The present application is being examined under the pre-AIA  first to invent provisions. 

DETAILED ACTION
Status of Case
This communication is in response to Applicants 01/15/2021 amendment(s) /response(s) in the Application 15/699,466 by NUMATA et al. for “INFORMATION SYSTEM, CONTROL SERVER, VIRTUAL NETWORK MANAGEMENT METHOD, AND PROGRAM”, filed 09/08/2017.
The amendment/response to the claims has been entered: 
Claims 1-6 are cancelled. 
Claims 7, 14 and 21 are currently amended. 
Therefore, claims 7-27 are now pending. 


Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after allowance or after an Office action under Ex Parte Quayle, 25 USPQ 74, 453 O.G. 213 (Comm'r Pat. 1935). Since 01/15/2021 has been entered.


Response to Amendment

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 7, 14, 21 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 2, 3, 5, 6, 7, 8, 10, 11, 14, 15, 17 of U.S. Patent No. 9794124, and further in view of Brandwine et al. (US8644188B1), hereinafter BRANDWINE.

Provided below is the mapping of some claim limitations.  
Claim No.
Instant Claims (15/699,466)
Conflicting Patent (US 9,794,124 B2) 
Claim No.
1
1. A control apparatus, comprising: a memory configured to store program instructions; and 

identify a rule for a virtual network including a plurality of virtual nodes, 

wherein each of the plurality of virtual nodes includes a virtual network function of a network appliance, 

and the rule specifies a conversion operation between information of the virtual network and information of a physical network; 










create control information to emulate the virtual network function to perform communication between the plurality of virtual nodes, wherein the control information indicates processing of a packet communicating in the physical network based on the rule;









that processes the packet corresponding to the virtual network function.


the virtual network includes a plurality of virtual nodes, 







and the rule specifies at least a conversion operation between the virtual network and a physical network; 

and a processor configured to 



execute instructions to: identify, based on characteristics of a packet corresponding to the user, the rule for the virtual network; 

identify, based on the rule for the virtual network, an instruction for a physical node corresponding to each of the virtual nodes of the virtual network, 

wherein each of the virtual nodes includes a predetermined network function capable of performing a first packet operation to the packet; 

and send the instruction to the physical node, wherein the instruction instructs the physical node to perform a second packet operation to the 


perform communication between the plurality of virtual nodes
2. The control apparatus according to claim 1, wherein the virtual network includes a plurality of network functions, and each of the virtual nodes includes at least one of the network functions.
2






As indicated in the Table, above, the additional feature of “perform communication between the plurality of virtual nodes” corresponds to claim 2 of the conflicting patent because conflicting claim 2 implies that the packet operation is performed between multiple virtual nodes (i.e. between a plurality of virtual nodes).
Furthermore, as indicated in the Table above, independent claim 1 of the Present Application recites the additional language: “wherein each of the plurality of virtual nodes includes a virtual network function of a network appliance”. BRANDWINE in the same filed of endeavor teaches “wherein each of the plurality of virtual nodes includes a virtual network function of a network appliance” (BRANDWINE, Fig. 1B, Col. 8, lines 1-10, Col. 11, lines 1-10, Col 12, lines 18-44, teach each of the plurality of virtual nodes providing functionality for specified virtual local area networks comprising the computer nodes such as routers, switches, etc. (i.e. includes a virtual network function of a network appliance). In addition, or alternatively, the CNS communication manager 150 and/or CNS system manager 110 can be interpreted as a network appliance. Please see claim rejections below. Additionally, BRANDWINE teaches wherein the control information indicates processing of a packet communicating in the physical network based on the rule; (BRANDWINE, Fig. 5A, steps 530, 555, Col. 49, lines 29-61, teach the routing (i.e. processing) in step 555 performs modifications to a header of a packet (i.e. control information) that correspond to providing logical networking functionality (i.e. indicates processing) to emulate the actions and functionality that would be performed by the one or more logical networking devices that would be used to forward (i.e. communicating in the physical network based on the rule) the communication to the destination computing node in accordance with the configured network topology for the virtual computer network over the physical network (a packet communicating in the physical network based on the rule. Additionally, BRANDWINE teaches that processes the packet corresponding to the virtual network function. (BRANDWINE, paragraph bridging Cols. 49-50, teach that if at block 510, it is determined that the received message is an incoming communication (i.e. receiving the control information), then verification is performed by identifying network addresses (i.e. processing the packet corresponding to the virtual network function).
Therefore, it would have been obvious to one having ordinary skill in the art at the time of the invention to combine the teachings of BRANDWINE with the conflicting claim 1 to configure each of the plurality of virtual nodes as including a virtual network function of a network appliance such as a CNS system. The motivation would to manage large scale computing resources for many customers with diverse needs, allowing various computing resources to be efficiently and securely shared between multiple customers (BRANDWINE, Col. 1, lines 27-32).
.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of pre-AIA  35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed in the United States before the invention by the applicant for patent or (2) a patent granted on an application for patent by another filed in the United States before the invention by the applicant for patent, except that an international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this subsection of an application filed in the United States only if the international application designated the United States and was published under Article 21(2) of such treaty in the English language.

Claims 7-27 are rejected under pre-AIA  35 U.S.C. 102(e) as being anticipated by Brandwine et al. (US8644188B1), hereinafter BRANDWINE.

Regarding claim 7, BRANDWINE teaches A control apparatus, comprising: a memory configured to store program instructions; and a processor configured to execute the program instructions to: (BRANDWINE, see Fig. 3, system 399, paragraph bridging Cols. 42-43, teach CNS communication manager 360/server computing system 300/host computing 350 (i.e. a control apparatus) comprising memory 320/355 for storing instructions and CPU 305/352 for executing the instructions.) identify a rule for a virtual network including a plurality of virtual nodes, (BRANDWINE, Fig. 1B, Col 13, lines 6-51, teach CNS system comprising CNS communication manager 150 and CNS system manager 110 providing support for one or more virtual computer networks that are provided using various computing nodes. wherein each of the plurality of virtual nodes includes a virtual network function of a network appliance, (BRANDWINE, Fig. 1B, Col. 8, lines 1-10, Col. 11, lines 1-10, Col 12, lines 18-44, teach each of the plurality of virtual nodes providing functionality for specified virtual local area networks comprising the computer nodes such as routers, switches, etc. (i.e. includes a virtual network function of a network appliance). In addition, or alternatively, the CNS communication manager 150 and/or CNS system manager 110 can be interpreted as a network appliance.) and the rule specifies a conversion operation between information of the virtual network and information of a physical network; (BRANDWINE, Fig. 5A, paragraph bridging Cols. 47-48, teach performing network address resolution in steps 515-530 (i.e. a conversion operation between information of the virtual network and information of a physical network) based on the request (i.e. and the rule specifies), as further described by Co. 48, lines 25-60.) create control information to emulate the virtual network function to perform communication between the plurality of virtual nodes, wherein the control information indicates processing of a packet communicating in the physical network based on the rule; (BRANDWINE, Fig. 5A, steps 530, 555, Col. 49, lines 13-61, teach re-writing a communication header (i.e. create control information) to provide logical networking functionality to emulate actions and functionality that would be performed by one or 
and send the control information to a physical node that processes the packet corresponding to the virtual network function. (BRANDWINE, Fig. 5A, steps 530, 560, Col. 49, lines 13-61, teach facilitating forwarding of the modified outgoing communication over the substrate intermediate network(s) to the destination computing node (i.e. and send the control information to a physical node), wherein the computing node corresponds to the plurality of virtual nodes of the virtual network. Furthermore, paragraph bridging Cols. 49-50 teach that, if at block 510, it is determined that the received message is an incoming communication (i.e. receiving the control information), 

Regarding claim 8, BRANDWINE teaches the control apparatus according to claim 7, wherein the processor is further configured to execute program instructions to identify the virtual network corresponding to a characteristic of the packet. (BRANDWINE, Fig. 5A, steps 515, 520, 525, paragraph bridging Cols. 47-48, and Col. 48, lines 25-36, teach identifying the virtual network address based on the request (i.e. characteristics of the packet).)

Regarding claim 9, BRANDWINE teaches the control apparatus according to claim 7, wherein the virtual network corresponds to a user. (BRANDWINE, Col. 2, lines 32-42, Col. 3, lines 4-18, 38-46, and paragraph bridging Cols. 3-4, teach enabling a user to configure or otherwise specify one or more virtual local area networks for the managed virtual computer network.)

Regarding claim 10, BRANDWINE teaches the control apparatus according to claim 9, wherein the user is authorized to change a configuration of the virtual network. (BRANDWINE, Col. 2, lines 32-42, Col. 3, lines 4-18, 38-46, and paragraph bridging Cols. 3-4, teach enabling the user to configure or otherwise specify one or more virtual local area networks for the managed virtual computer network. Furthermore, Fig. 4, step 425, Col. 47, lines 4-27, teach determining whether the request is authorized.)

Regarding claim 11, BRANDWINE teaches the control apparatus according to claim 7, wherein the virtual network function of the network appliance comprises a virtual switching function, (BRANDWINE, Fig. 5A, steps 515, 520, 525, paragraph bridging Cols. 47-48, and Col. 48, lines 25-36, teach the system manager performing virtual network address resolution (i.e. a virtual switching function).) and at least one of the plurality of virtual nodes has the virtual switching function to forward the packet. (BRANDWINE, Fig. 5A, steps 530, 560, Col. 49, lines 13-61, teach facilitating forwarding of the modified outgoing communication over the substrate intermediate network(s) to the destination computing node (i.e. and at least one of the plurality of virtual nodes has the virtual switching function to forward a packet).)
 
Regarding claim 12, BRANDWINE teaches the control apparatus according to claim 7, wherein the virtual network function of the network appliance comprises a virtual load balancing function, (BRANDWINE, Col. 8, lines 9-50, teach the CNS providing fault tolerance via utilizing available computing nodes in different locations (i.e. a virtual load balancing function).) and at least one of the plurality of virtual nodes has the virtual load balancing function to distribute the packet. (BRANDWINE, Col. 8, lines 1-9, teach that a client specifies load balancers to be part of the provided computer network)

Regarding claim 13, BRANDWINE teaches the control apparatus according to claim 7, wherein the virtual network function of the network appliance comprises a virtual fire wall function, (BRANDWINE, Col. 8, lines 9-50, teach the CNS providing fault tolerance via utilizing available computing nodes in different locations (i.e. a virtual load balancing function). For example, in reference to Fig. 1B, Col. 12, first full paragraph, teach that the Communication Manager module 150 that manages communications for the associated computing systems 155a-155n may have various forms, such as, a proxy computing device, firewall device, or networking device (e.g., a switch, router, hub, etc.) through which communications to and from the physical computing systems travel.) and at least one of the plurality virtual nodes has the virtual fire wall function to drop the packet. (BRANDWINE, Col. 8, lines 1-9, teach that a client specifies firewalls to be part of the provided computer network. For example, Co. 19, lines 1-15, teach the computing nodes comprising multiple VLAN connection interfaces to provide capabilities such as firewall (i.e. virtual fire wall function) and packet filtering (i.e. to drop a packet).)

Regarding claim 14, BRANDWINE teaches A network system, comprising: a physical node; (BRANDWINE, Col. 9, lines 10-32, teach a configurable network service (CNS) implemented on a physical node. For example, Fig. 1B, paragraph bridging Cols. 11-12, teach example system 100 with multiple physical computing systems operated on behalf of the CNS system.) and a control apparatus configured to control the physical node, wherein the control apparatus further comprises: a memory configured to store program instructions; and a processor configured to execute the program instructions to: (BRANDWINE, see Fig. 3, system 399, paragraph bridging Cols. 42-43, teach CNS communication manager 360/server  identify a rule for a virtual network including a plurality of virtual nodes, (BRANDWINE, Fig. 1B, Col 13, lines 6-51, teach CNS system comprising CNS communication manager 150 and CNS system manager 110 providing support for one or more virtual computer networks that are provided using various computing nodes. Furthermore, data center 100 is configured as a virtual network including a plurality of virtual machines 107a-d (i.e. a plurality of virtual nodes). For example, Fig. 5A, steps 500, 505, paragraph bridging Cols. 47-48, teach receiving a request from an associated managed computing node for network address resolution (i.e. identifying a rule for the virtual network including the plurality of virtual nodes).) wherein each of the plurality of virtual nodes includes a virtual network function of a network appliance, (BRANDWINE, Fig. 1B, Col. 8, lines 1-10, Col. 11, lines 1-10, Col 12, lines 18-44, teach each of the plurality of virtual nodes providing functionality for specified virtual local area networks comprising the computer nodes such as routers, switches, etc. (i.e. includes a virtual network function of a network appliance). In addition, or alternatively, the CNS communication manager 150 and/or CNS system manager 110 can be interpreted as a network appliance.) and the rule specifies a conversion operation between information of the virtual network and information of a physical network; (BRANDWINE, Fig. 5A, paragraph bridging Cols. 47-48, teach performing network address resolution in steps 515-530 (i.e. a conversion operation between information of the virtual network and information of a physical network) based on the request (i.e. and the rule specifies), as further described by Co. 48, lines 25-60.) create control information to emulate the virtual network function to perform communication between the plurality of virtual nodes, wherein the control information indicates processing of a packet communicating in the physical network based on the rule; (BRANDWINE, Fig. 5A, steps 530, 555, Col. 49, lines 13-61, teach re-writing a communication header (i.e. create control information) to provide logical networking functionality to emulate actions and functionality that would be performed by one or more logical networking devices for the virtual network (i.e. create control information to emulate the virtual network function to perform communication between the plurality of virtual nodes, wherein the control information indicates processing of a packet communicating in the physical network based on the rule). Note, one or more logical networking devices for the virtual network corresponds to the plurality of virtual nodes. More particularly, Fig. 5A, steps 530, 555, Col. 49, lines 29-61, teach the routing (i.e. processing) in step 555 performs modifications to a header of a packet (i.e. control information) that correspond to providing logical networking functionality (i.e. indicates processing) to emulate the actions and functionality that would be performed by the one or more logical networking devices that would be used to forward (i.e. communicating in the physical network based on the rule) the communication to the destination computing node in accordance with the configured network topology for the virtual computer network over the physical network (a packet communicating in the physical network based on the rule).
and send the control information to a physical node that processes the packet corresponding to the virtual network function. (BRANDWINE, Fig. 5A, steps 530, 560, Col. 49, lines 13-61, teach facilitating forwarding of the modified outgoing 

Regarding claim 15, BRANDWINE teaches the network system according to claim 14, wherein the processor is further configured to execute program instructions to identify the virtual network corresponding to a characteristic of the packet. (BRANDWINE, Fig. 5A, steps 515, 520, 525, paragraph bridging Cols. 47-48, and Col. 48, lines 25-36, teach identifying the virtual network address based on the request (i.e. characteristics of the packet).)

Regarding claim 16, BRANDWINE teaches the network system according to claim 14, wherein the virtual network corresponds to a user. (BRANDWINE, Col. 2, lines 32-42, Col. 3, lines 4-18, 38-46, and paragraph bridging Cols. 3-4, teach enabling a user to configure or otherwise specify one or more virtual local area networks for the managed virtual computer network.) 

Regarding claim 17, BRANDWINE teaches the network system according to claim 16, wherein the user is authorized to change a configuration of the virtual network. (BRANDWINE, Col. 2, lines 32-42, Col. 3, lines 4-18, 38-46, and paragraph bridging Cols. 3-4, teach enabling the user to configure or otherwise specify one or more virtual local area networks for the managed virtual computer network. Furthermore, Fig. 4, step 425, Col. 47, lines 4-27, teach determining whether the request is authorized.)

Regarding claim 18, BRANDWINE teaches the network system according to claim 14, wherein the virtual network function of the network appliance comprises a virtual switching function, (BRANDWINE, Fig. 5A, steps 515, 520, 525, paragraph bridging Cols. 47-48, and Col. 48, lines 25-36, teach the system manager performing virtual network address resolution (i.e. a virtual switching function).) and at least one of the plurality of virtual nodes has the virtual switching function to forward the packet. (BRANDWINE, Fig. 5A, steps 530, 560, Col. 49, lines 13-61, teach facilitating forwarding of the modified outgoing communication over the substrate intermediate network(s) to the destination computing node (i.e. and at least one of the plurality of virtual nodes has the virtual switching function to forward a packet).)

Regarding claim 19, BRANDWINE teaches the network system according to claim 14, wherein the virtual network function of the network appliance comprises a virtual load balancing function, (BRANDWINE, Col. 8, lines 9-50, teach the CNS providing fault tolerance via utilizing available computing nodes in different locations (i.e. a virtual load balancing function).) and at least one of the plurality of virtual nodes has the virtual load balancing function to distribute the packet. BRANDWINE, Col. 8, lines 1-9, teach that a client specifies load balancers to be part of the provided computer network)

Regarding claim 20, BRANDWINE teaches the network system according to claim 14, wherein the virtual network function of the network appliance comprises a virtual fire wall function, (BRANDWINE, Col. 8, lines 9-50, teach the CNS providing fault tolerance via utilizing available computing nodes in different locations (i.e. a virtual load balancing function). For example, in reference to Fig. 1B, Col. 12, first full paragraph, teach that the Communication Manager module 150 that manages communications for the associated computing systems 155a-155n may have various forms, such as, a proxy computing device, firewall device, or networking device (e.g., a switch, router, hub, etc.) through which communications to and from the physical computing systems travel.) and at least one of the plurality virtual nodes has the virtual fire wall function to drop the packet. (BRANDWINE, Col. 8, lines 1-9, teach that a client specifies firewalls to be part of the provided computer network. For example, Co. 19, lines 1-15, teach the computing nodes comprising multiple VLAN connection interfaces to provide capabilities such as firewall (i.e. virtual fire wall function) and packet filtering (i.e. to drop a packet).)

Regarding claim 21, BRANDWINE teaches A control method of network communications, comprising: identifying a rule for a virtual network including a plurality of virtual nodes, (BRANDWINE, Fig. 1B, Col 13, lines 6-51, teach CNS system comprising CNS communication manager 150 and CNS system manager 110 wherein each of the plurality of virtual nodes includes a virtual network function of a network appliance, (BRANDWINE, Fig. 1B, Col. 8, lines 1-10, Col. 11, lines 1-10, Col 12, lines 18-44, teach each of the plurality of virtual nodes providing functionality for specified virtual local area networks comprising the computer nodes such as routers, switches, etc. (i.e. includes a virtual network function of a network appliance). In addition, or alternatively, the CNS communication manager 150 and/or CNS system manager 110 can be interpreted as a network appliance.) and the rule specifies a conversion operation between information of the virtual network and information of a physical network; (BRANDWINE, Fig. 5A, paragraph bridging Cols. 47-48, teach performing network address resolution in steps 515-530 (i.e. a conversion operation between information of the virtual network and information of a physical network) based on the request (i.e. and the rule specifies), as further described by Co. 48, lines 25-60.) create control information to emulate the virtual network function to perform communication between the plurality of virtual nodes, wherein the control information indicates processing of a packet communicating in the physical network based on the rule; (BRANDWINE, Fig. 5A, steps 530, 555, Col. 49, lines 13-61, teach re-writing a communication header (i.e. create control information) to provide 
and sending the control information to a physical node that processes the packet corresponding to the virtual network function. (BRANDWINE, Fig. 5A, steps 530, 560, Col. 49, lines 13-61, teach facilitating forwarding of the modified outgoing communication over the substrate intermediate network(s) to the destination computing node (i.e. and send the control information to a physical node), wherein the computing node corresponds to the plurality of virtual nodes of the virtual network. Furthermore, paragraph bridging Cols. 49-50 teach that, if at block 510, it is determined that the received message is an incoming communication (i.e. receiving the control information), 

Regarding claim 22, BRANDWINE teaches the control method of network communications according to claim 21, further comprising: identifying the virtual network corresponding to a characteristic of the packet. (BRANDWINE, Fig. 5A, steps 515, 520, 525, paragraph bridging Cols. 47-48, and Col. 48, lines 25-36, teach identifying the virtual network address based on the request (i.e. characteristics of the packet).)

Regarding claim 23, BRANDWINE teaches the control method of network communications according to claim 21, wherein the virtual network corresponds to a user. (BRANDWINE, Col. 2, lines 32-42, Col. 3, lines 4-18, 38-46, and paragraph bridging Cols. 3-4, teach enabling a user to configure or otherwise specify one or more virtual local area networks for the managed virtual computer network.) 

Regarding claim 24, BRANDWINE teaches the control method of network communications according to claim 23, wherein the user is authorized to change a configuration of the virtual network. (BRANDWINE, Col. 2, lines 32-42, Col. 3, lines 4-18, 38-46, and paragraph bridging Cols. 3-4, teach enabling the user to configure or otherwise specify one or more virtual local area networks for the managed virtual computer network. Furthermore, Fig. 4, step 425, Col. 47, lines 4-27, teach determining whether the request is authorized.)

Regarding claim 25, BRANDWINE teaches the control method of network communications according to claim 21, wherein the virtual network function of the network appliance comprises a virtual switching function, (BRANDWINE, Fig. 5A, steps 515, 520, 525, paragraph bridging Cols. 47-48, and Col. 48, lines 25-36, teach the system manager performing virtual network address resolution (i.e. a virtual switching function).) and at least one of the plurality of virtual nodes has the virtual switching function to forward the packet. (BRANDWINE, Fig. 5A, steps 530, 560, Col. 49, lines 13-61, teach facilitating forwarding of the modified outgoing communication over the substrate intermediate network(s) to the destination computing node (i.e. and at least one of the plurality of virtual nodes has the virtual switching function to forward a packet).) 

Regarding claim 26, BRANDWINE teaches the control method of network communications according to claim 21, wherein the virtual network function of the network appliance comprises a virtual load balancing function, (BRANDWINE, Col. 8, lines 9-50, teach the CNS providing fault tolerance via utilizing available computing nodes in different locations (i.e. a virtual load balancing function).) and at least one of the plurality of virtual nodes has the virtual load balancing function to distribute the packet. (BRANDWINE, Col. 8, lines 1-9, teach that a client specifies load balancers to be part of the provided computer network.)

BRANDWINE teaches the control method of network communications according to claim 21, wherein the virtual network function of the network appliance comprises a virtual fire wall function, (BRANDWINE, Col. 8, lines 9-50, teach the CNS providing fault tolerance via utilizing available computing nodes in different locations (i.e. a virtual load balancing function). For example, in reference to Fig. 1B, Col. 12, first full paragraph, teach that the Communication Manager module 150 that manages communications for the associated computing systems 155a-155n may have various forms, such as, a proxy computing device, firewall device, or networking device (e.g., a switch, router, hub, etc.) through which communications to and from the physical computing systems travel.) and at least one of the plurality virtual nodes has the virtual fire wall function to drop the packet. (BRANDWINE, Col. 8, lines 1-9, teach that a client specifies firewalls to be part of the provided computer network. For example, Co. 19, lines 1-15, teach the computing nodes comprising multiple VLAN connection interfaces to provide capabilities such as firewall (i.e. virtual fire wall function) and packet filtering (i.e. to drop a packet).)

Response to Arguments

Applicant’s arguments, filed on 01/15/2021, hereinafter  “Remarks”, have been fully considered but they are not persuasive for the following reasons: 

With respect to the Section 102 Rejection, on page 12 of the Remarks, Applicants state that the prior art reference of Brandwine does not disclose or 
Examiner respectfully disagrees.
As indicated in the rejections above, BRANDWINE, Fig. 1B, Col 13, lines 6-51, teach CNS system comprising CNS communication manager 150 and CNS system manager 110 providing support for one or more virtual computer networks that are provided using various computing nodes. Furthermore, data center 100 is configured as a virtual network including a plurality of virtual machines 107a-d (i.e. a plurality of virtual nodes). For example, Fig. 5A, steps 500, 505, paragraph bridging Cols. 47-48, teach receiving a request from an associated managed computing node for network address resolution (i.e. identifying a rule for the virtual network including the plurality of virtual nodes).  Furthermore, Fig. 1B, Col. 8, lines 1-10, Col. 11, lines 1-10, Col 12, lines 18-44, teach each of the plurality of virtual nodes providing functionality for specified virtual local area networks comprising the computer nodes such as routers, switches, etc. (i.e. includes a virtual network function of a network appliance). In addition, or alternatively, the CNS communication manager 150 and/or CNS system manager 110 can be interpreted as a network appliance. 

On page 12 of the Remarks, Applicants state that the prior art reference of Brandwine does not disclose or suggest the claimed feature of “sending control 
Examiner respectfully disagrees.
BRANDWINE, Fig. 5A, steps 530, 555, Col. 49, lines 29-61, teach the routing (i.e. processing) in step 555 performs modifications to a header of a packet (i.e. control information) that correspond to providing logical networking functionality (i.e. indicates processing) to emulate the actions and functionality that would be performed by the one or more logical networking devices that would be used to forward (i.e. communicating in the physical network based on the rule) the communication to the destination computing node in accordance with the configured network topology for the virtual computer network over the physical network (a packet communicating in the physical network based on the rule). Furthermore, paragraph bridging Cols. 49-50, teach that if at block 510, it is determined that the received message is an incoming communication (i.e. receiving the control information), then verification is performed by identifying network addresses (i.e. processing the packet corresponding to the virtual network function).

In view of the foregoing, Examiner respectfully disagrees that the prior art reference of BRANDWINE does not teach the features of the independent claims. Based on all of the above remarks, and absent any changes to the claim language .

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Casado et al. (US20100257263A1) paragraphs 20-21 teach creating and maintaining logical forwarding and mapping them to underlying hardware. For example, see Fig. 1, which is reproduced below:

    PNG
    media_image1.png
    496
    625
    media_image1.png
    Greyscale

Paragraphs 20-22, teaching network virtualization layer 106 implementing a forwarding abstraction (i.e. virtual network rules) on the physical topology 104 (i.e. a physical node corresponding to each of the virtual nodes of the virtual network), and the network hypervisor 102 maintains the mappings between the ports on the logical forwarding elements in layer 106 and the underlying network 104, and to update flow tables in physical and/or virtual switches in the physical network accordingly, as further .

Any inquiry concerning this communication or earlier communications from the examiner should be directed to WALLI Z BUTT whose telephone number is (571)272-5822.  The examiner can normally be reached on 9:00 AM - 5.30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CHARLES JIANG can be reached on 571-270-7191.  The fax phone 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/WALLI Z BUTT/Examiner, Art Unit 2412