DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1.	Claims 1-20 are pending.

Specification

2.	The abstract of the disclosure is objected to because the acronyms NIC, L2, BPDU and MAC should be defined with the abstract without the word count for the abstract exceeding 150 words.  Correction is required.  See MPEP § 608.01(b).

3.	The title of the invention is objected to because reciting the acronym “L2” which should replaced with “Layer-2” or similar wording.  Correction is required.  

Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

4.	Claims 1-2 and 5-9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Klein, US 2013/0301553 in view of ABDOU et al., "A Framework and Comparative Analysis of Control Plane Security of SDN and Conventional Networks", Cornell University Library, Computer Science, Networking and Internet Architecture; December 6, 2017, 14 pages (cited in the IDS 08/04/2021) hereafter ABDOU.

As claim 1, Klein discloses:
A method comprising: 
(Klein, FIG. 7, FIG. 8, 120, 124, [0055]-[0056], [0072]-[0073], Receiving, the AP 120, a first MPDU1 156 via the first port 124 of the AP 120), 
the first frame comprising a first media access control (MAC) address of a first compute instance that is a destination of the first frame, a second MAC address of a second compute instance that is a source of the first frame, and a Layer 2 (L2) protocol data unit (PDU) (Klein, FIG. 2, FIG. 7, FIG. 8, [0049], [0055]-[0056], [0067]-[0073], The received MPDU frame includes a source MAC address, a destination address and a MPDU), 
the first compute instance and the second compute instance being members of a virtual L2 network (Klein, FIG. 3, FIG. 7, FIG. 8, 122, [0053]-[0054], The first wireless station A 122 and second wireless station B 122 are logical ports of the virtual distributed bridge 200 which is Layer 2), 
the first compute instance hosted by a first host machine that is connected with the network virtualization device via a second port of the network virtualization device (Klein, FIG. 3, FIG. 8, 120, 122, 124, [0053]-[0054], The first wireless station A 122 connected with the AP 120 via a second virtual port 124 of the AP 120); 
determining, by the network virtualization device, that a loop prevention rule prevents transmission of a frame using a port (Klein, [0084], [0087], Determining, by the AP, that loop prevention blocks transmission of a frame using a port); 
determining, by the network virtualization device, that the first frame is to be transmitted via all ports of the network virtualization device (Klein, [0084], Determining, by the AP, the frame can be transmitted via all ports expect for the one port that the AP decides to block); and 
transmitting, by the network virtualization device, the first frame via all ports of the network virtualization device except the first port based on the loop prevention rule (Klein, [0084], [0087], Transmitting, by the AP, the frame on all the ports except for the blocked port based on loop prevention).

Klein does not explicitly disclose determining, by the network virtualization device, that a loop prevention rule prevents transmission of a frame using a port via which the frame was received and determining, by the network virtualization device, that the first frame is to be transmitted via all ports of the network virtualization device based on the second MAC address.

However, ABDOU discloses determining, by the network virtualization device, that a loop prevention rule prevents transmission of a frame using a port via which the frame was received and determining, by the network virtualization device, that the first frame is to be transmitted via all ports of the network virtualization device based on the second MAC address (ABDOU, page 3, column 2: see Section “IV. L2 Networks” – “A. Basic Forwarding”, Determining the first/source MAC address is not in the table, the frame is flooded/broadcasted to the other machines connected to with the switch/network virtualization device).

(ABDOU, page 3, column 2: see “IV. L2 Networks”).

As claim 2, Klein discloses:
The network virtualization device is separate from the first host machine (Klein, FIG. 1, 120, 122, [0042], Access Point 120 is separate from the wireless station 122) and is connected with a network interface card of the first host machine via the second port (Klein, FIG. 18, 600, FIG. 19, 600, [0098], Is connected via network interface module 600 on the wireless station).

As claim 5, Klein does not explicitly disclose:
Transmitting, by the network virtualization device to the first compute instance via the second port, a bridge protocol data unit (BPDU); determining, by the network virtualization device, that no BPDU is received back from the first compute instance; determining, by the network virtualization device, that no loop exists between the network virtualization device and the first compute instance; receiving, by the network virtualization device, a second frame that comprises the first MAC address as a 

However, ABDOU discloses transmitting, by the network virtualization device to the first compute instance via the second port, a bridge protocol data unit (BPDU); determining, by the network virtualization device, that no BPDU is received back from the first compute instance; determining, by the network virtualization device, that no loop exists between the network virtualization device and the first compute instance; receiving, by the network virtualization device, a second frame that comprises the first MAC address as a destination address; and transmitting, by the network virtualization device, the second frame via the second port to the first compute instance based on determining that no loop exists (ABDOU, page 3, column 2: see Section “IV. L2 Networks” – “A. Basic Forwarding”, Determining the MAC address is not in the table, adding/updating the table with the MAC address, forwarding the frame by looking up the destination MAC address and forwarding it to the identified port).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Klein with transmitting, by the network virtualization device to the first compute instance via the second port, a bridge protocol data unit (BPDU); determining, by the network virtualization device, that no BPDU is received back from the first compute instance; determining, by the network virtualization device, that no loop exists between the network virtualization device and (ABDOU, page 3, column 2: see “IV. L2 Networks”).

As claim 6, Klein does not explicitly disclose:
Determining, by the network virtualization device, that the first MAC address is not included in a forwarding table of the network virtualization device; and broadcasting, by the network virtualization device, the frame via ports of the network virtualization device except the first port.

However, ABDOU discloses determining, by the network virtualization device, that the first MAC address is not included in a forwarding table of the network virtualization device; and broadcasting, by the network virtualization device, the frame via ports of the network virtualization device except the first port (ABDOU, page 3, column 2: see Section “IV. L2 Networks” – “A. Basic Forwarding”, Determining the first/source MAC address is not in the table, flooding/broadcasting the frame on all ports except for the received port).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Klein with determining, (ABDOU, page 3, column 2: see “IV. L2 Networks”).

As claim 7, Klein does not explicitly disclose:
Determining, by the network virtualization device, that the second MAC address is not included in the forwarding table; updating, by the network virtualization device, the forwarding table by at least including in the forwarding table an association between the second MAC address and the second port; receiving, by the network virtualization device via the second port, a second frame that comprises the second MAC address as a destination address of the second frame; and transmitting, by the network virtualization device based on the association in the forwarding table, the second frame via the first port and not via the other ports of the network virtualization device.

However, ABDOU discloses determining, by the network virtualization device, that the second MAC address is not included in the forwarding table; updating, by the network virtualization device, the forwarding table by at least including in the forwarding table an association between the second MAC address and the second port; receiving, by the network virtualization device via the second port, a second frame that comprises the second MAC address as a destination address of the second frame; and transmitting, by the network virtualization device based on the association in the (ABDOU, page 3, column 2: see Section “IV. L2 Networks” – “A. Basic Forwarding”, Determining the MAC address is not in the table, adding/updating the table with the MAC address, forwarding the frame by looking up the destination MAC address and forwarding it to the identified port).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Klein with determining, by the network virtualization device, that the second MAC address is not included in the forwarding table; updating, by the network virtualization device, the forwarding table by at least including in the forwarding table an association between the second MAC address and the second port; receiving, by the network virtualization device via the second port, a second frame that comprises the second MAC address as a destination address of the second frame; and transmitting, by the network virtualization device based on the association in the forwarding table, the second frame via the first port and not via the other ports of the network virtualization device as taught by ABDOU to provide enhanced security risk analysis and mitigation (ABDOU, page 3, column 2: see “IV. L2 Networks”).

As claim 8, Klein does not explicitly disclose:
Receiving, by the network virtualization device, a second frame that includes the second MAC address as a destination address; and determining, by the network virtualization device, that the first MAC address is not included in a forwarding table of 

However, ABDOU discloses receiving, by the network virtualization device, a second frame that includes the second MAC address as a destination address; and determining, by the network virtualization device, that the first MAC address is not included in a forwarding table of the network virtualization device, wherein the second frame is broadcasted to another network virtualization device that is connected with the network virtualization device over a switch network (ABDOU, page 3, column 2: see Section “IV. L2 Networks” – “A. Basic Forwarding”, Determining the first/source MAC address is not in the table, the frame is flooded/broadcasted to the other machines connected to with the switch/network virtualization device).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Klein with receiving, by the network virtualization device, a second frame that includes the second MAC address as a destination address; and determining, by the network virtualization device, that the first MAC address is not included in a forwarding table of the network virtualization device, wherein the second frame is broadcasted to another network virtualization device that is connected with the network virtualization device over a switch network as taught by ABDOU to provide enhanced security risk analysis and mitigation (ABDOU, page 3, column 2: see “IV. L2 Networks”).

As claim 9, Klein does not explicitly disclose:
Determining that the first MAC address is not included in a forwarding table of the network virtualization device, wherein the first frame is broadcasted to compute instances hosted on host machines that are connected with the network virtualization device.

However, ABDOU discloses determining that the first MAC address is not included in a forwarding table of the network virtualization device, wherein the first frame is broadcasted to compute instances hosted on host machines that are connected with the network virtualization device (ABDOU, page 3, column 2: see Section “IV. L2 Networks” – “A. Basic Forwarding”, Determining the first/source MAC address is not in the table, the frame is flooded/broadcasted to the other machines connected to with the switch/network virtualization device).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Klein with determining that the first MAC address is not included in a forwarding table of the network virtualization device, wherein the first frame is broadcasted to compute instances hosted on host machines that are connected with the network virtualization device as taught by ABDOU to provide enhanced security risk analysis and mitigation (ABDOU, page 3, column 2: see “IV. L2 Networks”).

Claims 3-4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Klein, US 2013/0301553 in view of ABDOU as applied to claim 1 above, and further in view of Lindeborg et al, US 6,857,027. 

As claim 3, the combination of Klein and ABDOU does not explicitly disclose:
Transmitting, by the network virtualization device to the first compute instance via the second port, a bridge protocol data unit (BPDU); responsive to transmitting the BPDU, receiving, by the network virtualization device from the first compute instance via the second port, the BPDU; and responsive to receiving the BPDU, determining, by the network virtualization device, that a loop exists between the network virtualization device and the first compute instance.

However, Lindeborg discloses transmitting, by the network virtualization device to the first compute instance via the second port, a bridge protocol data unit (BPDU) (Lindeborg, Fig. 2, 46, Forwarding/transmitting/forwarding via the external communication port, a BPDU); responsive to transmitting the BPDU, receiving, by the network virtualization device from the first compute instance via the second port, the BPDU (Lindeborg, Fig. 2, 48, column 6, lines 28-31, Responsive to forwarding/transmitting the BPDU, receiving via the external communication port the BPDU); and responsive to receiving the BPDU, determining, by the network virtualization device, that a loop exists between the network virtualization device and the first compute instance (Lindeborg, Fig. 2, 52, 54, column 6, lines 37-56, Responsive to receiving the BPDU determining that a loop exists between the device and the source based on the BPDU MAC address information).

It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of the teachings of Klein and ABDOU with transmitting, by the network virtualization device to the first compute instance via the second port, a bridge protocol data unit (BPDU); responsive to transmitting the BPDU, receiving, by the network virtualization device from the first compute instance via the second port, the BPDU; and responsive to receiving the BPDU, determining, by the network virtualization device, that a loop exists between the network virtualization device and the first compute instance as taught by Lindeborg to avoid bridge loops and potential broadcast storms (Lindeborg, column 2, lines 56-63). 

As claim 4, Klein not explicitly disclose:
Responsive to determining that the loop exists between the network virtualization device and the first compute instance, disabling, by the network virtualization device, the second port; ORA200446-US-NP (IaaS #42)83receiving, by the network virtualization device, a second frame that comprises the first MAC address as a destination address; and preventing, by the network virtualization device, transmission of the second frame via the second port.  

However, ABDOU discloses responsive to determining that the loop exists between the network virtualization device and the first compute instance, disabling, by the network virtualization device, the second port; ORA200446-US-NP (IaaS #42)83receiving, by the network (ABDOU, page 3, column 2: see Section “IV. L2 Networks” – “A. Basic Forwarding”, Determining a match exists, disabling/blocking transmission from a port, receiving a frame that has a MAC address that matches to the table and preventing transmission from the identified port).  

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Klein with responsive to determining that the loop exists between the network virtualization device and the first compute instance, disabling, by the network virtualization device, the second port; ORA200446-US-NP (IaaS #42)83receiving, by the network virtualization device, a second frame that comprises the first MAC address as a destination address; and preventing, by the network virtualization device, transmission of the second frame via the second port as taught by ABDOU to provide enhanced security risk analysis and mitigation (ABDOU, page 3, column 2: see “IV. L2 Networks”).

6.	Claims 10-11 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Klein, US 2013/0301553 in view of Lindeborg et al, US 6,857,027 hereafter Lindeborg.

As claim 10, Klein discloses:
A network virtualization device (Klein, FIG. 8, 120, The Access Point 120) comprising: 
(Klein, FIG. 8, 124, 252, [0071], The plurality of ports 124, 252) comprising a first port connected with a first host machine hosting a first computer instance (Klein, FIG. 8, 120, 122, 124, [0053]-[0054], A virtual port wPort2 124 connected with the first wireless station A), a second port connected with a second machine hosting a second computer instance (Klein, FIG. 8, 120, 122, 124, [0053]-[0054], A virtual port wPort3 124 connected with the first wireless station B), and a third port connected with a network switch (Klein, FIG. 8, 252, 250, [0071], The third port/”Port1” 252  Wired Bridge A 250), 
the first compute instance and the second compute instance being members of a virtual Layer 2 (L2) network (Klein, FIG. 3, FIG. 7, FIG. 8, 122, [0053]-[0054], The first wireless station A 122 and second wireless station B 122 are logical ports of the virtual distributed bridge 200 which is Layer 2); 
one or more processors (Klein, FIG. 19, 606, [0098], The processing module 606); and one or more memories storing instructions (Klein, FIG. 19, 604, [0098], The memory 604), that upon execution by the one or more processors, configure the network virtualization device to: 
transmit, to the first compute instance via the first port, a first frame that includes a first L2 bridge protocol data unit (BPDU) (Klein, FIG. 9, 120, 274, 286, [0075], Issue/transmit, to the wireless station, a BDPU 286 from the controller module 274 of the AP 120); receive, from the first compute instance via the first port, a second frame (Klein, FIG. 9, Receive, from the wireless station, the MSDU/second frame). 



However, Lindeborg discloses receive, from the first compute instance via the first port, a second frame (Lindeborg, Fig. 2, 48, column 6, lines 28-31, Receive, via the external communication port, a frame); determine that the second frame comprises the first L2 BPDU (Lindeborg, Fig. 2, 48, 50, column 6, lines 28-56, Detect the frame is a BPDU); and determine that a loop exists between the network virtualization device and the first compute instance based on the first L2 BPDU of the second frame (Lindeborg, Fig. 2, 52, 54, column 6, lines 37-56, Determine that a loop exists between the device and the source based on the BPDU MAC address information).

It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Klein with receive, from the first compute instance via the first port, a second frame; determine that the second frame comprises the first L2 BPDU; and determine that a loop exists between the network virtualization device and the first compute instance based on the first L2 BPDU of the second frame as taught by Lindeborg to avoid bridge loops and potential broadcast storms (Lindeborg, column 2, lines 56-63). 

As claim 11, Klein discloses:
(Klein, [0084]-[0087], Block/disable a determined port, receiving subsequent frame that include source MAC addresses and transmitting via all ports expect for the one port that the AP decides to block).

As claim 15, Klein discloses:
One or more non-transitory computer-readable storage media storing instructions that, upon execution on a network virtualization device, cause the network virtualization device to perform operations comprising: 
receiving a first frame via a first port of the network virtualization device (Klein, FIG. 7, FIG. 8, 120, 124, [0055]-[0056], [0072]-[0073], Receiving, the AP 120, a first MPDU1 156 via the first port 124 of the AP 120), 
the first frame comprising a first media access control (MAC) address of a first compute instance that is a source of the first frame (Klein, FIG. 2, FIG. 7, FIG. 8, [0049], [0055]-[0056], [0067]-[0073], The received MPDU frame includes a source MAC address), 
a second MAC address of a second compute instance that is a destination of the first frame, and a Layer 2 (L2) protocol data unit (PDU) (Klein, FIG. 2, FIG. 7, FIG. 8, [0049], [0055]-[0056], [0067]-[0073], The received MPDU frame includes a destination address and a MPDU), 
(Klein, FIG. 3, FIG. 7, FIG. 8, 122, [0053]-[0054], The first wireless station A 122 and second wireless station B 122 are logical ports of the virtual distributed bridge 200 which is Layer 2), 
the first compute instance hosted by a first host machine that is connected with the network virtualization device via a second port (Klein, FIG. 3, FIG. 8, 120, 122, 124, [0053]-[0054], The first wireless station A 122 connected with the AP 120 via a second virtual port 124 of the AP 120); 
determining that a loop prevention rule prevents transmission of a frame using a port (Klein, [0084], [0087], Determining, by the AP, that loop prevention blocks transmission of a frame using a port); 
determining that the first frame is to be transmitted via all ports of the network virtualization device (Klein, [0084], Determining, by the AP, the frame can be transmitted via all ports expect for the one port that the AP decides to block); 
transmitting the first frame via all ports of the network virtualization device except the first port based on the loop prevention rule (Klein, [0084], [0087], Transmitting, by the AP, the frame on all the ports except for the blocked port based on loop prevention); 
transmitting, to the first compute instance via the second port, a second frame that includes a bridge protocol data unit (BPDU) (Klein, FIG. 9, 120, 274, 286, [0075], Issue/transmit, to the wireless station, a BDPU 286 from the controller module 274 of the AP 120).



However, Lindeborg discloses determining, by the network virtualization device, that a loop prevention rule prevents transmission of a frame using a port via which the frame was received (Lindeborg, Fig. 2, 54, column 6, lines 57-65, Determining that a loop prevention rule prevents transmission (Fig. 2, step 54) of data units using a communication port which the BPDU was received on in step Fig. 2, step 50) and determining, by the network virtualization device, that the first frame is to be transmitted via all ports of the network virtualization device based on the second MAC address (Lindeborg, Fig. 2, 52, 54, column 6, lines 37-56, Determine that a loop exists between the device and the source based on the BPDU MAC address information), determining that a loop exists between the network virtualization device and the first compute instance based on receiving the BPDU back from the first compute instance (Lindeborg, Fig. 2, 52, 54, column 6, lines 37-56, Determine that a loop exists between the device and the source based on the received BPDU from the source).

(Lindeborg, column 2, lines 56-63). 

7.	Claim 12-13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Klein, US 2013/0301553 in view of Lindeborg et al, US 6,857,027 as applied to claim 10 above, and further in view of Mahajan et al, US 7,606,177 (as cited in the IDS dated 08/04/2021) hereafter Mahajan.  

As claim 12, the combination of Klein and Lindeborg does not explicitly disclose:
Transmit, to the second compute instance via the second port, a third frame that includes a second L2 BPDU; determine that the second L2 BPDU is not received back from the second compute instance; and determine that no loop exists between the network virtualization device and the second compute instance.

However, Mahajan discloses transmit, to the second compute instance via the second port, a third frame that includes a second L2 BPDU (Mahajan, column 10, lines 35-67, column 11, lines 1-45, Transmitting BPDU messages from a plurality of ports); determine that the second L2 BPDU is not received back from the second compute instance (Mahajan, column 10, lines 25-67, column 11, lines 1-45, Determining that the transmitted BPDU messages are not received back since there is not a match for the received messages); and determine that no loop exists between the network virtualization device and the second compute instance (Mahajan, column 10, lines 25-67, column 11, lines 1-45 If a match is not detected then determining that no loop exists).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of the teachings of Klein and Lindeborg with transmit, to the second compute instance via the second port, a third frame that includes a second L2 BPDU; determine that the second L2 BPDU is not received back from the second compute instance; and determine that no loop exists between the network virtualization device and the second compute instance as taught by Mahajan for improving and facilitating the identification and selection of loop-free topologies in computer networks (Mahajan, column 1, lines 23-26).

As claim 13, the combination of Klein and Lindeborg does not explicitly disclose:
Receive a fourth frame that comprises a MAC address of the second compute instance as a destination address; and transmit the fourth frame via the second port responsive to determining that no loop exists.

(Mahajan, column 10, line 25-67, column 11, lines 1-45 ); and transmit the fourth frame via the second port responsive to determining that no loop exists (Mahajan, column 10, line 25-67, column 11, lines 1-45 ).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of the teachings of Klein and Lindeborg with receive a fourth frame that comprises a MAC address of the second compute instance as a destination address; and transmit the fourth frame via the second port responsive to determining that no loop exists as taught by Mahajan for improving and facilitating the identification and selection of loop-free topologies in computer networks (Mahajan, column 1, lines 23-26).

8.	Claims 14 and 16-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Klein, US 2013/0301553 in view of Lindeborg et al, US 6,857,027 as applied to claim 10 above, and further in view of ABDOU et al., "A Framework and Comparative Analysis of Control Plane Security of SDN and Conventional Networks", Cornell University Library, Computer Science, Networking and Internet Architecture; December 6, 2017, 14 pages (cited in the IDS 08/04/2021) hereafter ABDOU. 

As claim 14, Klein discloses:
(Klein, FIG. 2, FIG. 7, FIG. 8, [0049], [0055]-[0056], [0067]-[0073], The received MPDU frame includes a source MAC address, a destination address and a MPDU).

The combination of Klein and Lindeborg does not explicitly disclose determine that a loop prevention rule prevents transmission of a frame using a port via which the frame was received; determine that the third frame is to be transmitted via all ports of the network virtualization device based on the second MAC address; and transmit the third frame via all ports of the network virtualization device except the second port based on the loop prevention rule.

As claim 16, the combination of Klein and Lindeborg does not explicitly disclose:
Determining that the first MAC address is not included in a forwarding table of the network virtualization device; and broadcasting the frame via ports of the network virtualization device except the first port.

However, ABDOU discloses determining that the first MAC address is not included in a forwarding table of the network virtualization device; and broadcasting the frame via ports of the network virtualization device except the first port (ABDOU, page 3, column 2: see Section “IV. L2 Networks” – “A. Basic Forwarding”, Determining the first/source MAC address is not in the table, flooding/broadcasting the frame on all ports except for the received port).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of the teachings of Klein and Lindeborg with determining that the first MAC address is not included in a forwarding table of the network virtualization device; and broadcasting the frame via ports of the network virtualization device except the first port as taught by ABDOU to provide enhanced security risk analysis and mitigation (ABDOU, page 3, column 2: see “IV. L2 Networks”).

As claim 17, the combination of Klein and Lindeborg does not explicitly disclose:
Determining that the second MAC address is not included in the forwarding table; updating the forwarding table by at least including in the forwarding table an association between the second MAC address and the first port; receiving, via the second port, a third frame that comprises the second MAC address as a destination address of the third frame; and transmitting, based on the association in the forwarding table, the third frame via the first port and not the other ports of the network virtualization device.

However, ABDOU discloses determining that the second MAC address is not included in the forwarding table; updating the forwarding table by at least including in the forwarding table an association between the second MAC address and the first port; (ABDOU, page 3, column 2: see Section “IV. L2 Networks” – “A. Basic Forwarding”, Determining the MAC address is not in the table, adding/updating the table with the MAC address, forwarding the frame by looking up the destination MAC address and forwarding it to the identified port).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of the teachings of Klein and Lindeborg with determining that the second MAC address is not included in the forwarding table; updating the forwarding table by at least including in the forwarding table an association between the second MAC address and the first port; receiving, via the second port, a third frame that comprises the second MAC address as a destination address of the third frame; and transmitting, based on the association in the forwarding table, the third frame via the first port and not the other ports of the network virtualization device as taught by ABDOU to provide enhanced security risk analysis and mitigation (ABDOU, page 3, column 2: see “IV. L2 Networks”).

As claim 18, the combination of Klein and Lindeborg does not explicitly disclose:
Determining that the first MAC address is not included in a forwarding table of the network virtualization device, wherein the first frame is broadcasted to another network 

However, ABDOU discloses determining that the first MAC address is not included in a forwarding table of the network virtualization device, wherein the first frame is broadcasted to another network virtualization device that is connected to the network virtualization device over a switch network (ABDOU, page 3, column 2: see Section “IV. L2 Networks” – “A. Basic Forwarding”, Determining the first/source MAC address is not in the table, the frame is flooded/broadcasted to the other machines connected to with the switch/network virtualization device).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of the teachings of Klein and Lindeborg with determining that the first MAC address is not included in a forwarding table of the network virtualization device, wherein the first frame is broadcasted to another network virtualization device that is connected to the network virtualization device over a switch network as taught by ABDOU to provide enhanced security risk analysis and mitigation (ABDOU, page 3, column 2: see “IV. L2 Networks”).

As claim 19, the combination of Klein and Lindeborg does not explicitly disclose:
Determining that the first MAC address is not included in a forwarding table of the network virtualization device, wherein the first frame is broadcasted to other compute 

However, ABDOU discloses determining that the first MAC address is not included in a forwarding table of the network virtualization device, wherein the first frame is broadcasted to other compute instances that are hosted on host machines connected with the network virtualization device (ABDOU, page 3, column 2: see Section “IV. L2 Networks” – “A. Basic Forwarding”, Determining the first/source MAC address is not in the table, the frame is flooded/broadcasted to the other machines connected to with the switch/network virtualization device).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of the teachings of Klein and Lindeborg with determining that the first MAC address is not included in a forwarding table of the network virtualization device, wherein the first frame is broadcasted to other compute instances that are hosted on host machines connected with the network virtualization device as taught by ABDOU to provide enhanced security risk analysis and mitigation (ABDOU, page 3, column 2: see “IV. L2 Networks”).

As claim 20, the combination of Klein and Lindeborg does not explicitly disclose:
Disabling the second port based on the loop; receiving a third frame that comprises the first MAC address as a destination address; and preventing transmission of the third frame via the second port.

However, ABDOU discloses disabling the second port based on the loop; receiving a third frame that comprises the first MAC address as a destination address; and preventing transmission of the third frame via the second port (ABDOU, page 3, column 2: see Section “IV. L2 Networks” – “A. Basic Forwarding”, Preventing transmission/reception from an identified port, receiving a frame with a matched destination MAC address and preventing transmission from the identified port).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of the teachings of Klein and Lindeborg with disabling the second port based on the loop; receiving a third frame that comprises the first MAC address as a destination address; and preventing transmission of the third frame via the second port as taught by ABDOU to provide enhanced security risk analysis and mitigation (ABDOU, page 3, column 2: see “IV. L2 Networks”).

Conclusion

9.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Manthiramoorthy et al, US 2018/0026872 discloses identifying a port, on a network device that is in a blocking state. The blocking state can be for dropping one or more types of packets, such as data packets or non-control packets, and preventing the port from forwarding the one or more types of packets.

10.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENEE HOLLAND whose telephone number is (571)270-7196. The examiner can normally be reached 8:30 AM - 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, IAN MOORE can be reached on (571)272-3085. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

JENEE HOLLAND
Examiner
Art Unit 2469