaining binding entries in a DHCP Snooping Database, wherein the stored binding entries includes the IP and MAC address for the particular node and updating an Address Resolution Protocol (ARP)/Neighbor Discovery Protocol (NDP) cache of the source host by sending, to the source host, a first ARP message/unsolicited neighbor advertisement specifying a Media Access Control (MAC) address of an edge router associated with the source host in the second DC as a destination MAC address for the first destination host as taught by Kanekar and Rao with the inclusion of SNMP scan where the network collector 140 uses the SNMP protocol to obtain information for the cable modems wherein the information is exchanged between cable modems and CMTS via DOCSIS and placing items in the watch list for the network data converger to perform comparison between devices in the devices inventory as taught by Rzezak because the CMTS to provide refreshed information to the 

Regarding claim 8, Kanekar in view of Rao discloses the method of claim 7. Kanekar in view of Rao also doesn’t teach: wherein the MAC-IP bindings in the database are periodically refreshed based on station maintenance message exchanges made between a CMTS and the plurality of second network devices. In an analogous art, Rzezak teaches:
wherein the MAC-IP bindings in the database are periodically refreshed based on station maintenance message exchanges made between a CMTS and the plurality of second network devices (Fig. 1; Abstract, “...The network collector scans a first cable modem and receives and sends to the network data converger device identification for the first modem and an address of a first CMTS connected to the first cable modem. The network collector adds this information to a devices inventory. The network collector scans a second cable modem and receives and sends to the network data converger device identification and an address of a second CMTS connected to the second cable modem. The network data converger compares this information to the information in the devices inventory and may determine fraud based on the comparison;” [0028], “...The discovery scan is an SNMP scan where the network collector 140 uses the SNMP protocol to obtain information for the cable modems 110a-f....;” [0048], “The NDC 150 may iterate over all the items in the watch list in a periodic process. If the time elapsed between the timestamp and the present is bigger than the watch list threshold, the entry is removed and the event is logged as an occurrence of roaming (when roaming is allowed);” [0050], “If the CMTS 120 IP address (alternatively MAC domain) for the cable modem 110a-f in the refreshed information is the same as the cable modem 110a-f in the stored information, then the cable modem 110a-f in the received information is marked as Fraud classified as ‘Original online’ and the item is removed from the watch list. If the CMTS 120 IP address (alternatively MAC domain) for the cable modem 110a-f in the refreshed information is a third value (different from stored and received information), and if the cable modem 110a-f in the received information is still online, then the cable modem 110a-f in the refreshed information is marked as Fraud and classified as ‘Watch listed online.’ However, the watch list item is not removed”).


Regarding claim 9, Kanekar in view of Rao, and in further view of Rzezak discloses the method of claim 8, however Rzezak teaches:
wherein the plurality of second network devices are cable modems (Fig. 1; Abstract, “...The network collector scans a first cable modem and receives and sends to the network data converger device identification for the first modem and an address of a first CMTS connected to the first cable modem. The network collector adds this information to a devices inventory. The network collector scans a second cable modem and receives and sends to the network data converger device identification and an address of a second CMTS connected to the second cable modem. The network data converger compares this information to the information in the devices inventory and may determine fraud based on the comparison;” [0028], “...The discovery scan is an SNMP scan where the network collector 140 uses the SNMP protocol to obtain information for the cable modems 110a-f....;” [0048], “The NDC 150 may iterate over all the items in the watch list in a periodic process. If the time elapsed between the timestamp and the present is bigger than the watch list threshold, the entry is removed and the event is logged as an occurrence of roaming (when roaming is allowed);” [0050], “If the CMTS 120 IP address (alternatively 
It would have been obvious to one skilled in the art, before the effective filling date of Applicant’s claimed invention to modify maintaining binding entries in a DHCP Snooping Database, wherein the stored binding entries includes the IP and MAC address for the particular node and updating an Address Resolution Protocol (ARP)/Neighbor Discovery Protocol (NDP) cache of the source host by sending, to the source host, a first ARP message/unsolicited neighbor advertisement specifying a Media Access Control (MAC) address of an edge router associated with the source host in the second DC as a destination MAC address for the first destination host as taught by Kanekar, and Rao with the inclusion of SNMP scan where the network collector 140 uses the SNMP protocol to obtain information for the cable modems wherein the information is exchanged between cable modems and CMTS via DOCSIS and placing items in the watch list for the network data converger to perform comparison between devices in the devices inventory as taught by Rzezak because the CMTS to provide refreshed information to the network data converger for periodically iterating over the watch list for fraud entries and removing the fraud entries from the watch list.

Regarding claim 14, Kanekar-Rao discloses the non-transitory computer-readable medium of claim 13. Kanekar in view of Rao also doesn’t teach: wherein the MAC-IP bindings in the database are periodically refreshed based on station maintenance message exchanges made between a CMTS and the plurality of second network devices. In an analogous art, Rzezak teaches:
wherein the MAC-IP bindings in the database are periodically refreshed based on station maintenance message exchanges made between a CMTS and the plurality of second network devices (Fig. 1; Abstract, “...The network collector scans a first cable modem and receives and sends to 
It would have been obvious to one skilled in the art, before the effective filling date of Applicant’s claimed invention to modify maintaining binding entries in a DHCP Snooping Database, wherein the stored binding entries includes the IP and MAC address for the particular node and updating an Address Resolution Protocol (ARP)/Neighbor Discovery Protocol (NDP) cache of the source host by sending, to the source host, a first ARP message/unsolicited neighbor advertisement specifying a Media Access Control (MAC) address of an edge router associated with the source host in the second DC as a destination MAC address for the first destination host as taught by Kanekar, and Rao with the inclusion of SNMP scan where the network collector 140 uses the SNMP protocol to obtain information for the cable modems wherein the information is exchanged between cable modems and CMTS via DOCSIS and placing items in the watch list for the network data converger to perform comparison between devices in 

Regarding claim 15, Kanekar-Rao discloses the non-transitory computer-readable medium of claim 13. Kanekar in view of Rao also doesn’t teach: wherein the plurality of second network devices are cable modems. In an analogous art, Rzezak teaches:
wherein the plurality of second network devices are cable modems (Fig. 1; Abstract, “...The network collector scans a first cable modem and receives and sends to the network data converger device identification for the first modem and an address of a first CMTS connected to the first cable modem. The network collector adds this information to a devices inventory. The network collector scans a second cable modem and receives and sends to the network data converger device identification and an address of a second CMTS connected to the second cable modem. The network data converger compares this information to the information in the devices inventory and may determine fraud based on the comparison;” [0028], “...The discovery scan is an SNMP scan where the network collector 140 uses the SNMP protocol to obtain information for the cable modems 110a-f....;” [0048], “The NDC 150 may iterate over all the items in the watch list in a periodic process. If the time elapsed between the timestamp and the present is bigger than the watch list threshold, the entry is removed and the event is logged as an occurrence of roaming (when roaming is allowed);” [0050], “If the CMTS 120 IP address (alternatively MAC domain) for the cable modem 110a-f in the refreshed information is the same as the cable modem 110a-f in the stored information, then the cable modem 110a-f in the received information is marked as Fraud classified as ‘Original online’ and the item is removed from the watch list. If the CMTS 120 IP address (alternatively MAC domain) for the cable modem 110a-f in the refreshed information is a third value (different from stored and received information), and if the cable modem 110a-f in the received information is still online, then the cable modem 110a-f in the refreshed information is marked as Fraud and classified as ‘Watch listed online.’ However, the watch list item is not removed”).
It would have been obvious to one skilled in the art, before the effective filling date of Applicant’s claimed invention to modify maintaining binding entries in a DHCP Snooping Database, wherein the .

Claim(s) 4, 10, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Kanekar et al. (US 2007/0121617) in view of Rao et al. (US 2017/0026245), as applied to claim(s) 1, 7, and 13, in further view of Akyol (US 2008/0219162), hereafter referred to as “Akyol”.

Regarding claim 4, Kanekar-Rao discloses the system of claim 1. Kanekar in view of Rao also doesn’t teach: wherein messages between the handling system and each of the plurality of second network devices are eliminated after initially populating the database with the MAC-IP binding for the respective second network device. In an analogous art, Akyol teaches:
wherein messages between the handling system and each of the plurality of second network devices are eliminated after initially populating the database with the MAC-IP binding for the respective second network device ([0038], “...If the source IP address and source MAC address extracted from the received packet are not bound in the MAC-to-IP database 102, then the packet may be identified as a spoofed packet. The processor 108 may drop spoofed packets and/or perform further processing of spoofed packets and may implement measures for preventing future spoofed packets...”).
It would have been obvious to one skilled in the art, before the effective filling date of Applicant’s claimed invention to modify maintaining binding entries in a DHCP Snooping Database, wherein the 

Regarding claim 10, Kanekar-Rao discloses the method of claim 7. Kanekar in view of Rao also doesn’t teach: wherein messages between the handling system and each of the plurality of second network devices are eliminated after initially populating the database with the MAC-IP binding for the respective second network device. In an analogous art, Akyol teaches:
wherein messages between the handling system and each of the plurality of second network devices are eliminated after initially populating the database with the MAC-IP binding for the respective second network device ([0038], “...If the source IP address and source MAC address extracted from the received packet are not bound in the MAC-to-IP database 102, then the packet may be identified as a spoofed packet. The processor 108 may drop spoofed packets and/or perform further processing of spoofed packets and may implement measures for preventing future spoofed packets...”).
It would have been obvious to one skilled in the art, before the effective filling date of Applicant’s claimed invention to modify maintaining binding entries in a DHCP Snooping Database, wherein the stored binding entries includes the IP and MAC address for the particular node and updating an Address Resolution Protocol (ARP)/Neighbor Discovery Protocol (NDP) cache of the source host by sending, to the source host, a first ARP message/unsolicited neighbor advertisement specifying a Media Access Control (MAC) address of an edge router associated with the source host in the second DC as a destination MAC address for the first destination host as taught by Kanekar, and Rao with the inclusion of dropping spoofed packets as taught by Akyol because it prevent spoofed packets from populating the flow-records database with errorneous and/or malicious flows.

Regarding claim 16, Kanekar-Rao discloses the non-transitory computer-readable medium of claim 13. Kanekar in view of Rao also doesn’t teach: wherein messages between the handling system and each of the plurality of second network devices are eliminated after initially populating the database with the MAC-IP binding for the respective second network device. In an analogous art, Akyol teaches:
wherein messages between the handling system and each of the plurality of second network devices are eliminated after initially populating the database with the MAC-IP binding for the respective second network device ([0038], “...If the source IP address and source MAC address extracted from the received packet are not bound in the MAC-to-IP database 102, then the packet may be identified as a spoofed packet. The processor 108 may drop spoofed packets and/or perform further processing of spoofed packets and may implement measures for preventing future spoofed packets...”).
It would have been obvious to one skilled in the art, before the effective filling date of Applicant’s claimed invention to modify maintaining binding entries in a DHCP Snooping Database, wherein the stored binding entries includes the IP and MAC address for the particular node and updating an Address Resolution Protocol (ARP)/Neighbor Discovery Protocol (NDP) cache of the source host by sending, to the source host, a first ARP message/unsolicited neighbor advertisement specifying a Media Access Control (MAC) address of an edge router associated with the source host in the second DC as a destination MAC address for the first destination host as taught by Kanekar and Rao with the inclusion of dropping spoofed packets as taught by Akyol because it prevent spoofed packets from populating the flow-records database with errorneous and/or malicious flows.

Claim(s) 5-6, 11-12, and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Kanekar et al. (US 2007/0121617) in view of Rao et al. (US 2017/0026245), as applied to claim(s) 1, 7, and 13, in further view of Hellhake et al. (US 2015/0271086), hereafter referred to as “Hellhake”.

Regarding claim 5, Kanekar-Rao discloses the system of claim 1. Kanekar in view of Rao also doesn’t teach: wherein the MAC-IP bindings in the database for a second network device are selectively removed when a message exchange under the secondary protocol with the second network device has not occurred for a threshold period of time. In an analogous art, Hellhake teaches:
wherein the MAC-IP bindings in the database for a second network device are selectively removed when a message exchange under the secondary protocol with the second network device has not occurred for a threshold period of time ([0044], “When the intercepting device has a cached IP address and MAC address for the target, but the ARP request was received after the cache timeout (step 232), another check is made in step 234. If the ARP request was received after a second timeout, which in this embodiment is two times the cache timeout used in step 232, the protocol ‘undiscovers’ the MAC address, and deletes it from the cache in step 236...”).
It would have been obvious to one skilled in the art, before the effective filling date of Applicant’s claimed invention to modify maintaining binding entries in a DHCP Snooping Database, wherein the stored binding entries includes the IP and MAC address for the particular node and updating an Address Resolution Protocol (ARP)/Neighbor Discovery Protocol (NDP) cache of the source host by sending, to the source host, a first ARP message/unsolicited neighbor advertisement specifying a Media Access Control (MAC) address of an edge router associated with the source host in the second DC as a destination MAC address for the first destination host as taught by Kanekar and Rao with the inclusion of undiscovering the MAC address after receiving the ARP request after a second timeout thus discarding further messages made by the second network device as taught by Hellhake because the second network devices are unreachable. 

Regarding claim 6, Kanekar-Rao discloses the system of claim 1. Kanekar in view of Rao also doesn’t teach: wherein the MAC-IP bindings in the database for a second network device are selectively removed when the second network device misses a threshold number of message exchanges under the secondary protocol. In an analogous art, Hellhake teaches:
wherein the MAC-IP bindings in the database for a second network device are selectively removed when the second network device misses a threshold number of message exchanges under the secondary protocol ([0044], “When the intercepting device has a cached IP address and MAC address for the target, but the ARP request was received after the cache timeout (step 232), 
It would have been obvious to one skilled in the art, before the effective filling date of Applicant’s claimed invention to modify maintaining binding entries in a DHCP Snooping Database, wherein the stored binding entries includes the IP and MAC address for the particular node and updating an Address Resolution Protocol (ARP)/Neighbor Discovery Protocol (NDP) cache of the source host by sending, to the source host, a first ARP message/unsolicited neighbor advertisement specifying a Media Access Control (MAC) address of an edge router associated with the source host in the second DC as a destination MAC address for the first destination host as taught by Kanekar and Rao with the inclusion of undiscovering the MAC address after receiving the ARP request after a second timeout thus discarding further messages made by the second network device as taught by Hellhake because the second network devices are unreachable. 

Regarding claim 11, Kanekar-Rao discloses the system of claim 1. Kanekar in view of Rao also doesn’t teach: wherein the MAC-IP bindings in the database for a second network device are selectively removed when a message exchange under the secondary protocol with the second network device has not occurred for a threshold period of time. In an analogous art, Hellhake teaches:
wherein the MAC-IP bindings in the database for a second network device are selectively removed when a message exchange under the secondary protocol with the second network device has not occurred for a threshold period of time ([0044], “When the intercepting device has a cached IP address and MAC address for the target, but the ARP request was received after the cache timeout (step 232), another check is made in step 234. If the ARP request was received after a second timeout, which in this embodiment is two times the cache timeout used in step 232, the protocol ‘undiscovers’ the MAC address, and deletes it from the cache in step 236...”).
It would have been obvious to one skilled in the art, before the effective filling date of Applicant’s claimed invention to modify maintaining binding entries in a DHCP Snooping Database, wherein the 

Regarding claim 12, Kanekar-Rao discloses the method of claim 7. Kanekar in view of Rao also doesn’t teach: wherein the MAC-IP bindings in the database for a second network device are selectively removed when the second network device misses a threshold number of message exchanges under the secondary protocol. In an analogous art, Hellhake teaches:
wherein the MAC-IP bindings in the database for a second network device are selectively removed when the second network device misses a threshold number of message exchanges under the secondary protocol ([0044], “When the intercepting device has a cached IP address and MAC address for the target, but the ARP request was received after the cache timeout (step 232), another check is made in step 234. If the ARP request was received after a second timeout, which in this embodiment is two times the cache timeout used in step 232, the protocol ‘undiscovers’ the MAC address, and deletes it from the cache in step 236...”).
It would have been obvious to one skilled in the art, before the effective filling date of Applicant’s claimed invention to modify maintaining binding entries in a DHCP Snooping Database, wherein the stored binding entries includes the IP and MAC address for the particular node and updating an Address Resolution Protocol (ARP)/Neighbor Discovery Protocol (NDP) cache of the source host by sending, to the source host, a first ARP message/unsolicited neighbor advertisement specifying a Media Access Control (MAC) address of an edge router associated with the source host in the second DC as a destination MAC address for the first destination host as taught by Kanekar and Rao with the inclusion of undiscovering the MAC address after receiving the ARP request after a second timeout thus discarding 

Regarding claim 17, Kanekar-Rao discloses the non-transitory computer-readable medium of claim 13. Kanekar in view of Rao also doesn’t teach: wherein the MAC-IP bindings in the database for a second network device are selectively removed when a message exchange under the secondary protocol with the second network device has not occurred for a threshold period of time. In an analogous art, Hellhake teaches:
wherein the MAC-IP bindings in the database for a second network device are selectively removed when a message exchange under the secondary protocol with the second network device has not occurred for a threshold period of time ([0044], “When the intercepting device has a cached IP address and MAC address for the target, but the ARP request was received after the cache timeout (step 232), another check is made in step 234. If the ARP request was received after a second timeout, which in this embodiment is two times the cache timeout used in step 232, the protocol ‘undiscovers’ the MAC address, and deletes it from the cache in step 236...”).
It would have been obvious to one skilled in the art, before the effective filling date of Applicant’s claimed invention to modify maintaining binding entries in a DHCP Snooping Database, wherein the stored binding entries includes the IP and MAC address for the particular node and updating an Address Resolution Protocol (ARP)/Neighbor Discovery Protocol (NDP) cache of the source host by sending, to the source host, a first ARP message/unsolicited neighbor advertisement specifying a Media Access Control (MAC) address of an edge router associated with the source host in the second DC as a destination MAC address for the first destination host as taught by Kanekar and Rao with the inclusion of undiscovering the MAC address after receiving the ARP request after a second timeout thus discarding further messages made by the second network device as taught by Hellhake because the second network devices are unreachable. 

Regarding claim 18, Kanekar-Rao discloses the non-transitory computer-readable medium of claim 13. Kanekar in view of Rao also doesn’t teach: wherein the MAC-IP bindings in the database for a second network device are selectively removed when the second network device misses a threshold number of message exchanges under the secondary protocol. In an analogous art, Hellhake teaches:
wherein the MAC-IP bindings in the database for a second network device are selectively removed when the second network device misses a threshold number of message exchanges under the secondary protocol ([0044], “When the intercepting device has a cached IP address and MAC address for the target, but the ARP request was received after the cache timeout (step 232), another check is made in step 234. If the ARP request was received after a second timeout, which in this embodiment is two times the cache timeout used in step 232, the protocol ‘undiscovers’ the MAC address, and deletes it from the cache in step 236...”).
It would have been obvious to one skilled in the art, before the effective filling date of Applicant’s claimed invention to modify maintaining binding entries in a DHCP Snooping Database, wherein the stored binding entries includes the IP and MAC address for the particular node and updating an Address Resolution Protocol (ARP)/Neighbor Discovery Protocol (NDP) cache of the source host by sending, to the source host, a first ARP message/unsolicited neighbor advertisement specifying a Media Access Control (MAC) address of an edge router associated with the source host in the second DC as a destination MAC address for the first destination host as taught by Kanekar and Rao with the inclusion of undiscovering the MAC address after receiving the ARP request after a second timeout thus discarding further messages made by the second network device as taught by Hellhake because the second network devices are unreachable. 

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to LAM T DO whose telephone number is (571)272-7228.  The examiner can normally be reached on Monday - Friday 7:30 AM - 5:00 PM.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Follansbee can be reached on 571-272-3964.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/L.T.D/Examiner, Art Unit 2444                                                                                                                                                                                                        
/JOHN A FOLLANSBEE/Supervisory Patent Examiner, Art Unit 2444