DETAILED ACTION
	This application has been examined. Claims 1-20 are pending.
 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 8/3/2021 has been entered.
 
Response to Arguments
Applicant's arguments filed 8/3/2021 have been fully considered but they are moot in view of the new grounds for rejection.  
 
While Fu-Fernando-Daun substantially disclosed the claimed invention Fu-Fernando-Daun does not disclose (re. Claim 1) ‘receiving, at the leaf node device, a Border Gateway Protocol (BGP) message including an advertisement of a route to a host device’  --  and -- ‘determining, at the leaf node device, that the BGP message includes a BGP Extended Community attribute that is populated with a value that indicates the route is authenticated as secure’  
Beck Paragraph 4 disclosed advertising a secure BGP path performed by a processor of a computing device, such as a router. The method may include receiving an indication of a route prefix to advertise, determining one or more current security settings, generating a BGP message including indications of any current security settings as one or more path security attributes, and sending the BGP message including the one or more path security attributes.
Beck disclosed (re. Claim 1) ‘receiving, at the leaf node device, a Border Gateway Protocol (BGP) message including an advertisement of a route to a host device’ (Beck-Paragraph 26, As BGP messages that advertise paths are received by routers, the paths and their attributes may be stored in routing tables for use in routing packets along those paths  )  --  and -- ‘determining, at the leaf node device, that the BGP message includes a BGP Extended Community attribute (Beck-Paragraph 59, bit position 606 may indicate whether or not community security is applied by the AS )   that is populated with a value that indicates the route is authenticated as secure’  (Beck-Paragraph 29,Paragraph 59, the path security attribute 600 may be a byte value carried in a BGP message …The indication of the one or more types of security applied in the BGP message may provide transparency as to the local security measures implemented along an AS path ) 
Fu,Fernando  and Beck are analogous art because they present concepts and practices regarding facilitating inter-VXLAN network traffic such as network traffic to/from hosts 14 belonging to different VXLAN segments. At the time of the effective 

 
Priority
	 
	The effective date of the claims described in this application is January 8, 2020.


Information Disclosure Statement
 The Applicant is respectfully reminded that each individual associated with the filing and prosecution of a patent application has a duty of candor and good faith in dealing with the Office, which includes a duty to disclose to the Office all information known to that individual to be material to patentability as defined in 37 CFR  1.56.

There were no information disclosure statements filed with this application.

Claim Rejections - 35 USC § 103

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Fu (USPGPUB 2018/0176181) further in view of Fernando (USPGPUB 2017/0317919) further in view of Daun (USPGPUB 2020/0204517) further in view of Beck (USPGPUB 2019/0372886).

In regard to Claim 1
Fu Paragraph 19 disclosed wherein misbehaving devices can be detected and appropriate action taken even before they are "admitted" to pass traffic.
Fu Paragraph 24 disclosed wherein a data center network manager (DCNM) is a central management entity that performs overlay/underlay provisioning as well as managing and monitoring the data center. An endpoint repository can be maintained within the DCNM. The endpoint repository could also be stored externally, as long as it is accessible to the DCNM or the switch.  Fu Paragraph 26 disclosed wherein two leafs are interconnected via a single spine. A virtualized compute node is connected to each leaf, on which endpoints are spawned (in this case, virtual machines). The LDAP server hosts the endpoint repository.
Fu disclosed (re. Claim 1) a method of operating a leaf node device connected to a switch fabric, comprising:
 the switch first validates the end host with its identity, Paragraph 23, only an end host with a validated identity is admitted into the network and is subsequently allowed to send traffic and receive traffic ) creating or updating an entry for the host device (Fu-Paragraph 29, If the endpoint repository returns a match, then the endpoint is to be admitted. A new ARP entry for the endpoint may then be added to the ARP cache, which in turn will result in an appropriate /32 route being populated by remote leafs, thereby ensuring optimal reachability of information distribution within the fabric. )  in an endpoint repository of the leaf node device.   
While Fu substantially disclosed the claimed invention Fu does not disclose (re. Claim 1) ‘receiving, at the leaf node device, a Border Gateway Protocol (BGP) message including an advertisement of a route to a host device’  --  and -- ‘determining, at the leaf node device, that the BGP message includes a BGP Extended Community attribute that is populated with a value that indicates the route is authenticated as secure’ . 

While Fu substantially disclosed the claimed invention Fu does not disclose (re. Claim 1)  by the leaf node device, receiving from another leaf node device, via the switch fabric, an indication of a secure route to a host device.
While Fu substantially disclosed the claimed invention Fu does not disclose (re. Claim 1) a Dynamic Host Configuration Protocol (DHCP) snoop database of the leaf node device.  

Fernando Paragraph 50 disclosed wherein anchor nodes use a MAC mobility extended community attribute, which is advertised with a Route type 2 message (MAC/IP advertisement routes), to ensure that control plane learning VTEPs retain correct MAC/IP routes for hosts moving between control plane learning VTEPs and data plane learning VTEPs.

 
Fernando disclosed (re. Claim 1)  by the leaf node device, receiving from another leaf node device, via the switch fabric, an indication of a secure route to a host device.( Fernando- Paragraph 32,wherein after learning reachability information for locally attached hosts, control plane learning VTEPs advertise the locally attached host reachability information in the MP-BGP EVPN control plane to MP-BGP peers, enabling control plane learning VTEPs to learn reachability information for remote hosts in the MP-BGP EVPN control plane ) 
 Fu and Fernando are analogous art because they present concepts and practices regarding facilitating inter-VXLAN network traffic such as network traffic to/from hosts 14 belonging to different VXLAN segments. At the time of the effective filing date of the claimed invention it would have been obvious to combine Fernando into Fu.  The motivation for the said combination would have been to implement interoperability between control plane learning VTEPs and data plane learning VTEPs  such that  when a control plane learning VTEP receives VXLAN network traffic from an unknown VTEP (in other words, not learned through the control plane), the control plane learning VTEP drops VXLAN network traffic received from the unknown VTEP. (Fernando-Paragraph 35)
While Fu-Fernando  substantially disclosed the claimed invention Fu-Fernando does not disclose (re. Claim 1) ‘receiving, at the leaf node device, a Border Gateway Protocol (BGP) message including an advertisement of a route to a host device’  --  and -- ‘determining, at the leaf node device, that the BGP message includes a BGP Extended Community attribute that is populated with a value that indicates the route is authenticated as secure’ . 

While Fu-Fernando substantially disclosed the claimed invention Fu-Fernando does not disclose (re. Claim 1) a Dynamic Host Configuration Protocol (DHCP) snoop database of the leaf node device.  

Daun disclosed (re. Claim 1) a Dynamic Host Configuration Protocol (DHCP) snoop database of the leaf node device.  (Daun-Paragraph 22, snoops on these messages to discover both the MAC address of the requesting cable modem and the IP address assigned to it by the DHCP server 36, and updates its ARP/ND database 40 with the discovered information) 
Fu,Fernando and Daun are analogous art because they present concepts and practices regarding MAC-IP bindings for individual devices. At the time of the effective filing date of the claimed invention it would have been obvious to combine Daun into Fu-Fernando.  The motivation for the said combination would have been to ensure that the bindings listed in a device's database or cache are current.(Daun-Paragraph 9)
 Fu-Fernando-Daun disclosed (re. Claim 1) a leaf node device, receiving from another  leaf node device  an indication (Fernando-Type-2 route advertisement, Type-3 route advertisement, Paragraph 50, anchor nodes use a MAC mobility extended community attribute, which is advertised with a Route type 2 message (MAC/IP advertisement routes) … control plane learning VTEP can update a sequence number of the MAC mobility extended community, indicating that previously advertised MAC/IP routes for the host are no longer valid  ) that  a secure route to a host device is secure. (Fernando-Paragraph 33, As soon as leaf switch 22(1), leaf switch 22(2), and leaf switch 22(3) receive the route advertisement from leaf switch 22(4) (a BGP neighbor), leaf switch 22(1), leaf switch 22(2), and leaf switch 22(3) add the IP address of leaf switch 22(4) (here, VTEP4-IP) to a VTEP peer list (also referred to as a white list that identifies valid VTEP peers in overlay network 30) ,  Paragraph 51, route advertisement can define a route type as a MAC/IP advertisement route, an Ethernet tag ID as a VXLAN identifier of the VXLAN segment (here, VNI 20000), a MAC address of host 14(3) (here, H3-MAC), an lip address of host 14(3) (here, 2.2.2,3/24), and a next hop as leaf switch 22(4) (here, VTEP4-IP, the IP address of leaf switch 22(4))., Paragraph 52, Leaf switch 22(1) then transmits a update route advertisement (for example, a Route Type 2 message) to all control plane learning VTEPs  ) 
 
While Fu-Fernando-Daun substantially disclosed the claimed invention Fu-Fernando-Daun does not disclose (re. Claim 1) ‘receiving, at the leaf node device, a Border Gateway Protocol (BGP) message including an advertisement of a route to a host device’  --  and -- ‘determining, at the leaf node device, that the BGP message includes a BGP Extended Community attribute that is populated with a value that indicates the route is authenticated as secure’ . 
Beck Paragraph 4 disclosed advertising a secure BGP path performed by a processor of a computing device, such as a router. The method may include receiving an indication of a route prefix to advertise, determining one or more current security settings, generating a BGP message including indications of any current security settings as one or more path security attributes, and sending the BGP message including the one or more path security attributes.
receiving, at the leaf node device, a Border Gateway Protocol (BGP) message including an advertisement of a route to a host device’ (Beck-Paragraph 26, As BGP messages that advertise paths are received by routers, the paths and their attributes may be stored in routing tables for use in routing packets along those paths  )  --  and -- ‘determining, at the leaf node device, that the BGP message includes a BGP Extended Community attribute (Beck-Paragraph 59, bit position 606 may indicate whether or not community security is applied by the AS )   that is populated with a value that indicates the route is authenticated as secure’  (Beck-Paragraph 29,Paragraph 59, the path security attribute 600 may be a byte value carried in a BGP message …The indication of the one or more types of security applied in the BGP message may provide transparency as to the local security measures implemented along an AS path ) 
Fu,Fernando  and Beck are analogous art because they present concepts and practices regarding facilitating inter-VXLAN network traffic such as network traffic to/from hosts 14 belonging to different VXLAN segments. At the time of the effective filing date of the claimed invention it would have been obvious to combine Beck into Fu- Fernando.  The motivation for the said combination would have been to an indication of the one or more types of security applied in the BGP message in order to provide transparency as to the local security measures implemented along an AS path.   In this manner, though an AS may not be configured to handle the one or more path security attributes, when the AS advertises the route based on the BGP message, the one or more path security attributes may be preserved (Beck-Paragraph 29) 


In regard to Claim 9
Claim 9 (re. leaf node device) recites substantially similar limitations as Claim 1.  Claim 9 is rejected on the same basis as Claim 1.
In regard to Claim 16
Claim 16 (re. non-transitory computer-readable storage media) recites substantially similar limitations as Claim 1.  Claim 16 is rejected on the same basis as Claim 1.
In regard to Claim 2
 	Fu-Fernando-Daun-Beck disclosed (re. Claim 2) by the leaf node device, determining from the DHCP snoop database (Daun-Paragraph 22, snoops on these messages to discover both the MAC address of the requesting cable modem and the IP address assigned to it by the DHCP server 36, and updates its ARP/ND database 40 with the discovered information) of the leaf node device that the route to the host device is secure, and based at least in part on the determining, (Fernando-Type-2 route advertisement, Type-3 route advertisement, Paragraph 50, anchor nodes use a MAC mobility extended community attribute, which is advertised with a Route type 2 message (MAC/IP advertisement routes) … control plane learning VTEP can update a sequence number of the MAC mobility extended community, indicating that previously advertised MAC/IP routes for the host are no longer valid  ) communicating with the host device attached to the leaf node device. (Fernando-Paragraph 32, where leaf switch 22(2) receives the ARP request for host 14(2) from host 14(3) )  
In regard to Claim 3,10
 Fu-Fernando-Daun-Beck disclosed (re. Claim 3,10) wherein the switch fabric is an underlay for an Ethernet Virtual Private Network (EVPN) overlay.(Fernando-Paragraph 28, overlay network 30 can operate with a control plane in an Ethernet Virtual Private Network (EVPN) mode that drives control plane learning ) 
In regard to Claim 4,11
 Fu-Fernando-Daun-Beck disclosed (re. Claim 4,11) wherein the indication that the    route to the host device is secure is received  (Fernando-Paragraph 33, As soon as leaf switch 22(1), leaf switch 22(2), and leaf switch 22(3) receive the route advertisement from leaf switch 22(4) (a BGP neighbor), leaf switch 22(1), leaf switch 22(2), and leaf switch 22(3) add the IP address of leaf switch 22(4) (here, VTEP4-IP) to a VTEP peer list (also referred to as a white list that identifies valid VTEP peers in overlay network 30))  via a Border Gateway Protocol (BGP) update message from the other leaf node device.(Fernando- Paragraph 32,wherein after learning reachability information for locally attached hosts, control plane learning VTEPs advertise the locally attached host reachability information in the MP-BGP EVPN control plane to MP-BGP peers, enabling control plane learning VTEPs to learn reachability information for remote hosts in the MP-BGP EVPN control plane , Paragraph 32, leaf switch 22(2) has learned reachability information for host 14(2) from the MP-BGP EVPN control plane via Route Type 2 messages) 

In regard to Claim 5,12,17
 forwarding information (within and across subnets), including reachability information, such as MAC addresses and IP addresses, for every endpoint and/or host in overlay network 30…IP-to-MAC bindings for locally attached hosts 14 , Paragraph 51, route advertisement can define a route type as a MAC/IP advertisement route, an Ethernet tag ID as a VXLAN identifier of the VXLAN segment (here, VNI 20000), a MAC address of host 14(3) (here, H3-MAC), an lip address of host 14(3) (here, 2.2.2,3/24), and a next hop as leaf switch 22(4) (here, VTEP4-IP, the IP address of leaf switch 22(4))) 
In regard to Claim 6,13,18
 Fu-Fernando-Daun-Beck disclosed (re. Claim 6,13,18) by the leaf node device, receiving from the other leaf node device, via the switch fabric, an indication of a lease renewal time for the  route, (Daun-Paragraph 23, station maintenance message exchanges with each cable modem 34 and upon receipt of a response message from a cable modem 34 updates the Station Maintenance Database 44 as well as refreshes the MAC-IP bindings in the ARP/ND database by resetting a timer for the next message exchange ) wherein creating or updating the entry for the host device in the DHCP snoop database includes providing the lease renewal time in the entry. (Daun-Paragraph 23, scheduled maintenance messages for a predefined period of time before a timer expires) 
In regard to Claim 7,14,19
 station maintenance message exchanges with each cable modem 34 and upon receipt of a response message from a cable modem 34 updates the Station Maintenance Database 44 as well as refreshes the MAC-IP bindings in the ARP/ND database by resetting a timer for the next message exchange )  includes updating a lease expiration time for the host device in the entry. (Daun-Paragraph 23, scheduled maintenance messages for a predefined period of time before a timer expires) 

In regard to Claim 8,15,20
 Fu-Fernando-Daun-Beck disclosed (re. Claim 8,15,20) receiving an address resolution protocol (ARP) message from the host device; (Fernando-Paragraph 32, where leaf switch 22(2) receives the ARP request for host 14(2) from host 14(3) )  caching the ARP message; (Fu-Paragraph 29, If the endpoint repository returns a match, then the endpoint is to be admitted. A new ARP entry for the endpoint may then be added to the ARP cache, which in turn will result in an appropriate /32 route being populated by remote leafs, thereby ensuring optimal reachability of information distribution within the fabric, Fernando-Paragraph 60, information being tracked, sent, received, or stored could be provided in any database, register, table, cache, queue, control list, or storage structure )  and
validating the cached ARP message at least in part using the entry for the host device in the DHCP snoop database of the leaf node device.(Fu-Paragraph 29, If the endpoint repository returns a match, then the endpoint is to be admitted.)

 

Conclusion

Examiner’s Note: In the case of amending the claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention.
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Please refer to the enclosed PTO-892 form.
 

 Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREG C BENGZON whose telephone number is (571)272-3944.  The examiner can normally be reached on Monday - Friday 8 AM - 4:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Follansbee can be reached on (571) 272-3964.  The fax phone 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


	/GREG C BENGZON/           Primary Examiner, Art Unit 2444