DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1.	Claims 1-20 are pending.

Response to Arguments

2.	In light of the amendments to the abstract, the objection to the specification/abstract is withdrawn and the new abstract is entered. 

3.	In light of the amendments to the title, the objection to the specification/title is withdrawn and the new abstract is title is entered.

4.	In light of the amendments to the claims 1-9 and 15-20 dated 06/30/2022, the 35 U.S.C. 103 rejection of claims 1-9 and 15-20 is withdrawn. 

Claim Objections

5.	Claims 15-20 are objected to because of the following informalities:  
Claim 15 recites, non-functional descriptive material limitations, “One or more non-transitory computer-readable storage media storing instructions… to perform operations comprising…” in lines 1-3. 
“One or more non-transitory computer-readable storage media merely serves a support for data instructions, and the data instruction will not impart/convey a patentable distinction when no functional relationship exists.
In particular, a non-transitory computer readable storage medium cannot process data instruction alone, and require enabling a computer processor/CPU to process the data instruction in order to impart/convey a patentable distinction of a claim.
As such, the functional language, “executing/processing data instruction stored in a non-transitory computer readable medium by a CPU or a computer processor” adds functional relationship to the clamed invention. 
See Lowry, 32 F.3d at 1583-84, 32 USPQ2d at 1035. (also see MPEP 2111.05 III). 
Dependent claims 16-20 are objected to for similar reasons as independent claim 15.  Appropriate correction is required.

Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

6.	Claim 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Klein, US 2013/0301553 in view of Lindeborg et al, US 6,857,027 hereafter Lindeborg and further in view of Lindstrom, US 2014/0092725. 

As claim 15, Klein discloses:
One or more non-transitory computer-readable storage media storing instructions that, upon execution on a network virtualization device, cause the network virtualization device to perform operations comprising: 
receiving a first frame via a first port of the network virtualization device (Klein, FIG. 7, FIG. 8, 120, 124, [0055]-[0056], [0072]-[0073], Receiving, the AP 120, a first MPDU1 156 via the first port 124 of the AP 120), 
the first frame comprising a first media access control (MAC) address of a first compute instance that is a source of the first frame (Klein, FIG. 2, FIG. 7, FIG. 8, [0049], [0055]-[0056], [0067]-[0073], The received MPDU frame includes a source MAC address), 
a second MAC address of a second compute instance that is a destination of the first frame, and a Layer 2 (L2) protocol data unit (PDU) (Klein, FIG. 2, FIG. 7, FIG. 8, [0049], [0055]-[0056], [0067]-[0073], The received MPDU frame includes a destination address and a MPDU), 
the first compute instance and the second compute instance being members of a virtual L2 network (Klein, FIG. 3, FIG. 7, FIG. 8, 122, [0053]-[0054], The first wireless station A 122 and second wireless station B 122 are logical ports of the virtual distributed bridge 200 which is Layer 2), 
the first compute instance hosted by a first host machine that is connected with the network virtualization device via a second port (Klein, FIG. 3, FIG. 8, 120, 122, 124, [0053]-[0054], The first wireless station A 122 connected with the AP 120 via a second virtual port 124 of the AP 120); 
determining that a loop prevention rule prevents transmission of a frame using a port (Klein, [0084], [0087], Determining, by the AP, that loop prevention blocks transmission of a frame using a port); 
determining that the first frame is to be transmitted via all ports of the network virtualization device (Klein, [0084], Determining, by the AP, the frame can be transmitted via all ports expect for the one port that the AP decides to block); 
transmitting the first frame via all ports of the network virtualization device except the first port based on the loop prevention rule (Klein, [0084], [0087], Transmitting, by the AP, the frame on all the ports except for the blocked port based on loop prevention); 
transmitting, to the first compute instance via the second port, a second frame that includes a bridge protocol data unit (BPDU) (Klein, FIG. 9, 120, 274, 286, [0075], Issue/transmit, to the wireless station, a BDPU 286 from the controller module 274 of the AP 120).

Klein does not explicitly disclose determining, by the network virtualization device, that a loop prevention rule prevents transmission of a frame using a port via which the frame was received and determining, by the network virtualization device, that the first frame is to be transmitted via all ports of the network virtualization device based on the second MAC address, determining that a loop exists between the network virtualization device and the first compute instance based on receiving the BPDU back from the first compute instance.

However, Lindeborg discloses determining, by the network virtualization device, that a loop prevention rule prevents transmission of a frame using a port via which the frame was received (Lindeborg, Fig. 2, 54, column 6, lines 57-65, Determining that a loop prevention rule prevents transmission (Fig. 2, step 54) of data units using a communication port which the BPDU was received on in step Fig. 2, step 50) and determining, by the network virtualization device, that the first frame is to be transmitted via all ports of the network virtualization device based on the second MAC address (Lindeborg, Fig. 2, 52, 54, column 6, lines 37-56, Determine that a loop exists between the device and the source based on the BPDU MAC address information), determining that a loop exists between the network virtualization device and the first compute instance based on receiving the BPDU back from the first compute instance (Lindeborg, Fig. 2, 52, 54, column 6, lines 37-56, Determine that a loop exists between the device and the source based on the received BPDU from the source).

It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Klein with determining, by the network virtualization device, that a loop prevention rule prevents transmission of a frame using a port via which the frame was received and determining, by the network virtualization device, that the first frame is to be transmitted via all ports of the network virtualization device based on the second MAC address, determining that a loop exists between the network virtualization device and the first compute instance based on receiving the BPDU back from the first compute instance as taught by Lindeborg to avoid bridge loops and potential broadcast storms (Lindeborg, column 2, lines 56-63). 

The combination of Klein and Lindeburg does not explicitly disclose generate a first L2 bridge protocol data unit (BPDU) by applying a spanning tree protocol only on the first port of the network virtualization device.

However, Lindstrom discloses generate a first L2 bridge protocol data unit (BPDU) by applying a spanning tree protocol only on the first port of the network virtualization device (Lindstrom, [0008], One port is elected as Layer 2 Gateway Ports (L2GPs), which will define the border of a domain in which the STP algorithm is active).

It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of the teachings of Klein and Lindeburg with generate a first L2 bridge protocol data unit (BPDU) by applying a spanning tree protocol only on the first port of the network virtualization device as taught by Lindstrom to reduce, convergence time in an Ethernet network configured as an STP domain (Lindstrom, [0015]).

7.	Claims 16-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Klein, US 2013/0301553 in view of Lindeborg et al, US 6,857,027 in view of Lindstrom, US 2014/0092725  as applied to claim 10 above, and further in view of ABDOU et al., "A Framework and Comparative Analysis of Control Plane Security of SDN and Conventional Networks", Cornell University Library, Computer Science, Networking and Internet Architecture; December 6, 2017, 14 pages (cited in the IDS 08/04/2021) hereafter ABDOU. 

As claim 16, the combination of Klein, Lindeborg and Lindstrom does not explicitly disclose:
Determining that the first MAC address is not included in a forwarding table of the network virtualization device; and broadcasting the frame via ports of the network virtualization device except the first port.

However, ABDOU discloses determining that the first MAC address is not included in a forwarding table of the network virtualization device; and broadcasting the frame via ports of the network virtualization device except the first port (ABDOU, page 3, column 2: see Section “IV. L2 Networks” – “A. Basic Forwarding”, Determining the first/source MAC address is not in the table, flooding/broadcasting the frame on all ports except for the received port).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of the teachings of Klein and Lindeborg with determining that the first MAC address is not included in a forwarding table of the network virtualization device; and broadcasting the frame via ports of the network virtualization device except the first port as taught by ABDOU to provide enhanced security risk analysis and mitigation (ABDOU, page 3, column 2: see “IV. L2 Networks”).

As claim 17, the combination of Klein, Lindeborg and Lindstrom does not explicitly disclose:
Determining that the second MAC address is not included in the forwarding table; updating the forwarding table by at least including in the forwarding table an association between the second MAC address and the first port; receiving, via the second port, a third frame that comprises the second MAC address as a destination address of the third frame; and transmitting, based on the association in the forwarding table, the third frame via the first port and not the other ports of the network virtualization device.

However, ABDOU discloses determining that the second MAC address is not included in the forwarding table; updating the forwarding table by at least including in the forwarding table an association between the second MAC address and the first port; receiving, via the second port, a third frame that comprises the second MAC address as a destination address of the third frame; and transmitting, based on the association in the forwarding table, the third frame via the first port and not the other ports of the network virtualization device (ABDOU, page 3, column 2: see Section “IV. L2 Networks” – “A. Basic Forwarding”, Determining the MAC address is not in the table, adding/updating the table with the MAC address, forwarding the frame by looking up the destination MAC address and forwarding it to the identified port).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of the teachings of Klein, Lindeborg and Lindstrom with determining that the second MAC address is not included in the forwarding table; updating the forwarding table by at least including in the forwarding table an association between the second MAC address and the first port; receiving, via the second port, a third frame that comprises the second MAC address as a destination address of the third frame; and transmitting, based on the association in the forwarding table, the third frame via the first port and not the other ports of the network virtualization device as taught by ABDOU to provide enhanced security risk analysis and mitigation (ABDOU, page 3, column 2: see “IV. L2 Networks”).

As claim 18, the combination of Klein, Lindeborg and Lindstrom does not explicitly disclose:
Determining that the first MAC address is not included in a forwarding table of the network virtualization device, wherein the first frame is broadcasted to another network virtualization device that is connected to the network virtualization device over a switch network.

However, ABDOU discloses determining that the first MAC address is not included in a forwarding table of the network virtualization device, wherein the first frame is broadcasted to another network virtualization device that is connected to the network virtualization device over a switch network (ABDOU, page 3, column 2: see Section “IV. L2 Networks” – “A. Basic Forwarding”, Determining the first/source MAC address is not in the table, the frame is flooded/broadcasted to the other machines connected to with the switch/network virtualization device).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of the teachings of Klein, Lindeborg and Lindstrom with determining that the first MAC address is not included in a forwarding table of the network virtualization device, wherein the first frame is broadcasted to another network virtualization device that is connected to the network virtualization device over a switch network as taught by ABDOU to provide enhanced security risk analysis and mitigation (ABDOU, page 3, column 2: see “IV. L2 Networks”).

As claim 19, the combination of Klein, Lindeborg and Lindstrom does not explicitly disclose:
Determining that the first MAC address is not included in a forwarding table of the network virtualization device, wherein the first frame is broadcasted to other compute instances that are hosted on host machines connected with the network virtualization device.

However, ABDOU discloses determining that the first MAC address is not included in a forwarding table of the network virtualization device, wherein the first frame is broadcasted to other compute instances that are hosted on host machines connected with the network virtualization device (ABDOU, page 3, column 2: see Section “IV. L2 Networks” – “A. Basic Forwarding”, Determining the first/source MAC address is not in the table, the frame is flooded/broadcasted to the other machines connected to with the switch/network virtualization device).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of the teachings of Klein, Lindeborg and Lindstrom with determining that the first MAC address is not included in a forwarding table of the network virtualization device, wherein the first frame is broadcasted to other compute instances that are hosted on host machines connected with the network virtualization device as taught by ABDOU to provide enhanced security risk analysis and mitigation (ABDOU, page 3, column 2: see “IV. L2 Networks”).

As claim 20, the combination of Klein, Lindeborg and Lindstrom does not explicitly disclose:
Disabling the second port based on the loop; receiving a third frame that comprises the first MAC address as a destination address; and preventing transmission of the third frame via the second port.

However, ABDOU discloses disabling the second port based on the loop; receiving a third frame that comprises the first MAC address as a destination address; and preventing transmission of the third frame via the second port (ABDOU, page 3, column 2: see Section “IV. L2 Networks” – “A. Basic Forwarding”, Preventing transmission/reception from an identified port, receiving a frame with a matched destination MAC address and preventing transmission from the identified port).

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of the teachings of Klein, Lindeborg and Lindstrom with disabling the second port based on the loop; receiving a third frame that comprises the first MAC address as a destination address; and preventing transmission of the third frame via the second port as taught by ABDOU to provide enhanced security risk analysis and mitigation (ABDOU, page 3, column 2: see “IV. L2 Networks”).

Conclusion

8.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

9.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENEE HOLLAND whose telephone number is (571)270-7196. The examiner can normally be reached 8:30 AM - 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, IAN MOORE can be reached on (571)272-3085. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

JENEE HOLLAND
Examiner
Art Unit 2469



/JENEE HOLLAND/           Primary Examiner, Art Unit 2469