Page 1 of 49
`
`ARISTA 1002
`
`

`
`Declaration of Dr. Bill Lin
`U.S. Patent No.: 7,224,668
`Atty Docket No.: 40963-0006IP3
`
`
`
`
`
`My name is Dr. Bill Lin. I am a professor of electrical and computer engineering
`
`at the University of California, San Diego. I understand that I am submitting a declaration in
`
`connection with Inter Partes review (“IPR”) proceedings before the United States Patent and
`
`Trademark Office for U.S. Patent Number 7,224,668 (“the ’668 Patent”).
`
`
`
`I have been retained on behalf of Arista Networks, Inc. (“Arista”). My
`
`compensation is not based on the outcome of my opinions.
`
`
`
`I have reviewed the ’668 Patent, including the claims of the patent in view of the
`
`specification and the file history. In addition, I have reviewed the following documents:
`
`
`
`
`
`
`
`
`
`
`
`
`
`U.S. Patent No. 6,674,743 (“Amara”)
`U.S. Patent No. 6,970,943 (“Subramanian”)
`U.S. Patent No. 6,460,146 (“Moberg”)
`U.S. Patent No. 6,115,378 (“Hendel”)
`IETF RFC 2661, “Layer Two Tunneling Protocol ‘L2TP’,” retrieved from
`http://www.rfc-editor.org/rfc/rfc2661.txt (“IETF RFC 2661”)
`3Com CoreBuilder 3500 Implementation Guide, 3Com MSD Technical
`Publications, November 1999 (“CoreBuilder”)
`My curriculum vitae (“CV”) is provided as an Exhibit.
`
`I received a Bachelor of Science in Electrical Engineering and Computer Sciences
`
`from University of California, Berkeley in May 1985; a Masters of Science in Electrical
`
`Engineering and Computer Sciences from the University of California, Berkeley in May 1988;
`
`and a Ph.D. in Electrical Engineering and Computer Sciences from the University of California,
`
`Berkeley in May 1991.
`
`
`
`I served as the Head of Research of the Systems Control and Communications
`
`Group of IMEC Research Laboratory, Leuven, Belgium from February, 1992 – December, 1996.
`
`Page 2 of 49
`
`

`
`Declaration of Dr. Bill Lin
`U.S. Patent No.: 7,224,668
`Atty Docket No.: 40963-0006IP3
`
`I also have served or am currently serving as Associate Editor or Guest Editor on 2 ACM or
`
`IEEE journals, an Associate Editor on the International Journal of Embedded Systems, as
`
`General Chair on 4 ACM or IEEE conferences, on the Organizing or Steering Committees for 6
`
`ACM or IEEE conferences, and on the Technical Program Committees of over 40 ACM or IEEE
`
`conferences.
`
`
`
`I am a named inventor on five patents in the field of computer networking, and
`
`have published over 160 journal articles and conference papers in top-tier venues and
`
`publications.
`
`
`
`The ’668 Patent issued from U.S. application number 10/307,154, which was filed
`
`on November 27, 2002. The ’668 Patent does not include a priority claim. It is therefore my
`
`understanding that the filing date of November 27, 2002 (hereinafter the “Critical Date”)
`
`represents the earliest possible priority date to which the ’668 Patent is entitled.
`
`
`
`A person of ordinary skill in the art as of the Critical Date (hereinafter a
`
`“POSITA”) would have had a Masters of Science Degree (or a similar technical Masters Degree,
`
`or higher degree) in an academic area emphasizing computer networking or, alternatively, a
`
`Bachelor Degree (or higher degree) in an academic area emphasizing the design of electrical,
`
`computer, or software engineering with several years of experience in computer network
`
`engineering and the design of computer networks. Additional education in a relevant field, such
`
`as computer science, computer engineering, or electrical engineering, or industry experience may
`
`compensate for a deficit in one of the other aspects of the requirements stated above.
`
`
`
`I am familiar with the knowledge and capabilities of one of ordinary skill in these
`
`areas, and notably with designing computer communications networks and computer architecture
`
`problems, including the design of data networks, high-performance switches and routers, many-
`
`Page 3 of 49
`
`

`
`Declaration of Dr. Bill Lin
`U.S. Patent No.: 7,224,668
`Atty Docket No.: 40963-0006IP3
`
`core processors and systems-on-chip, and ASIC chip designs and studying their interaction with
`
`people in experimental and real-world environments. Specifically, my experience working with
`
`industry, with undergraduate and post-graduate students, with colleagues from academia, and
`
`with engineers practicing in industry has allowed me to become directly and personally familiar
`
`with the level of skill of individuals and the general state of the art. Unless otherwise stated, my
`
`testimony below refers to the knowledge of one of ordinary skill in the fields as of the Critical
`
`Date, or before.
`
`
`
`This declaration is organized as follows:
`
`I.
`
`II.
`
`III.
`
`IV.
`
`Brief Overview of the ’668 Patent (pg. 4)
`
`Terminology (pg. 7)
`
`Discussion of References (pg. 12)
`
`Legal Principles (pg. 48)
`
`
`
`
`
`VII. Additional Remarks (pg. 49)
`
`
`
`I.
`
`Brief Overview of the ’668 Patent
`
`
`
`The ’668 patent describes an internetworking device, such as a router, that routes
`
`packets received at the device towards their destination. An internetworking device 100 of the
`
`’668 patent is illustrated in Figure 1:
`
`Page 4 of 49
`
`

`
`Declaration of Dr. Bill Lin
`U.S. Patent No.: 7,224,668
`Atty Docket No.: 40963-0006IP3
`
`
`
`
`
`
`The internetworking device 100 includes two logical components: a data
`
`forwarding plane 135 (i.e., data plane) and a control plane 150. The ’668 Patent at 3:22-34; 5:5-
`
`21. The data plane 135 is composed of physical interface ports 120, line cards 110, and a central
`
`switch engine 130. Id. at 5:5-9. The data plane 135 passes along, or “forwards,” packets
`
`received at the port interfaces 120 toward their ultimate destination. Id. at 1:54-56; 3:23-26; 5:8-
`
`9. The control plane 150 is “a collection of processes” 155 and is responsible for higher layer
`
`functions of the device, such as control and configuration of the internetworking device 100. Id.
`
`at 1:56-59; 3:26-31; 4:58-61; 5:10-23.
`
`
`
`The internetworking device 100 applies port services to packets passing through
`
`the internetworking device 100. Id. at 6:1-44; 6:67-7:14. Port services are a set of policies or
`
`rules that are applied to the packets. Id. at 4:3-8; 6:4-7; 6:24-27; 9:1-4. Port services may
`
`include Quality of Service processing or packet rate-limiting. Id. at 4:6-8; 6:4-23. For example,
`
`“one policy may be to rate limit Telnet SYN packets to a specific rate that is a tolerable rate
`
`Page 5 of 49
`
`

`
`Declaration of Dr. Bill Lin
`U.S. Patent No.: 7,224,668
`Atty Docket No.: 40963-0006IP3
`
`determined through a specific hardware configuration.” Id. at 4:6-8. Port services may be
`
`defined using class maps, policy maps, or access control lists. Id. at 7:19-20; 7:46-47.
`
`
`
`The internetworking device applies different port services to different packet
`
`types. Id. at 3:56-58; 6:16-18; 6:41-43. Some of the packets received by the internetworking
`
`device are “normal transit packet[s],” which are destined for other devices connected to the
`
`internetworking device. Id. at 7:3-8. Other packets, however, are “control plane packets,” which
`
`are packets that are destined for the control plane and that are used by the control plane to control
`
`and configure the internetworking device. Id. at 6:57-63; 5:56-58; 7:8-14. For example,
`
`“protocol control packets” may be destined for the control plane. Id. at 5:30-31; 8:34-49.
`
`
`
`The internetworking device 100 includes “normal input and output port services”
`
`that are applied to normal transit packets. Id. at 6:41-43. The internetworking device 100 also
`
`includes control plane port services that are specifically for control plane packets. See id. at 7:5-
`
`14; 9:1-6. These control plane port services are applied only to packets destined to the control
`
`plane and not to normal transit packets that are forwarded out of the device. See, e.g., id. at 3:56-
`
`58; 6:16-18; 6:41-43; 7:5-14.
`
`
`
`To this end, the internetworking device 100 includes the control plane port
`
`services 145 and a control plane port 140. The control plane port 140 “may or may not be a
`
`single physical port.” Id. 5:1-2. “For example, [the control plane port] may be a virtual address
`
`through which packets travel or are routed from the data plane 135 to the control plane 150.” Id.
`
`at 5:2-4. The packets bound for the control plane 150 are routed through the control plane port
`
`140. Id. at 7:5-12; 9:1-6. The control plane port services 145 are only applied to those packets
`
`routed through the control plane port 140. Id. at 3:56-58; 6:16-18; 7:13-14.
`
`Page 6 of 49
`
`

`
`Declaration of Dr. Bill Lin
`U.S. Patent No.: 7,224,668
`Atty Docket No.: 40963-0006IP3
`
`
`
`
`Thus, during operation, a packet enters the internetworking device through one of
`
`the interface ports 120. Id. at 4:53-56. The associated “line card [110] detects [the] packet and
`
`delivers it to the central switch engine 130,” which makes a routing decision. Id. at 6:66-7:4.
`
`“In the case of a normal transit packet, the packet would be routed to a destination port 120 on an
`
`associated line card 110” and the control plane port services 145 are not applied to the packet.
`
`Id. at 7:5-7. “If, however, the packet is destined for a known control plane 150 address, or to an
`
`address not on a forwarding table 160, the packet is tagged as being destined to [the] control
`
`plane port” Id. at 7:8-11. “The packet is then routed through the aggregate control plane port
`
`140” and the “aggregate control plane port services [145 are applied to] the packet.” Id. 7:11-14.
`
`Because the “control plane port services” are applied only to packets passing through the control
`
`plane port, these services are only applied to control plane packets and not normal transit packets
`
`that are forwarded out of the device. See, e.g., id. at 3:56-58; 6:16-18; 6:41-43; 7:5-14.
`
`
`
`II.
`
`Terminology
`
`
`
`I am not a lawyer. However, I have been informed that, during an IPR proceeding
`
`involving the ‘668 Patent, claim terminology is given the broadest reasonable interpretation at
`
`the time of the Critical Date. I have been informed that this means the claims should be
`
`interpreted as broadly as their terms reasonably allow, but that such interpretation should not be
`
`inconsistent with the patent’s specification and with usage of the terms by a POSITA when
`
`considering the broadest reasonable interpretation. I have used the Critical Date as the point in
`
`time for claim interpretation purposes, although in many cases the same analysis would hold true
`
`even at an earlier time than the Critical Date.
`
`Page 7 of 49
`
`

`
`Declaration of Dr. Bill Lin
`U.S. Patent No.: 7,224,668
`Atty Docket No.: 40963-0006IP3
`
`
`
`
`I have also been advised that a claim may be written in means-plus-function form,
`
`where the claim recites a means for performing a function. I have further been advised that this
`
`type of claim covers the specific structure disclosed in the patent specification for performing the
`
`claimed function, and the equivalents of that structure. The patent must disclose actual structure
`
`for performing the claimed function, and the structure may not be inferred, inherent, or
`
`incorporated by reference. A structure can be a physical apparatus, or an algorithm executing on
`
`a computing device if the claims involve software. I have been advised that to anticipate a
`
`means plus function claim, the prior art reference must disclose, expressly or inherently, the
`
`claimed function and the same or equivalent corresponding structure. A structure is equivalent if
`
`the two structures perform the identical function in substantially the same way to achieve
`
`substantially the same result. Structures are also equivalent if the differences between the two
`
`are insubstantial.
`
`
`
`I have been informed that it would be useful to provide some guidance in this
`
`proceeding with respect to the terms below. As part of that, I considered the context of the terms
`
`within the claim, use of the terms within the specification, and my understanding of how a
`
`POSITA would have understood the terms as of the Critical Date.
`
`
`
`I have considered interpretation of the term “specific, predetermined physical
`
`ports” as used in the ‘668 Patent. From my review, I believe the term could be interpreted, under
`
`the broadest reasonable interpretation, broadly enough to encompass all ports of the
`
`internetworking device. I note that this term is not expressly defined in the ‘668 Patent. My
`
`attention has been directed to claim 8, which is dependent on claim 1 and specifies that the
`
`“control plane port services” are implemented as “an aggregate control plane function,” which is
`
`apparently related to a case in which control plane port services are applied to all of the ports of
`
`Page 8 of 49
`
`

`
`Declaration of Dr. Bill Lin
`U.S. Patent No.: 7,224,668
`Atty Docket No.: 40963-0006IP3
`
`the device. The ’668 Patent, 4:24-25; 6:48-61 (“The central, aggregate control plane services 145
`
`provide a level of service (or control) for all packets received from any port on the device 100”).
`
`Thus, it seems that, under the broadest reasonable interpretation standard, the term “specific,
`
`predetermined physical ports” could be construed broadly enough to encompass all of the ports
`
`of the internetworking device.
`
`
`
`Claim 37 recites “means for configuring a plurality of physical network interface
`
`ports.” I understand that Arista proposes that this term recites the function of “configuring a
`
`plurality of physical network interface ports” and, for the purposes of assessing anticipation and
`
`obviousness, that “control plane processes” should be considered as the corresponding structure.
`
`I agree that claim 37 at least indicates that “the ports [are] configurable by control plane
`
`processes.” I further understand that Arista has previously proposed that the ’668 Patent
`
`discloses that the control plane processes can be implemented as software, but does not disclose
`
`a specific algorithm performed by the control plane processes for configuring the ports. I agree
`
`with this assessment. The’668 Patent specifies that control plane processes can be implemented
`
`as software. The ’668 Patent, 4:62-64 (“control plane 150 processes could be implemented as
`
`software at any level of a system.”). But the ’668 Patent does not disclose a specific algorithm
`
`for configuring the ports.
`
`
`
`Claim 37 recites “means for executing port services on packets entering and
`
`exiting the physical network interface ports.” I understand that Arista proposes that this term
`
`recites the function of “executing port services on packets entering and exiting the physical
`
`network interface ports” and that, to the extent the ’668 Patent discloses corresponding structure,
`
`the structure is a switch engine. I agree with that assessment in view of the ’668 Patent at, e.g.,
`
`Figs. 4 & 6; 6:67-7:2; 8:7-9.
`
`Page 9 of 49
`
`

`
`Declaration of Dr. Bill Lin
`U.S. Patent No.: 7,224,668
`Atty Docket No.: 40963-0006IP3
`
`
`
`
`Claim 37 recites “means for executing a plurality of control plane processes.” I
`
`understand that Arista proposes that this term recites the function of “executing a plurality of
`
`control plane processes” and that, to the extent the ’668 Patent discloses corresponding structure,
`
`the structure is a processor. I agree with that assessment in view of the ’668 Patent at, e.g., 4:58-
`
`60; 4:62-64; 5:21-23.
`
`
`
`Claim 37 recites “means for accessing the collection of control plane processes as
`
`a control plane port entity.” I understand that Arista proposes that this term recites the function
`
`of “accessing the collection of control plane processes as a control plane port entity” and that, to
`
`the extent the ’668 Patent discloses corresponding structure, the structure is a control plane port.
`
`I agree with that assessment in view of the ’668 Patent at, e.g., 3:48-50; 4:65-5:4; 8:52-54.
`
`
`
`Claim 37 recites “means for operating on packets received from specific,
`
`predetermined physical ports and destined to the collection of control plane processes in a way
`
`that is independent of the individual physical port interface configuration and port services
`
`applied thereto.” I understand that Arista proposes that this term recites the function of
`
`“operating on packets received from specific, predetermined physical ports and destined to the
`
`collection of control plane processes in a way that is independent of the individual physical port
`
`interface configuration and port services applied thereto” and that, to the extent the ’668 Patent
`
`discloses corresponding structure, the structure is a switch engine. I agree with that assessment in
`
`view of the ’668 Patent at, e.g., Figs. 4 & 6; 8:12-15.
`
`
`
`Claim 38 recites “means for processing packets originating at a plurality of
`
`physical ports, said means further comprising: means for passing packets through the control
`
`plane port, rather than directly from the physical ports to individual control plane processes.” I
`
`understand that Arista proposes that this term recites the two functions of: (1) “processing
`
`Page 10 of 49
`
`

`
`Declaration of Dr. Bill Lin
`U.S. Patent No.: 7,224,668
`Atty Docket No.: 40963-0006IP3
`
`packets originating at a plurality of physical ports” and (2) “passing packets through the control
`
`plane port, rather than directly from the physical ports to individual control plane processes.” I
`
`agree with that assessment. I also understand that Arista has previously proposed that the ’668
`
`Patent does not disclose corresponding structure for these functions because the claim further
`
`specifies that “the control plane port additionally comprises” the means for processing packets. I
`
`agree with this assessment. The ’668 Patent does not describe any specific structure that is part
`
`of the control plane port that processes packets or that passes packets through the control plane
`
`port. I understand that, for the purposes of assessing anticipation and obviousness in this
`
`proceeding, Arista proposes that a switch engine should be considered the closest potentially
`
`corresponding structure. I agree that, to the extent that the ‘668 Patent is deemed to disclose
`
`corresponding structure, the closest potentially corresponding structure is a switch engine.
`
`
`
`Claim 43 recites “means for applying distributed control plane port services only
`
`to the packets received from the specific, pre-determined physical ports.” I understand that
`
`Arista proposes that this term recites the function of “applying distributed control plane port
`
`services only to the packets received from the specific, pre-determined physical ports” and that,
`
`to the extent the ’668 Patent discloses corresponding structure, the structure is a switch engine. I
`
`agree with this assessment in view of the ’668 Patent at Fig. 6; 8:12-15.
`
`
`
`Claim 53 recites “means for applying port services to the control plane port
`
`additionally comprises means for applying services selected from a group consisting of Quality
`
`of Service functions, packet classification, packet marking, packet queuing, packet rate limiting,
`
`flow control, and other access policies for packets destined to the control plane port.” I
`
`understand that Arista proposes that this term recites two functions of: (1) “applying port
`
`services to the control plane port” and (2) “applying services selected from a group consisting of
`
`Page 11 of 49
`
`

`
`Declaration of Dr. Bill Lin
`U.S. Patent No.: 7,224,668
`Atty Docket No.: 40963-0006IP3
`
`Quality of Service functions, packet classification, packet marking, packet queuing, packet rate
`
`limiting, flow control, and other access policies for packets destined to the control plane port”
`
`and that, to the extent the ’668 Patent discloses corresponding structure, the structure is a switch
`
`engine. I agree with that assessment in view of the ’668 Patent at, e.g., Figs. 4 & 6; 8:12-15.
`
`
`
`Claim 54 recites “means for configuring the control plane port services as an
`
`entity separate from physical port services.” I understand that Arista proposes that this term
`
`recites the function of “configuring the control plane port services as an entity separate from
`
`physical port services” and, for the purposes of assessing anticipation and obviousness, that
`
`“control plane processes” should be considered as the corresponding structure. I agree that, to the
`
`extent the ’668 Patent discloses corresponding structure, that structure is a control plane, which
`
`the ’668 Patent describes as a collection of processes. The ’668 Patent, 4:62-64; 5:10-17. I
`
`further understand that Arista has previously proposed that the ’668 Patent discloses that the
`
`control plane processes can be implemented as software, but does not disclose a specific
`
`algorithm performed by the control plane processes for configuring the control plane port
`
`services as an entity separate from physical port services. I agree with this assessment. The’668
`
`Patent specifies that control plane processes can be implemented as software. See, the ’668
`
`Patent at, e.g., 4:62-64 (“control plane 150 processes could be implemented as software at any
`
`level of a system.”). But the ’668 Patent does not disclose a specific algorithm for configuring
`
`the control plane port services.
`
`
`
`III. Discussion of References
`
`A.
`
`Amara
`
`Page 12 of 49
`
`

`
`Declaration of Dr. Bill Lin
`U.S. Patent No.: 7,224,668
`Atty Docket No.: 40963-0006IP3
`
`
`
`
`Amara describes a packet-forwarding device, such as a router, that routes packets
`
`received at the device towards their destination. Amara, 1:9-21; 4:15-21. A device 200 of
`
`Amara is illustrated in Figure 3:
`
`
`
`
`
`Initially, I note that Figure 3 corresponds to an embodiment that extends the
`
`approach shown and described with respect to Figure 2. Id. at 5:51-54. In particular, the
`
`embodiment of Figure 3 extends that of Figure 2 by adding the policy engines 224-228 “to allow
`
`policies to be applied to the external packets as well as the internal packets.” Id. Since Amara
`
`describes Figure 3 as an extension of the approach shown in Figure 2, and because the
`
`description of Figure 3 does not appear to contradict anything described with respect to Figure 2,
`
`a POSITA would have understood that the description of the components shown in Figure 2
`
`would apply to the same components shown in Figure 3.
`
`
`
`The device 200 includes physical interface ports 202-206, packet classifiers 214-
`
`218, and a packet forwarder 222. See id. at Fig. 3; 5:53-62. The physical interface ports 202-
`
`206 “are able to transmit packets to and to receive packets from nodes [208-212],” which may be
`
`Page 13 of 49
`
`

`
`Declaration of Dr. Bill Lin
`U.S. Patent No.: 7,224,668
`Atty Docket No.: 40963-0006IP3
`
`“either hosts or packet-forwarding devices, such as routers, that are connected to device [200] via
`
`digital networks.” Id. at 4:17-22. For example, in some cases, the device 200 is connected to
`
`another router or other device via a wide area network (WAN) and a host or other device via a
`
`local area network (LAN). Id. at 4:25-28. The packet classifiers 214-218 and packet forwarder
`
`222 operate together to pass along, or “forward,” packets received at the interface ports 202-206
`
`toward their ultimate destination. Id. at 5:58-62.
`
`
`
`The device 200 also includes internal applications 230 that run on the device 200.
`
`Id. at 4:34-35. The internal applications 230 “serve to control or configure [the] device [200]”
`
`and thus are control plane processes that form a control plane. Id. at 4:34-35. The internal
`
`applications “communicate with other devices remote to device 100, through the use of protocols
`
`such as PPTP, L2TP, SNMP or Telnet.” See id. at 4:36-43.
`
`
`
`The device 200 further includes policy engines 224-228 and 232. The policy
`
`engines 224-228 and 232 apply policies to packets passing through the device 200. Id. at 6:9-14.
`
`In general, the policies “encompass any disposition of packets that involves more than simply
`
`routing them based on their destination addresses.” Id. at 1:34-36. For example, the policies
`
`may include “dropping [selected] packet[s], logging [selected] packet[s], encrypting or
`
`decrypting [selecting] packet[s], performing network address translation and/or port address
`
`translation on [selected] packet[s], and prioritizing [selected] packet[s] for QoS.” Id. at 1:36-38;
`
`5:16-21. A POSITA would have understood that dropping selected packets or prioritizing
`
`selected packets each provide an ability to control packet flows. Similarly, a POSITA would
`
`have understood that logging selected packets provides an ability to monitor packet flows.
`
`
`
`As Amara discloses, “packets received at interfaces [202-206]” are classified as
`
`“either internally-destined or external packets, based on the destination address of the packet.”
`
`Page 14 of 49
`
`

`
`Declaration of Dr. Bill Lin
`U.S. Patent No.: 7,224,668
`Atty Docket No.: 40963-0006IP3
`
`Id. at 4:56-58. The “external packets,” are those that are “destined for devices other than device
`
`[200]” and, in general, “have destination addresses that correspond to devices other than device
`
`[200].” Id. at 4:44-48; 4:61-63. In contrast, “internally-destined packets” are those packets that
`
`“have a destination address that is one of the addresses assigned to the device [200] itself,”
`
`which are then forwarded to the internal applications. Id. at 4:59-61; 5:5-6. Therefore, a
`
`POSITA would have understood that “internally-destined packets” are packets that are received
`
`at the interfaces 202-206 and destined for the internal applications 230.
`
`
`
`The policy engines 224-228 execute and “apply policies to external packets.” Id.
`
`at 6:12-13. A separate policy engine 232 executes and applies policies to the internally-destined
`
`packets. Id. at 6:9-12. The policy engine 232 “does not apply [its] policies to the external
`
`packets.” Id. at 5:34-35. Instead, the policy engine 232 “[applies its policies] only to internal
`
`packets.” Id. at 5:43-44.
`
`
`
`To this end, the device 200 also includes an internal interface 220, which
`
`corresponds to the control plane port of the ’668 Patent. Id. at 5:59-60. The internal interface
`
`220 may be “a pseudo interface implemented by software, rather than a physical interface.” Id.
`
`at 4:67 to 5:2. The internally-destined packets (but not the external packets) received on
`
`interface ports 202-206 are routed through the internal interface 220, which then forwards the
`
`internally-destined packets to the policy engine 232. Id. at 5:63-67. Since only internally-
`
`destined packets are routed through the internal interface 220 to the policy engine 232, the policy
`
`engine 232 only applies its policies to the internally-destined packets but not to the external
`
`packets. Id. at 5:33-35; 6:9-16.
`
`
`
`Accordingly, during operation, packets enter the device 200 through one of the
`
`interface ports 202-208, and are passed to a corresponding packet classifier 214-218. Id. at 4:55-
`
`Page 15 of 49
`
`

`
`Declaration of Dr. Bill Lin
`U.S. Patent No.: 7,224,668
`Atty Docket No.: 40963-0006IP3
`
`59; 5:53-58. Packet classifiers 214-218 classify the packets “as either internally-destined
`
`packets or external packets, based on the packets destination addresses.” Id. at 4:56-59. As
`
`explained by Amara, that packet classifier 214-218 can do so because internally-destined packets
`
`“have a destination address that is one of the addresses assigned to the device [200] itself.” Id. at
`
`4:59-61.
`
`
`
`Furthermore, as noted above, Amara’s internal applications 230 communicate
`
`with remote devices using protocols such as L2TP, which is the Layer 2 Tunneling Protocol. A
`
`POSITA would have understood that this means that the remote devices would send L2TP
`
`packets to the internal applications and, as a result, some of the packets identified as internally-
`
`destined would be those L2TP packets. Further, a POSITA would have understood that the
`
`L2TP protocol was proposed in 1999 as RFC2661 to extend the Point-to-Point (PPP) protocol,
`
`which defines an encapsulation mechanism for transporting multiprotocol packets across layer 2
`
`(L2) point-to-point links. IETF RFC 2661 at § 1.0 “Introduction.” L2TP messages are layer 2
`
`messages and divided into control messages and data messages. Id. at § 3.0 “Protocol
`
`Overview.” PPP frames are carried in the data messages, and both control messages and data
`
`messages are carried in a Packet Transport, such as a User Datagram Protocol (UDP) packet. Id.
`
`Thus, a POSITA would have understood that some of the packets forwarded to the internal
`
`applications 230 would be UDP packets carrying L2TP control messages (that is, would have
`
`been layer 2 control packets). Once those packets are received by the appropriate internal
`
`application 230, that internal application 230 would identify the L2TP control messages in those
`
`UDP packets when processing the UDP packets according to the protocol.
`
`
`
`In any event, the packet classifiers determine if a packet is an internally-destined
`
`or external packet. If the packet is an internally-destined packet, the “[p]acket classifiers 214-
`
`Page 16 of 49
`
`

`
`Declaration of Dr. Bill Lin
`U.S. Patent No.: 7,224,668
`Atty Docket No.: 40963-0006IP3
`
`218 forward the internally-destined packets to [the] internal interface 220.” Amara at 5:58-60; 4:
`
`63-64. The internal interface 220 then forwards the internally-destined packets to the internal
`
`applications 230 via the policy engine 232. Id. at 5:63-67; 4:2-7. The policy engine 232 applies
`
`policies to the internally-destined packets and, if appropriate, forwards the packet to the internal
`
`applications 230. Id. 5:63-67; 6:9-12.
`
`
`
`On the other hand, if the packet classifiers determine the packet is an external
`
`packet, the packet classifiers 214-218 “forward the external packets to the packet forwarder 222
`
`via policy engines 224-228, respectively.” Id. at 5:60-62. The policy engines 224-228 apply
`
`their policies to the external packets and, if appropriate, forward the packets to the packet
`
`forwarder. Id. at 5:60-62; 6:12-14. The packet forwarder “provides a routing functionality by
`
`determining to which of interfaces [202-206] to forward each packet, based on each packet's
`
`destination address.” Id. at 5:28-31. The packet forwarder “typically has access to routing tables
`
`to perform this routing.” Id. at 5:31-32. Once the packet forwarder determines the appropriate
`
`interface port 202-206, the packet forwarder 222 forwards the packet to the corresponding
`
`interface port 202-206. Id. at 6:3-8. The packet forwarder 222 may forward the packets to the
`
`corresponding interface port 202-206 via the policy engines 224-228 so that the policy engines
`
`224-228 can “also apply policies to the external packets forwarded by packet forwarder 222.”
`
`Id. at 6:3-8; 6:14-16. The packet forwarder 222 together with the packet classifiers 214-18 and
`
`policy engines 224-28 and 232 can constitute a switch engine.
`
`B.
`
`CoreBuilder
`
`
`
`CoreBuilder describes features of the 3Com CoreBuilder 3500 Layer 3 High-
`
`Function Switch. CoreBuilder, pp. 21, 27. While referred to as a switch, the CoreBuilder
`
`switch, “as a Layer 3 device, can act as a router.” Id., pp. 258, 282-85.
`
`Page 17 of 49
`
`

`
`Declaration of Dr. Bill Lin
`U.S. Patent No.: 7,224,668
`Atty Docket No.: 40963-0006IP3
`
`
`
`
`CoreBuilder describes how an administrator can use an Administration Console to
`
`configure the CoreBuilder router. The Administration Console “is a menu-driven command line
`
`interface that is embedded in the system software,” which corresponds to a control plane. Id.,
`
`p.28, see also p. 31 (“The Administration Console and most of Web Management are embedded
`
`parts of the software and are available for immediate use on your system). As described by
`
`CoreBuilder, the system software “is installed on each system at the factory” and “boots from
`
`flash memory when you power on the system.” Id., p. 27. Further, the administrator “can load a
`
`new or updated version of the system software into [the] system’s flash memory.” Id., p. 52.
`
`Accordingly, the system software, including the Administration Console, is stored in flash
`
`memory.
`
`
`
`CoreBuilder discloses a “CoreBuilder system processor.” Id., p. 25. As noted,
`
`CoreBuilder also states that the system software, including the embedded Administrator Console,
`
`“boots from flash memory.” Id., p. 27. A POSITA would unde