DETAILED ACTION
Claims status
In the application filed on 10/02/2019, claims 1-20 were cancelled, and thus, 21-40 are currently pending for the examination. The present application is being examined under the pre-AIA  first to invent provisions.

Drawings
Drawing figures submitted on 10/02/2019 have been reviewed and accepted.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.   A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).



Claims 21-40 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claim 1 of the US Patent 10462038. Although the conflicting claims are not identical, they are not patentably distinct from each other. This is an obviousness-type double patenting rejection because the conflicting claims have not in fact been patented.
Regarding pending claims 21-32; the claim 1 recite limitations substantially the same as in the US Patent 10462038. These limitations are fully covered by the claims of the US Patent 10462038.
The compared table below (i.e. underlined claim elements) shows only Example (sample) of how each of these claims are anticipated and mapped by claim 1 of the US Patent 10462038.
Instant Application: 16591286
US Patent: US 10462038 B2
21. A communication system, comprising: 
a first tunnel endpoint configured to terminate a virtual tunnel; 
a control apparatus configured to:
control the first tunnel endpoint; and a first virtual machine belonging to a virtual network; wherein the control apparatus comprises: a memory storing instructions; and a processor configured to execute the instructions to: 
detect a change of connection between the first virtual machine and the first tunnel endpoint; and 
update a correspondence between the first tunnel endpoint and virtual network, in response to the change of the connection.
7. A communication system, comprising:
a control apparatus; and
a plurality of tunnel endpoints controlled by the control apparatus;
wherein the control apparatus comprises:
a memory storing instructions; and
a processor configured to execute the instructions to:
detect, based on an analysis of an identifier of a packet transmitted from a first virtual machine, a change of connection between virtual machines that belong to a virtual network and a first tunnel endpoint which terminates a virtual tunnel; and
update status of the connection between the first tunnel endpoint and the virtual network, according to the change of the connection,
wherein the virtual tunnel is used for communicating between the first virtual machine and a second virtual machine connected to a second tunnel endpoint, through the virtual network, the first tunnel 
wherein the first virtual machine and the second virtual machine belong to the virtual network.




Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time of the claimed invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103(a) are summarized as follows:  (See MPEP Ch. 2141)
a)	Determining the scope and contents of the prior art;
b)	Ascertaining the differences between the prior art and the claims in issue;
c)	Resolving the level of ordinary skill in the pertinent art; and
d)	Evaluating evidence of secondary considerations for indicating obviousness or nonobviousness.

Claims 21-40 are rejected under 35 U.S.C. 103(a) as being unpatentable over Anderson et al. (US 10,228,959 B1) in view of Litvin et al. (US 2009/0249438 A1) and further in view of Jones et al. (US 2013/0332564 A1).
Regarding claim 21; Anderson discloses a communication system (See Figs. 1s and 6 for Virtual Network System. Col. 13, Lines 1-25), comprising: 
a first tunnel endpoint (See Fig. 6: either one of Host Machines could be performed as a tunnel endpoint; Col. 13, Lines 1-5) configured to terminate a virtual tunnel (See Fig. 1A: The technique can include updating a tunnel endpoint destination associated with the assigned IP address of the migrated virtual machine. The updated tunnel endpoint destination can be based on a network address associated with the second server system. Col. 1, Lines 45-51);
a control apparatus (See Fig. 6: Either one of Gateways can be a control apparatus that is configured to run virtual machines that communicate on a virtual network, the virtual machines being assigned IP addresses on the virtual network, where the server systems use separate IP tunnels to effect delivery of IP packets on the virtual network to the virtual machines,; Col. 2, Lines 30-36) configured to control the first tunnel endpoint (See Fig. 1a and 1b: 3. The method of claim 2, wherein the first endpoint of the IP tunnel is the first virtual machine running on the first host machine and the second endpoint of the IP tunnel is the second virtual machine running on the second host machine. See Anderson’s Claim 3 and Col. 7, Lines 14-18); and 
a first virtual machine belonging to a virtual network (See Fig. 1A: VMs one each side of the Network; Col. 4, Lines 21-30); 
wherein the control apparatus comprises: 
a memory storing instructions; and 
a processor (See Figs. 6 and its components; Col. 12, Lines 63-67) configured to execute the instructions to: 
detect a change of connection between the first virtual machine and the first tunnel endpoint (See Fig. 5 and 6: The VM gateway 640 a, 640 b can route traffic between the Internet 650 and the virtual network 601 by changing source or destination address information in packet headers so that the address space of the virtual network 601 is hidden behind the IP address of the gateway 640 a,640 b. In particular, packets arriving at the gateway 640 a,640 b from the Internet 650 and bound for the virtual network 601 have their IP datagram destination address changed from that of the gateway 640 a, 640 b (e.g., 134.130.78.1, or 224.10.202.1) to the IP address of a destination VM (e.g., 192.168.1.10). Packets arriving at the gateway 640 a, 640 b from the virtual network 601 and bound for the Internet 650 have their IP source address changed from that of a VM (e.g., 192.168.1.10) to the IP address of the VM gateway 640 a, 640 b visible on the Internet 650 (e.g., 134.130.78.1, 224.10.202.1). Col. 13, Lines 19-32.); and 
Examiner’s note: the method of changing IP address information in the packet headers could be reasonably analyzed as a method of detecting a change of connection under the BRI.] 
update a correspondence between the first tunnel endpoint and virtual network, in response to the change of the connection (See Fig. 5 and 8: at step 520 and 830; updating a tunnel endpoint destination associated with the assigned IP address of the migrated virtual machine; Col. 12, Lines 24-32, and Col. 15, Lines 10-15).
Even though, Anderson teaches the method of having a change of source/destination IP address of the virtual network, Anderson doesn’t explicitly teach the method of detecting a change of connection between the VM and the tunnel endpoint.
However, Litvin further discusses the method of detecting a change of connection between the VM and the tunnel endpoint (See Fig. 17A: at step 1705 When a virtual machine is moved to a new host node, the virtual network firewall of the new host node detects the arrival of a virtual machine that had not been running on that host node, i.e., tunnel endpoint. In some embodiments, a new virtual machine on the node could be detected (at 1705) by a host node without coming from another host node if the virtual machine is initially activated on the host node that detects it. ¶. 0016] and [0151]).
Therefore, it would have been obvious to one having ordinary skill in the art at the time of the claimed invention was made to provide the method of detecting a change of connection between the VM and the tunnel endpoint as taught by Litvin to have incorporated in the system of Anderson, so that it would not only filter out which packets should be blocked or allowed but also provide security for VMs that run on a hose node. Litvin; ¶. [0011].
Neither Anderson nor Litvin explicitly discusses the method of terminating a virtual terminal.
Jones from the same field of endeavor discloses the method of terminating a virtual terminal. (See Fig. 7: The fourth example rule specifies that the endpoint must be using a virtual private network (VPN) tunnel that is terminated at a specific remote access server. ¶. [0018], Lines 9-14).
Therefore, it would have been obvious to one having ordinary skill in the art at the time of the claimed invention was made to provide the method of terminating a virtual terminal as taught by Jones to have incorporated in the system of Anderson, so that it would not only to provide the endpoint to satisfy the threshold number of rules at the endpoint but also increase the security of the endpoint. See Jones,’s ¶. [0029] and Abstract.

Regarding claim 22; Anderson discloses the communication system wherein the processor is further configured to execute the instructions to: update the correspondence in response to a notification from a virtual server on which the connected first virtual machine operates (See Fig. 6: The technique includes updating a tunnel endpoint destination associated with the assigned IP address of the migrated virtual machine.  The updated tunnel endpoint destination can be based on a network address associated with the second server system. Abstract)

Regarding claim 23; Anderson discloses the communication system wherein the processor is further configured to execute the instructions to: detect that the first virtual machine has been connected to the first tunnel endpoint (See Fig. 1A: the first VM-1 to connect with the Hose Machine 102, i.e., TEP-1; Col. 4, Lines 21-30) by setting control information for notifying the control apparatus of the connection of the first virtual machine based on a packet from the first virtual machine in a switch that configures the first tunnel endpoint (See Fig. 6: Anderson’s claim 3. The method of claim 2, wherein the first endpoint of the IP tunnel is the first virtual machine running on the first host machine and the second endpoint of the IP tunnel is the second virtual machine running on the second host machine. 4. The method of claim 2, wherein the first endpoint of the IP tunnel is the first virtual machine running on the first host machine and the second endpoint of the IP tunnel is the second virtual machine running on the first host machine.)

Regarding claim 24; Anderson in view of Litvin discloses the communication system wherein the processor is further configured to execute the instructions to: 
detect that the first virtual machine has been connected to the first tunnel endpoint (Litvin: the virtual network firewall of the new host node detects the arrival of a virtual machine that had not been running on that host node, i.e., tunnel endpoint. In some embodiments, a new virtual machine on the node could be detected (at 1705) by a host node without coming from another host node if the virtual machine is initially activated on the host node that detects it. ¶. 0016] and [0151]) by analyzing a packet transmitted from the first virtual machine; and 
determine the connection of the first virtual machine (See Fig. 6 and Anderson’s claims 3-5).

Regarding claim 25; Anderson in view of Litvin discloses the communication system wherein the processor is further configured to execute the instructions to: 
detect the connection between the first virtual machine and the first tunnel endpoint (Litvin: the virtual network firewall of the new host node detects the arrival of a virtual machine that had not been running on that host node, i.e., tunnel endpoint. In some embodiments, a new virtual machine on the node could be detected (at 1705) by a host node without coming from another host node if the virtual machine is initially activated on the host node that detects it. ¶. 0016] and [0151]);
update the correspondence between the first tunnel endpoint and virtual network to indicate that the first tunnel endpoint belongs to the virtual network (See Fig. 6: updating, in the single respective entry, the first host network address that is assigned to the first host machine from which the first virtual machine was migrated from to the second host network address that is assigned to the second host machine to which the first virtual machine is migrated to; and updating, in the single respective entry, the only single respective port of the first host machine, from which the first virtual machine was migrated from, that was assigned to the first virtual machine to the only single respective port of the second host machine, to which the first virtual machine is migrated to, that is assigned to the first virtual machine. Anderson’s claim 11).

Regarding claim 26; Anderson in view of Litvin discloses the communication system wherein the processor is further configured to execute the instructions to: detect the removal of the virtual machine from the first tunnel endpoint (Litvin: the virtual network firewall of the new host node detects the arrival of a virtual machine that had not been running on that host node, i.e., tunnel endpoint. In some embodiments, a new virtual machine on the node could be detected (at 1705) by a host node without coming from another host node if the virtual machine is initially activated on the host node that detects it. ¶. 0016] and [0151]); 
update the correspondence between the first tunnel endpoint and virtual network to indicate that the first tunnel endpoint doesn't belong to the virtual network. (See Fig. 8 @ step 815: the migration process suspends/removes the virtual machine. Suspending the virtual machine can include writing the state information of the virtual machine (e.g., memory state, CPU state, register state, network packet buffers, etc.) to one or more files. In some cases, a suspend signal can be communicated to the virtual machine to allow the virtual machine to complete one or more operations before it is suspended. Col. 14, Lines 54-61).

Anderson discloses the communication system further comprising: a plurality of virtual machine; and a plurality of tunnel endpoint; wherein the processor is further configured to execute the instructions to: 
detect a change of connection between one of the plurality of virtual machine and one of the plurality of tunnel endpoint (Litvin: the virtual network firewall of the new host node detects the arrival of a virtual machine that had not been running on that host node, i.e., tunnel endpoint. In some embodiments, a new virtual machine on the node could be detected (at 1705) by a host node without coming from another host node if the virtual machine is initially activated on the host node that detects it. ¶. 0016] and [0151]); and 
update the correspondence between the virtual network and the one of the plurality of tunnel endpoint, in response to the change of the connection (See Fig. 6: 11. The method of claim 1, wherein updating the only single respective entry in the first virtual network routing table for the first virtual machine such that the host network address, specified in the only single respective entry, is changed from the first host network address to the second host network address while the virtual network IP address on the first virtual network that is assigned to the first virtual machine, specified in the only single respective entry, is maintained as a same virtual network IP address after migrating the first virtual machine on the first virtual network from the first host machine to the second host machine comprises:…updating, in the single respective entry, the first host network address that is assigned to the first host machine from which the first virtual machine was migrated from to the second host network address that is assigned to the second host machine to which the first virtual machine is migrated to…; Anderson’s claim 11).


Anderson discloses a control apparatus (See Fig. 6: Either one of Gateways can be a control apparatus that is configured to run virtual machines that communicate on a virtual network, the virtual machines being assigned IP addresses on the virtual network, where the server systems use separate IP tunnels to effect delivery of IP packets on the virtual network to the virtual machines,; Col. 2, Lines 30-36), controlling a first tunnel endpoint (See Fig. 6: either one of Host Machines could be performed as a tunnel endpoint controlled by the Gateway; Col. 13, Lines 1-5) comprising: a memory storing instructions; and a processor configured to execute the instructions to: 
detect a change of connection between a first virtual machine belonging to a virtual network and the first tunnel endpoint (See Fig. 5 and 6: The VM gateway 640 a, 640 b can route traffic between the Internet 650 and the virtual network 601 by changing source or destination address information in packet headers so that the address space of the virtual network 601 is hidden behind the IP address of the gateway 640 a,640 b. In particular, packets arriving at the gateway 640 a,640 b from the Internet 650 and bound for the virtual network 601 have their IP datagram destination address changed from that of the gateway 640 a, 640 b (e.g., 134.130.78.1, or 224.10.202.1) to the IP address of a destination VM (e.g., 192.168.1.10). Packets arriving at the gateway 640 a, 640 b from the virtual network 601 and bound for the Internet 650 have their IP source address changed from that of a VM (e.g., 192.168.1.10) to the IP address of the VM gateway 640 a, 640 b visible on the Internet 650 (e.g., 134.130.78.1, 224.10.202.1). Col. 13, Lines 19-32.) configured to terminate a virtual tunnel  (See Fig. 1A: The technique can include updating a tunnel endpoint destination associated with the assigned IP address of the migrated virtual machine. The updated tunnel endpoint destination can be based on a network address associated with the second server system. Col. 1, Lines 45-51); and 
update a correspondence between the first tunnel endpoint and the virtual network, in response to the change of the connection (See Fig. 5 and 8: at step 520 and 830; updating a tunnel endpoint destination associated with the assigned IP address of the migrated virtual machine; Col. 12, Lines 24-32, and Col. 15, Lines 10-15).
[Examiner’s note: the method of changing IP address information in the packet headers could be reasonably analyzed as a method of detecting a change of connection under the BRI.]
Even though, Anderson teaches the method of having a change of source/destination IP address of the virtual network, Anderson doesn’t explicitly teach the method of detecting a change of connection between the VM and the tunnel endpoint.
However, Litvin further discusses the method of detecting a change of connection between the VM and the tunnel endpoint (See Fig. 17A: at step 1705 When a virtual machine is moved to a new host node, the virtual network firewall of the new host node detects the arrival of a virtual machine that had not been running on that host node, i.e., tunnel endpoint. In some embodiments, a new virtual machine on the node could be detected (at 1705) by a host node without coming from another host node if the virtual machine is initially activated on the host node that detects it. ¶. 0016] and [0151]).
Therefore, it would have been obvious to one having ordinary skill in the art at the time of the claimed invention was made to provide the method of detecting a change of connection between the VM and the tunnel endpoint as taught by Litvin to have incorporated in the system of Anderson, so that it would not only filter out which packets should be blocked or allowed but also provide security for VMs that run on a hose node. Litvin; ¶. [0011].
Neither Anderson nor Litvin explicitly discusses the method of terminating a virtual terminal.
However, Jones from the same field of endeavor discloses the method of terminating a virtual terminal. (See Fig. 7: The fourth example rule specifies that the endpoint must be using a virtual private network (VPN) tunnel that is terminated at a specific remote access server. ¶. [0018], Lines 9-14).
Therefore, it would have been obvious to one having ordinary skill in the art at the time of the claimed invention was made to provide the method of terminating a virtual terminal as taught by Jones to have incorporated in the system of Anderson, so that it would not only to provide the endpoint to satisfy the threshold number of rules at the endpoint but also increase the security of the endpoint. See Jones,’s ¶. [0029] and Abstract.

Regarding claim 29; Anderson discloses the control apparatus wherein the processor is further configured to execute the instructions to: update the correspondence in response to a notification from a virtual server on which the connected first virtual machine operates (See Fig. 6: The technique includes updating a tunnel endpoint destination associated with the assigned IP address of the migrated virtual machine.  The updated tunnel endpoint destination can be based on a network address associated with the second server system. Abstract)

Regarding claim 30; Anderson in view of Litvin discloses the control apparatus wherein the processor is further configured to execute the instructions to: detect that the first virtual machine has been connected to the first tunnel endpoint (Litvin: the virtual network firewall of the new host node detects the arrival of a virtual machine that had not been running on that host node, i.e., tunnel endpoint. In some embodiments, a new virtual machine on the node could be detected (at 1705) by a host node without coming from another host node if the virtual machine is initially activated on the host node that detects it. ¶. 0016] and [0151]) by setting control information for notifying the control apparatus of the connection of the first virtual machine based on a packet from the first virtual machine in a switch that configures the first tunnel endpoint (Anderson: See Fig. 6: Anderson’s claim 3. The method of claim 2, wherein the first endpoint of the IP tunnel is the first virtual machine running on the first host machine and the second endpoint of the IP tunnel is the second virtual machine running on the second host machine. 4. The method of claim 2, wherein the first endpoint of the IP tunnel is the first virtual machine running on the first host machine and the second endpoint of the IP tunnel is the second virtual machine running on the first host machine.)

Regarding claim 31; Anderson in view of Litvin discloses the control apparatus wherein the processor is further configured to execute the instructions to: 
detect that the first virtual machine has been connected to the first tunnel endpoint (Litvin: the virtual network firewall of the new host node detects the arrival of a virtual machine that had not been running on that host node, i.e., tunnel endpoint. In some embodiments, a new virtual machine on the node could be detected (at 1705) by a host node without coming from another host node if the virtual machine is initially activated on the host node that detects it. ¶. 0016] and [0151]) by analyzing a packet transmitted from the first virtual machine; and 
determine the connection of the first virtual machine (Anderson: See Fig. 6 and Anderson’s claims 3-5).

Regarding claim 32; Anderson in view of Litvin discloses the control apparatus wherein the processor is further configured to execute the instructions to: 
detect the connection between the first virtual machine and the first tunnel endpoint (Litvin: the virtual network firewall of the new host node detects the arrival of a virtual machine that had not been running on that host node, i.e., tunnel endpoint. In some embodiments, a new virtual machine on the node could be detected (at 1705) by a host node without coming from another host node if the virtual machine is initially activated on the host node that detects it. ¶. 0016] and [0151]); 
update the correspondence between the first tunnel endpoint and virtual network to indicate that the first tunnel endpoint belongs to the virtual network (See Fig. 6: updating, in the single respective entry, the first host network address that is assigned to the first host machine from which the first virtual machine was migrated from to the second host network address that is assigned to the second host machine to which the first virtual machine is migrated to; and updating, in the single respective entry, the only single respective port of the first host machine, from which the first virtual machine was migrated from, that was assigned to the first virtual machine to the only single respective port of the second host machine, to which the first virtual machine is migrated to, that is assigned to the first virtual machine. Anderson’s claim 11).

Regarding claim 33; Anderson in view of Litvin discloses the control apparatus wherein the processor is further configured to execute the instructions to: 
detect the removal of the virtual machine from the first tunnel endpoint (Litvin: the virtual network firewall of the new host node detects the arrival of a virtual machine that had not been running on that host node, i.e., tunnel endpoint. In some embodiments, a new virtual machine on the node could be detected (at 1705) by a host node without coming from another host node if the virtual machine is initially activated on the host node that detects it. ¶. 0016] and [0151]);
update the correspondence between the first tunnel endpoint and virtual network to indicate that the first tunnel endpoint doesn't belong to the virtual network. (See Fig. 8 @ step 815: the migration process suspends/removes the virtual machine. Suspending the virtual machine can include writing the state information of the virtual machine (e.g., memory state, CPU state, register state, network packet buffers, etc.) to one or more files. In some cases, a suspend signal can be communicated to the virtual machine to allow the virtual machine to complete one or more operations before it is suspended. Col. 14, Lines 54-61).

Anderson discloses a method for controlling a first tunnel endpoint (See Fig. 6: either one of Host Machines could be performed as a tunnel endpoint controlled by the Gateway; Col. 13, Lines 1-5) comprising a step of: 
detecting a change of connection between a first virtual machine belonging to a virtual network and the first tunnel endpoint (See Fig. 5 and 6: The VM gateway 640 a, 640 b can route traffic between the Internet 650 and the virtual network 601 by changing source or destination address information in packet headers so that the address space of the virtual network 601 is hidden behind the IP address of the gateway 640 a,640 b. In particular, packets arriving at the gateway 640 a,640 b from the Internet 650 and bound for the virtual network 601 have their IP datagram destination address changed from that of the gateway 640 a, 640 b (e.g., 134.130.78.1, or 224.10.202.1) to the IP address of a destination VM (e.g., 192.168.1.10). Packets arriving at the gateway 640 a, 640 b from the virtual network 601 and bound for the Internet 650 have their IP source address changed from that of a VM (e.g., 192.168.1.10) to the IP address of the VM gateway 640 a, 640 b visible on the Internet 650 (e.g., 134.130.78.1, 224.10.202.1). Col. 13, Lines 19-32.) configured to terminate a virtual tunnel  (See Fig. 1A: The technique can include updating a tunnel endpoint destination associated with the assigned IP address of the migrated virtual machine. The updated tunnel endpoint destination can be based on a network address associated with the second server system. Col. 1, Lines 45-51); and 
updating a correspondence between the first tunnel endpoint and the virtual network, in response to the change of the connection (See Fig. 5 and 8: at step 520 and 830; updating a tunnel endpoint destination associated with the assigned IP address of the migrated virtual machine; Col. 12, Lines 24-32, and Col. 15, Lines 10-15).
[Examiner’s note: the method of changing IP address information in the packet headers could be reasonably analyzed as a method of detecting a change of connection under the BRI.]
Anderson teaches the method of having a change of source/destination IP address of the virtual network, Anderson doesn’t explicitly teach the method of detecting a change of connection between the VM and the tunnel endpoint.
However, Litvin further discusses the method of detecting a change of connection between the VM and the tunnel endpoint (See Fig. 17A: at step 1705 When a virtual machine is moved to a new host node, the virtual network firewall of the new host node detects the arrival of a virtual machine that had not been running on that host node, i.e., tunnel endpoint. In some embodiments, a new virtual machine on the node could be detected (at 1705) by a host node without coming from another host node if the virtual machine is initially activated on the host node that detects it. ¶. 0016] and [0151]).
Therefore, it would have been obvious to one having ordinary skill in the art at the time of the claimed invention was made to provide the method of detecting a change of connection between the VM and the tunnel endpoint as taught by Litvin to have incorporated in the system of Anderson, so that it would not only filter out which packets should be blocked or allowed but also provide security for VMs that run on a hose node. Litvin; ¶. [0011].
Neither Anderson nor Litvin explicitly discusses the method of terminating a virtual terminal.
However, Jones from the same field of endeavor discloses the method of terminating a virtual terminal. (See Fig. 7: The fourth example rule specifies that the endpoint must be using a virtual private network (VPN) tunnel that is terminated at a specific remote access server. ¶. [0018], Lines 9-14).
Therefore, it would have been obvious to one having ordinary skill in the art at the time of the claimed invention was made to provide the method of terminating a virtual terminal as taught by Jones to have incorporated in the system of Anderson, so that it would not only to provide the endpoint to satisfy the threshold number of rules at the endpoint but also increase the security of the endpoint. See Jones,’s ¶. [0029] and Abstract.

Anderson discloses the method wherein: updating the correspondence in response to a notification from a virtual server on which the connected first virtual machine operates (See Fig. 6: The technique includes updating a tunnel endpoint destination associated with the assigned IP address of the migrated virtual machine.  The updated tunnel endpoint destination can be based on a network address associated with the second server system. Abstract)

Regarding claim 36; Anderson discloses the method: 
detecting that the first virtual machine has been connected to the first tunnel endpoint (See Fig. 1A: the first VM-1 to connect with the Hose Machine 102, i.e., TEP-1; Col. 4, Lines 21-30) by setting control information for notifying the control apparatus of the connection of the first virtual machine based on a packet from the first virtual machine in a switch that configures the first tunnel endpoint (See Fig. 6: Anderson’s claim 3. The method of claim 2, wherein the first endpoint of the IP tunnel is the first virtual machine running on the first host machine and the second endpoint of the IP tunnel is the second virtual machine running on the second host machine. 4. The method of claim 2, wherein the first endpoint of the IP tunnel is the first virtual machine running on the first host machine and the second endpoint of the IP tunnel is the second virtual machine running on the first host machine.)

Regarding claim 37; Anderson in view of Litvin discloses the method:
detecting that the first virtual machine has been connected to the first tunnel endpoint (Litvin: the virtual network firewall of the new host node detects the arrival of a virtual machine that had not been running on that host node, i.e., tunnel endpoint. In some embodiments, a new virtual machine on the node could be detected (at 1705) by a host node without coming from another host node if the virtual machine is initially activated on the host node that detects it. ¶. 0016] and [0151]) by analyzing a packet transmitted from the first virtual machine; and 
determining the connection of the first virtual machine (Anderson: See Fig. 6 and Anderson’s claims 3-5).
	
Regarding claim 38; Anderson in view of Litvin discloses the method comprising: 
detecting the connection between the first virtual machine and the first tunnel endpoint (Litvin: the virtual network firewall of the new host node detects the arrival of a virtual machine that had not been running on that host node, i.e., tunnel endpoint. In some embodiments, a new virtual machine on the node could be detected (at 1705) by a host node without coming from another host node if the virtual machine is initially activated on the host node that detects it. ¶. 0016] and [0151]);
updating the correspondence between the first tunnel endpoint and virtual network to indicate that the first tunnel endpoint belongs to the virtual network (Anderson: See Fig. 6: updating, in the single respective entry, the first host network address that is assigned to the first host machine from which the first virtual machine was migrated from to the second host network address that is assigned to the second host machine to which the first virtual machine is migrated to; and updating, in the single respective entry, the only single respective port of the first host machine, from which the first virtual machine was migrated from, that was assigned to the first virtual machine to the only single respective port of the second host machine, to which the first virtual machine is migrated to, that is assigned to the first virtual machine. Anderson’s claim 11).

Regarding claim 39; Anderson in view of Litvin discloses the method comprising:
detecting the removal of the virtual machine from the first tunnel endpoint (Litvin: the virtual network firewall of the new host node detects the arrival of a virtual machine that had not been running on that host node, i.e., tunnel endpoint. In some embodiments, a new virtual machine on the node could be detected (at 1705) by a host node without coming from another host node if the virtual machine is initially activated on the host node that detects it. ¶. 0016] and [0151]); 
updating the correspondence between the first tunnel endpoint and virtual network to indicate that the first tunnel endpoint doesn't belong to the virtual network. (Anderson: See Fig. 8 @ step 815: the migration process suspends/removes the virtual machine. Suspending the virtual machine can include writing the state information of the virtual machine (e.g., memory state, CPU state, register state, network packet buffers, etc.) to one or more files. In some cases, a suspend signal can be communicated to the virtual machine to allow the virtual machine to complete one or more operations before it is suspended. Col. 14, Lines 54-61).

Regarding claim 40; Anderson in view of Litvin discloses the method wherein comprising: 
detecting a change of connection between one of the plurality of virtual machine and one of the plurality of tunnel endpoint (Litvin: the virtual network firewall of the new host node detects the arrival of a virtual machine that had not been running on that host node, i.e., tunnel endpoint. In some embodiments, a new virtual machine on the node could be detected (at 1705) by a host node without coming from another host node if the virtual machine is initially activated on the host node that detects it. ¶. 0016] and [0151]); and 
updating the correspondence between the virtual network and the one of the plurality of tunnel endpoint, in response to the change of the connection (Anderson: See Fig. 6: 11. The method of claim 1, wherein updating the only single respective entry in the first virtual network routing table for the first virtual machine such that the host network address, specified in the only single respective entry, is changed from the first host network address to the second host network address while the virtual network IP address on the first virtual network that is assigned to the first virtual machine, specified in the only single respective entry, is maintained as a same virtual network IP address after migrating the first virtual machine on the first virtual network from the first host machine to the second host machine comprises:…updating, in the single respective entry, the first host network address that is assigned to the first host machine from which the first virtual machine was migrated from to the second host network address that is assigned to the second host machine to which the first virtual machine is migrated to…; Anderson’s claim 11).


Conclusion and Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAI AUNG whose telephone number is (571)272-3507.  The examiner can normally be reached on Monday-Friday, Alt Fridays, 7:30 AM- 5:00 PM (EST). 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Noel Beharry can be reached on 571-270-5630.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SAI AUNG/
Primary Examiner, Art Unit 2416