Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Amendment filed on February 03, 2021 in response to the Office Action of November 04, 2020 is acknowledged and has been entered. Claims 1, 8, 12, 15, 17 and 20 have been amended. Claims 1- 20 are pending and under examination in this Office Action.
Response to Amendment
The objections to claims 1, 8, 12 and 17 are now withdrawn in view of the claim amendment. The objection to claim 15 remains since no amendment is provided for the objection.
Applicant's arguments with respect to claims 1 - 20 have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection. The previous claim rejections under 35 U.S.C. 103 to claims 1 - 20 are now withdrawn in view of the claim amendments. However, upon further consideration in view of the amendments, new grounds of rejection are now made. See the rejection section for details.
Claim Objections
Claims 9 and 15 are objected to because of the following informalities:  
Claim 9 recites the limitation “requested network service” in line 14. It is not unclear to the examiner if the limitation “requested network service” in line 14 refers to the same limitation “the requested network service” recited in line 13. For examination purpose, the limitation “requested network service” recited in line 14 will read as “the requested network service.”
In claim 15, line 19, the limitation “the candidate service” should read as “the candidate server” in consideration of the claimed subject matter.
Appropriate correction is required
Claim Rejections - 35 USC § 103  
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 - 4, 6 - 8, 15 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Ahuja et al. (U.S. Pub. No. US 2018/0121221 A1), herein referred to as Ahuja, in view of Lette et al. (U.S. Pub. No. US 2003/0018784 A1), herein referred to as Lette, and in further view of Hugard IV et al. (U.S. Pub. No. US 2013/0275574 A1), herein referred to as Hugard IV.
In regard to claim 1, Ahuja teaches a method comprising: monitoring traffic in a network environment for providing access to network services (e.g. interface microservices and security microservices – para. [0021]) through the network environment (“… A security system that monitors network traffic often includes multiple interface microservices and ; 
	identifying a requested network service (e.g. one of the new security microservices requested – para.[0022]) for a client (“… As traffic increases or as new types of security microservices are to be provided, embodiments disclosed herein receive requests to instantiate new microservices ...” - para. [0022]);
	identifying a related network service (e.g. one of the security microservices or interface microservices – para. [0029]) associated with the requested network service (e.g. one of the security microservices – para. [0022]) recognized by monitoring the traffic in the network environment (FIG. 1; “... As traffic increases or as new types of security microservices are to be provided, embodiments disclosed herein receive requests to instantiate new microservices ...” - para. [0022]; “... Network security system receives traffic via network interface 124 to/from s datacenter ... traffic first passes into and through a segment microservice, then a TCP/IP inspection microservice, then an SSL microservice, then a DPI microservice, then a NOX microservice, and then a DLP microservice. However, one or more of these services may not be enabled ...” - para. [0029]; “... security microservices can choose which interface microservice to use ...” - para. [0056]), …; 
	sending a … probe (e.g. sending packet A to explore – para. [0050]) for the related network service (e.g. one of the security services – para. [0047]) within the network environment to at least one candidate server (e.g. hosts or hardware resources to host the microservices – para. [0027]) of a plurality of candidate servers for provisioning the related network service (e.g. discover configuration information; FIG. 1; FIG. 6; “... Once initiated ... network security system ... will utilize network interface 124 to explore the datacenter to discover what network segments exist, the security requirements of various network segments, what hosts and hardware resources are available, and additional configuration information as needed ...” - para. [0027]; “... Each of the security microservices at the levels of the hierarchy generate their own security load by measuring, scaling, and weighing properties that reflect operating parameters ...” - para. [0047]; “... As illustrated, interface microservice 602 receives packet A 608, which, in some embodiments comprises a header and data ... Interface microservice 602 then accesses load data 652 to conduct a load balancing to select a TCP/IP microservice to receive the packet ...” - para. [0050]); 
	assigning a candidate server of the plurality of candidate servers to provision the related network service (e.g. select a suitable virtual machine or server to provision a microservice – para. [0071]) in response to the candidate server accepting provisioning of the related network service based on the … probe (e.g. the configuration microservice calculates the suitability of the virtual machine or server to provision the microservice; FIG. 7; FIG. 11; “... A request may be received to instantiate a new security microservice and deploy it within a security service (such as security service 706) ...” - para. [0059]; “... FIG. 11 is a block flow diagram illustrating a method of a configuration microservice deploying and configuring a microservice to perform security processing on a suitable virtual machine within a security hierarchy ... At 1104, a suitable virtual machine is selected, wherein the selecting comprises calculating the suitability of the virtual machine based on a property load and a property weight. In some embodiments, the property load is associated with a server ...” - para. [0071]; , wherein the candidate server is configured to gather, …, one or more pre-fetched resources for provisioning the related network service (e.g. the server or VM with a suitable processing environment is selected to provision the security microservice; FIG. 7; “... Embodiments disclosed herein analyze multiple server properties and virtual machine properties in order to select a processing environment suited to the new microservice ... a new microservice that is expected to use lots of disk accesses will weigh disk access highly. In some embodiments, selecting a suitable processing environment where to deploy a new microservice involves analyzing many properties, each weighted to represent its significance ...” - para. [0062]); 
	…; and 
	steering, from a load balancer of the network environment (e.g. a configuration microservice in the security system – para. [0071]), traffic associated with provisioning of the related network service to the candidate server for provisioning of the related network service using the one or more pre-fetched resources (e.g. directing packets flowing to the microservice that is deployed on the virtual machine or the server; “... FIG. 11 is a block flow diagram illustrating a method of a configuration microservice deploying and configuring a microservice to perform security processing on a suitable virtual machine within a security hierarchy according to an embodiment ... As an example of the selection process, a configuration microservice seeking to deploy an additional DPI microservice will utilize the service load profile of the DPI microservice to weight the current loading of each server and VM property load for each potential VM onto which the DPI microservice could be deployed. The VM with the lowest weighted load (calculated using the process of FIG. 10) will then be selected 
	Ahuja does not explicitly teach, but Lette teaches wherein the related network service (e.g. a network service such as an email application registered by the registering consumer – para. [0040]) is identified before the related network service is requested by the client (e.g. the resource pre-allocating system identifying the network service such as the email application before the registering consumer sending requests to the network service – para. [0029] and [0040]) and the related network service is a network service that is requested by the client (e.g. the registering consumer sending requests to the network service such as an email application – para. [0040]) in reaction to provisioning of at least a portion of the requested network service (e.g. the registration process supported by the resource pre-allocating system for the registering consumer accessing the network service – para. [0029]) to the client (e.g. the registering consumer – para. [0029] and [0040]); … gathering one or more pre-fetched resource before the related network service is requested by the client (e.g. pre-allocating resources before the registering consumer sending requests to the network service such as the email application – para. [0040]) …; receiving a request for the related network service from the client either concurrently with provisioning of the requested network service or after the provisioning of the requested 2Application No.: 16/380,401Docket No.: 612860 (1020507-US.01) network service (e.g. the registering consumer sending request to the network service such as the email application either when or after the resource pre-
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Ahuja in view of Lette in order to incorporate a method to proactively provision the network services when consumers initiate registration process to the network services as disclosed by Lette. One of ordinary skilled in the art would have been motivated because the arts from Ahuja and Lette disclose the features of services provisioning in distributed systems. Such incorporation would help solving the distribution latency problem 
	Ahuja in view of Lette do not explicitly teach, but Hugard IV teaches a User Datagram Protocol (UDP) probe (“... an example active sensor can send a DHCPv6 UDP probe to port 547 at the multicast address FF02:0:0:0:0:0:1:2 to discover all DHCP servers and relay agents ...” - para. [0046]).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Ahuja in view of Lette and further in view of Hugard IV in order to incorporate a method to send UDP packet to discover the network devices as disclosed by Hugard IV. One of ordinary skilled in the art would have been motivated because such incorporation would discover live network devices, identify the attributes of the network devices, conduct security management over the discovered devices in the network (Hugard IV, paras. [0002], [0013]) and incur less delay for packet transmission.
In regard to claim 2, Ahuja teaches wherein the one or more pre-fetched resources are gathered as the requested network service is provisioned and before the related network service is provisioned (e.g. the server or VM with a suitable processing environment is selected to provision the security microservice; FIG. 7; “... Embodiments disclosed herein analyze multiple server properties and virtual machine properties in order to select a processing environment suited to the new microservice ... a new microservice that is expected to use lots of disk accesses will weigh disk access highly. In some embodiments, selecting a suitable processing environment where to deploy a new microservice involves analyzing many 
In regard to claim 3, Ahuja teaches wherein the candidate server is configured to accept provisioning of the related network service from within the plurality of candidate servers based on an amount of instantaneous resources (e.g. the suitability decision based on the property load and property weight of the virtual machines and servers – para. [0071]) available at each of the plurality of candidate servers for provisioning the related network service (FIG. 11; “... a suitable virtual machine is selected, wherein the selecting comprises calculating the suitability of the virtual machine based on a property load and a property weight. In some embodiments, the property load is associated with a server ... As an example of the selection process, a configuration microservice seeking to deploy an additional DPI microservice will utilize the service load profile of the DPI microservice to weight the current loading of each server and VM property load for each potential VM onto which the DPI microservice could be deployed ...” - para. [0071]).
In regard to claim 4, Ahuja in view of Lette do not explicitly teach, but Hugard IV teaches wherein the UDP probe is an internal probe (e.g. initiate the probe automatically within the network – para. [0043]) that is originated in and sent within the network environment (FIG. 2; “... an asset detection engine 210 can be a network-attached device or software system deployed to automatically discover live network devices using one or more of a plurality of discovery techniques ...” - para. [0042]; “... The identified addresses can then be extracted from 
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Ahuja in view of Lette and further in view of Hugard IV in order to incorporate a method to send UDP packet to discover the network devices based on the situation of the network environment as disclosed by Hugard IV. One of ordinary skilled in the art would have been motivated because such incorporation would discover live network devices, identify the attributes of the network devices, conduct security management over the discovered devices in the network, actively react to the changing requirements of the network environment (Hugard IV, paras. [0002], [0013] and [0041]) and incur less delay for packet transmission.
In regard to claim 6, Ahuja in view of Lette and further in view of Hugard IV teach wherein the UDP probe (e.g. the packet A – para. [0050]) is passed sequentially along the plurality of candidate servers (e.g. pass the microservices that deployed on servers or VMs in sequence – para. [0050] and [0051]) until the candidate server accepts provisioning of the related network service (Ahuja: e.g. the appropriate microservice deployed on a server or VM is selected after conducting a load balancing; FIG. 6; “... FIG. 6 is a block flow diagram illustrating application data flowing between an interface microservice and a plurality of TCP/IP Microservices and DPI microservices ...” - para. [0047]; “... interface microservice 602 receives  embodiments comprises a header and data ... Interface microservice 602 then accesses load data 652 to conduct a load balancing to select a TCP/IP microservice to receive the packet ...” - para. [0050]; “... After conducting TCP/IP processing on packet A, TCP/IP microservice accesses its load data 662 to conduct a load balancing to select a DPI microservice to receive its output ...” - para. [0051]).
In regard to claim 7, Ahuja teaches wherein the load balancer (e.g. the configuration microservice – para. [0071]) is configured to set up a rule for forwarding the traffic (e.g. configure the microservice to communicate with an interface microservice of the selected VM or server – para. [0071]) associated with provisioning of the related network service to the candidate server in response to the candidate server accepting provisioning of the related network service (FIG. 11; “... FIG. 11 is a block flow diagram illustrating a method of a configuration microservice deploying and configuring a microservice to perform security processing on a suitable virtual machine within a security hierarchy ... At 1106, the microservice is deployed on the selected virtual machine. At 1108, the microservice is configured to communicate with an interface microservice of the selected VM or of another VM on the same server as the selected VM ... At 1110, the microservice is configured to perform security processing on packets processed within a security service ...” - para. [0071]).
In regard to claim 8, Ahuja in view of Lette and further in view of Hugard IV teaches wherein the UDP probe (e.g. a channel data encapsulation packet – para. [0040]) is generated in response to a client UDP packet (e.g. an application data packet – para. [0040]) received from the client for accessing the requested network service (Ahuja: e.g. the security microservices; “... FIG. 5 is a block flow diagram illustrating application data traversing to a 
In regard to claim 15, Ahuja teaches a system comprising: one or more processors; and at least one computer-readable storage medium having stored therein instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising: monitoring traffic in a network environment for providing access to network services (e.g. interface microservices and security microservices – para. [0021]) through the network environment (“… A security system that monitors network traffic often includes multiple interface microservices and multiple security microservices, such as an interface microservice, a TCP/IP security microservice, a DPI security microservice, and an SSL security microservice, to name a few to receive and process network traffic ...” - para. [0021]); 
	identifying a requested network service (e.g. one of the new security microservices requested – para.[0022]) for a client (“… As traffic increases or as new types of security microservices are to be provided, embodiments disclosed herein receive requests to instantiate new microservices ...” - para. [0022]); 
	identifying a related network service (e.g. one of the security microservices or interface microservices – para. [0029]) associated with the requested network service (e.g. one of the security microservices – para. [0022]) recognized by monitoring the traffic in the network environment (FIG. 1; “... As traffic increases or as new types of security microservices are to be , …; 
	sending a … probe (e.g. sending packet A to explore – para. [0050]) for the related network service (e.g. one of the security services – para. [0047]) within the network environment to at least one candidate server (e.g. hosts or hardware resources to host the microservices – para. [0027]) of a plurality of candidate servers for provisioning the related network service (e.g. discover configuration information; FIG. 1; FIG. 6; “... Once initiated ... network security system ... will utilize network interface 124 to explore the datacenter to discover what network segments exist, the security requirements of various network segments, what hosts and hardware resources are available, and additional configuration information as needed ...” - para. [0027]; “... Each of the security microservices at the levels of the hierarchy generate their own security load by measuring, scaling, and weighing properties that reflect operating parameters ...” - para. [0047]; “... As illustrated, interface microservice 602 receives packet A 608, which, in some embodiments comprises a header and data ... Interface microservice 602 then accesses load data 652 to conduct a load balancing to select a TCP/IP microservice to receive the packet ...” - para. [0050]); 
	assigning a candidate server of the plurality of candidate servers to provision the related network service (e.g. select a suitable virtual machine or server to provision a microservice – para. [0071]) in response to the candidate server accepting provisioning of the related network service based on the … probe (e.g. the configuration microservice calculates the suitability of the virtual machine or server to provision the microservice; FIG. 7; FIG. 11; “... A request may be received to instantiate a new security microservice and deploy it within a security service (such as security service 706) ...” - para. [0059]; “... FIG. 11 is a block flow diagram illustrating a method of a configuration microservice deploying and configuring a microservice to perform security processing on a suitable virtual machine within a security hierarchy ... At 1104, a suitable virtual machine is selected, wherein the selecting comprises calculating the suitability of the virtual machine based on a property load and a property weight. In some embodiments, the property load is associated with a server ...” - para. [0071]; see also para. [0060]), wherein the candidate server is configured to gather, …, one or more pre-fetched resources for provisioning the related network service (e.g. the server or VM with a suitable processing environment is selected to provision the security microservice; FIG. 7; “... Embodiments disclosed herein analyze multiple server properties and virtual machine properties in order to select a processing environment suited to the new microservice ... a new microservice that is expected to use lots of disk accesses will weigh disk access highly. In some embodiments, selecting a suitable processing environment where to deploy a new microservice involves analyzing many properties, each weighted to represent its significance ...” - para. [0062]); 
	…; and 
	steering, from a load balancer of the network environment (e.g. a configuration microservice in the security system – para. [0071]), traffic associated with provisioning of the related network service to the candidate server for provisioning of the related network service (e.g. directing packets flowing to the microservice that is deployed on the virtual machine or the server; “... FIG. 11 is a block flow diagram illustrating a method of a configuration microservice deploying and configuring a microservice to perform security processing on a suitable virtual machine within a security hierarchy according to an embodiment ... As an example of the selection process, a configuration microservice seeking to deploy an additional DPI microservice will utilize the service load profile of the DPI microservice to weight the current loading of each server and VM property load for each potential VM onto which the DPI microservice could be deployed. The VM with the lowest weighted load (calculated using the process of FIG. 10) will then be selected for deploying the new DPI microservice. At 1106, the microservice is deployed on the selected virtual machine. At 1108, the microservice is configured to communicate with an interface microservice of the selected VM or of another VM on the same server as the selected VM ... At 1110, the microservice is configured to perform security processing on packets processed within a security service ... " - para. [0071]).
	Ahuja does not explicitly teach, but Lette teaches wherein the related network service (e.g. a network service such as an email application registered by the registering consumer – para. [0040]) is identified before the related network service is requested by the client (e.g. the resource pre-allocating system identifying the network service such as the email application before the registering consumer sending requests to the network service – para. [0029] and and the related 6Application No.: 16/380,401Docket No.: 612860 (1020507-US.01) network service is a network service that is requested by the client (e.g. the registering consumer sending requests to the network service such as an email application – para. [0040]) in reaction to provisioning of at least a portion of the requested network service (e.g. the registration process supported by the resource pre-allocating system for the registering consumer accessing the network service – para. [0029]) to the client (e.g. the registering consumer – para. [0029] and [0040]); … gathering one or more pre-fetched resource before the related network service is requested by the client (e.g. pre-allocating resources before the registering consumer sending requests to the network service such as the email application – para. [0040]) …; receiving a request for the related network service from the client either concurrently with provisioning of the requested network service or after the provisioning of the requested network service (e.g. the registering consumer sending request to the network service such as the email application either when or after the resource pre-allocating system performing the service to support registering the registering consumer to the network service; FIG. 2; FIG. 4; FIG. 5; “… When a registering consumer registers to use an application and/or service, the registering consumer can be mapped to a component managing resources pre-allocated for use by registering users …” – para. [0006]; “… Referring initially to FIG. 1, a system 10 for pre-allocating a resource 20 to support a consumer 30 registering to use an application and/or service 40 … The service 40 can be, for example, an email service. Requests from the registering consumer 30 to access the service 40 over the Internet can be made, for example, by Hypertext Transfer Protocol (HTTP) requests … Information collected from the registering consumer during the registration process can be stored in and/or by the component managing the pre-allocated resources …” – para. [0029]; “… By way of illustration, a 
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Ahuja in view of Lette in order to incorporate a method to proactively provision the network services when consumers initiate registration process to the network services as disclosed by Lette. One of ordinary skilled in the art would have been motivated because the arts from Ahuja and Lette disclose the features of services provisioning in distributed systems. Such incorporation would help solving the distribution latency problem to reduce the delay “between the point in time at which the consumer registers to use the service and the point in time at which the consumer is allowed to use the service” (Lette, para. [0030]).
	Ahuja in view of Lette do not explicitly teach, but Hugard IV teaches a User Datagram Protocol (UDP) probe (“... an example active sensor can send a DHCPv6 UDP probe to port 547 at the multicast address FF02:0:0:0:0:0:1:2 to discover all DHCP servers and relay agents ...” - para. [0046]).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Ahuja in view of Lette and further in view of Hugard IV in order to incorporate a method to send UDP packet to discover the network devices as disclosed by 
In regard to claim 16, Ahuja teaches wherein the candidate server is configured to provide the related network service using the one or more pre-fetched resources (e.g. the server or VM with a suitable processing environment is selected to provision the security microservice; FIG. 7; “... Embodiments disclosed herein analyze multiple server properties and virtual machine properties in order to select a processing environment suited to the new microservice ... a new microservice that is expected to use lots of disk accesses will weigh disk access highly. In some embodiments, selecting a suitable processing environment where to deploy a new microservice involves analyzing many properties, each weighted to represent its significance ...” - para. [0062]).
Claims 5, 9, 10, 17 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Ahuja et al. (U.S. Pub. No. US 2018/0121221 A1), herein referred to as Ahuja, in view of Lette et al. (U.S. Pub. No. US 2003/0018784 A1), herein referred to as Lette, in view of Hugard IV et al. (U.S. Pub. No. US 2013/0275574 A1), herein referred to as Hugard IV, and in further view of Akhavain Mohammadi (U.S. Pub. No. US 2020/0128469 A1).
In regard to claim 5, Ahuja in view of Lette and further in view of Hugard IV do not explicitly teach, but Akhavain Mohammadi teaches wherein the UDP probe (e.g. the UDP packet – para. [0041]) includes an SRv6 header (e.g. SR header – para. [0035]) identifying the plurality of candidate servers (e.g. list of network devices; FIG. 3; FIG. 7; FIG. 8; “... For SRv6, an 
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Ahuja in view of Lette in view of Hugard IV and further in view of Akhavain Mohammadi in order to incorporate a method to insert a SRv6 header which hosts a list of IP addresses for the network devices into an UDP packet as disclosed by Akhavain
Mohammadi. One of ordinary skilled in the art would have been motivated because such incorporation would provide a data structure by the SRv6 header holding an ordered list of IP addresses for the network devices to help “either steer traffic flows through the network while confining flow states to the ingress nodes in the SR domains or to indicate functions that are performed at specific network locations” (Akhavain Mohammadi, para. [0032]).
In regard to claim 9, Ahuja in view of Lette and further in view of Hugard IV do not explicitly teach, but Akhavain Mohammadi teaches further comprising: inserting a SRv6 header (e.g. insert a SR header – para. [0048] and [0049]) into the client UDP packet (e.g. the UDP packet – para. [0041]) to create a modified client UDP packet for the requested network service (e.g. send the modified packet to the network; FIG. 3; FIG. 7; FIG. 8; “... For SRv6, an 
	Ahuja in view of Lette and further in view of Hugard IV further teaches sending the modified client UDP packet (e.g. the channel data encapsulation packet – para. [0043]) for the requested network service (e.g. one of the security microservice – para. [0043]) within the network environment to the plurality of candidate servers for provisioning the requested network service (Ahuja: e.g. the security microservices configured and deployed on the servers and virtual machines; FIG. 5; “... Interface microservice 508 transmits 512 the channel data encapsulation packet 510 to TCP/IP microservice 514 ... After conducting security processing of the channel data encapsulation packet 516, TCP/IP microservice 514 transmits 518 it to DPI microservice 520 ...” - para. [0043]);
	assigning another candidate server of the plurality of candidate servers to provision the requested network service (e.g. select a suitable virtual machine or server to provision a microservice – para. [0071]) in response to the another candidate server accepting provisioning of the requested network service (e.g. the configuration microservice calculates the suitability of the virtual machine or server to provision the microservice – para. [0071]) based on the modified client UDP packet (Ahuja: e.g. the channel data encapsulation packet; FIG. 5; FIG. 7; FIG. 11; “... DPI microservice 520 transmits channel data encapsulation packet 524 to TCP/IP microservice 514, which uses the DPI load and DPI timestamp information to inform future load-balancing decisions ... TCP/IP microservice 514 transmits channel data encapsulation packet 528 to interface microservice 508, which uses the TCP/IP load and TCP/IP timestamp information to inform future load-balancing decisions ...” - para. [0045]; “... At 1104, a suitable virtual machine is selected, wherein the selecting comprises calculating the suitability of the virtual machine based on a property load and a property weight. In some embodiments, the property load is associated with a server ...” - para. [0071]; see also para. [0060]), wherein the another candidate server is configured to gather one or more additional pre-fetched resources for provisioning the requested network service (Ahuja: e.g. the server or VM with a suitable processing environment is selected to provision the security microservice; FIG. 7; “...
Embodiments disclosed herein analyze multiple server properties and virtual machine properties in order to select a processing environment suited to the new microservice ... a new microservice that is expected to use lots of disk accesses will weigh disk access highly. In some embodiments, selecting a suitable processing environment where to deploy a new microservice involves analyzing many properties, each weighted to represent its significance ...” - para.
[0062]); and
	steering, from the load balancer of the network environment (e.g. a configuration microservice in the security system – para. [0071]), additional traffic associated with provisioning of the requested network service to the another candidate server for provisioning of the requested network service using the one or more additional pre-fetched resources (Ahuja: e.g. directing packets flowing to the microservice that is deployed on the virtual machine or the server; “... FIG. 11 is a block flow diagram illustrating a method of a configuration microservice deploying and configuring a microservice to perform security processing on a suitable virtual machine within a security hierarchy according to an embodiment ... As an example of the selection process, a configuration microservice seeking to deploy an additional DPI microservice will utilize the service load profile of the DPI microservice to weight the current loading of each server and VM property load for each potential VM onto which the DPI microservice could be deployed. The VM with the lowest weighted load (calculated using the process of FIG. 10) will then be selected for deploying the new DPI microservice. At 1106, the microservice is deployed on the selected virtual machine. At 1108, the microservice is configured to communicate with an interface microservice of the selected VM or of another VM on the same server as the selected VM ... At 1110, the microservice is configured to perform security processing on packets processed within a security service ...” - para. [0071]).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Ahuja in view of Lette in view of Hugard IV and further in view of Akhavain Mohammadi in order to incorporate a method to insert a SRv6 header which hosts a list of IP addresses for the network devices into an UDP packet as disclosed by Akhavain Mohammadi. One of ordinary skilled in the art would have been motivated because such incorporation would provide a data structure by the SRv6 header holding an ordered list of IP addresses for the network devices to help “either steer traffic flows through the network while 
In regard to claim 10, Ahuja in view of Lette in view of Hugard IV and further in view of Akhavain Mohammadi teach wherein the modified client UDP packet (e.g. the channel data encapsulation packet – para. [0043]) is passed sequentially along the plurality of candidate servers (e.g. pass through the security microservices that configured and deployed on the servers or virtual machines in sequence – para. [0043] and [0045]) until the another candidate server accepts provisioning of the requested network service (Ahuja: e.g. the configuration microservice calculates the suitability of the virtual machine or server to provision the microservice; FIG. 5; FIG. 11; “... Interface microservice 508 transmits 512 the channel data encapsulation packet 510 to TCP/IP microservice 514 ... After conducting security processing of the channel data encapsulation packet 516, TCP/IP microservice 514 transmits 518 it to DPI microservice 520 ...” - para. [0043]; “... DPI microservice 520 transmits channel data encapsulation packet 524 to TCP/IP microservice 514, which uses the DPI load and DPI timestamp information to inform future load-balancing decisions ... TCP/IP microservice 514 transmits channel data encapsulation packet 528 to interface microservice 508, which uses the TCP/IP load and TCP/IP timestamp information to inform future load-balancing decisions ...” - para. [0045]; “... At 1104, a suitable virtual machine is selected, wherein the selecting comprises calculating the suitability of the virtual machine based on a property load and a property weight. In some embodiments, the property load is associated with a server ...” - para. [0071]).
In regard to claim 17, Ahuja in view of Lette and further in view of Hugard IV teach wherein the UDP probe (e.g. a channel data encapsulation packet – para. [0040]) is generated in response to a client UDP packet (e.g. an application data packet – para. [0040]) received from the client for accessing the requested network service (Ahuja: e.g. the security microservices; “... FIG. 5 is a block flow diagram illustrating application data traversing to a server after passing through a hierarchy of a security microservices ... the flow begins with security service 504 receiving a network data packet from application 502. Security service 504 forwards 506 the packet to interface microservice 508, which generates a channel data encapsulation packet 510, which encapsulates three packets A, B, and C, and context X ... in alternate embodiments, the number of encapsulated packets may vary ...” - para. [0040]) and the instructions which, when executed by the one or more processors, further cause the one or more processors to perform operations comprising:
	Ahuja in view of Lette and further in view of Hugard IV do not explicitly teach, but Akhavain Mohammadi teaches inserting a SRv6 header (e.g. insert a SR header – para. [0048] and [0049]) into the client UDP packet (e.g. the UDP packet – para. [0041]) to create a modified client UDP packet for the requested network service (e.g. send the modified packet to the network; FIG. 3; FIG. 7; FIG. 8; “... For SRv6, an IPv6 address is explicitly associated with a segment. An example IPv6 segment routing header (SRH) is illustrated in FIG. 3 ... It is noted that each IPv6 address 330 represents the SID for that segment ...” - para. [0035]; “... Accordingly, embodiments associate SIDs with GTP endpoints' IP addresses and TEIDs ...” - para. [0040]; “... The UPF may also add the UDP header and then pass this packet to the GTP processing module to produce the outgoing GTP packet ...” - para. [0041]; “... GTP processing module 420 inserts GTP header to user data packets ... The SR module 430 removes GTP related 
	Ahuja in view of Lette and further in view of Hugard IV further teaches sending the modified client UDP packet (e.g. the channel data encapsulation packet – para. [0043]) for the requested network service (e.g. one of the security microservice – para. [0043]) within the network environment to the plurality of candidate servers for provisioning the requested network service (Ahuja: e.g. the security microservices configured and deployed on the servers and virtual machines; FIG. 5; “... Interface microservice 508 transmits 512 the channel data encapsulation packet 510 to TCP/IP microservice 514 ... After conducting security processing of the channel data encapsulation packet 516, TCP/IP microservice 514 transmits 518 it to DPI microservice 520 ...” - para. [0043]);
	assigning another candidate server of the plurality of candidate servers to provision the requested network service (e.g. select a suitable virtual machine or server to provision a microservice – para. [0071]) in response to the another candidate server accepting provisioning of the requested network service (e.g. the configuration microservice calculates the suitability of the virtual machine or server to provision the microservice – para. [0071]) based on the modified client UDP packet (Ahuja: e.g. the channel data encapsulation packet; FIG. 5; FIG. 7; FIG. 11; “... DPI microservice 520 transmits channel data encapsulation packet 524 to TCP/IP microservice 514, which uses the DPI load and DPI timestamp information to inform future load-balancing decisions ... TCP/IP microservice 514 transmits channel data encapsulation packet 528 to interface microservice 508, which uses the TCP/IP load and TCP/IP timestamp information to inform future load-balancing decisions ...” - para. [0045]; “... At 1104,  is selected, wherein the selecting comprises calculating the suitability of the virtual machine based on a property load and a property weight. In some embodiments, the property load is associated with a server ...” - para. [0071]; see also para. [0060]), wherein the another candidate server is configured to gather one or more additional pre-fetched resources for provisioning the requested network service (Ahuja: e.g. the server or VM with a suitable processing environment is selected to provision the security microservice; FIG. 7; “...
Embodiments disclosed herein analyze multiple server properties and virtual machine properties in order to select a processing environment suited to the new microservice ... a new microservice that is expected to use lots of disk accesses will weigh disk access highly. In some embodiments, selecting a suitable processing environment where to deploy a new microservice involves analyzing many properties, each weighted to represent its significance ...” - para.
[0062]); and
	steering, from the load balancer of the network environment (e.g. a configuration microservice in the security system – para. [0071]), additional traffic associated with provisioning of the requested network service to the another candidate server for provisioning of the requested network service using the one or more additional pre-fetched resources (Ahuja: e.g. directing packets flowing to the microservice that is deployed on the virtual machine or the server; “... FIG. 11 is a block flow diagram illustrating a method of a configuration microservice deploying and configuring a microservice to perform security processing on a suitable virtual machine within a security hierarchy according to an embodiment ... As an example of the selection process, a configuration microservice seeking to deploy an additional DPI microservice will utilize the service load profile of the DPI microservice 
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Ahuja in view of Lette in view of Hugard IV and further in view of Akhavain Mohammadi in order to incorporate a method to insert a SRv6 header which hosts a list of IP addresses for the network devices into an UDP packet as disclosed by Akhavain Mohammadi. One of ordinary skilled in the art would have been motivated because such incorporation would provide a data structure by the SRv6 header holding an ordered list of IP addresses for the network devices to help “either steer traffic flows through the network while confining flow states to the ingress nodes in the SR domains or to indicate functions that are performed at specific network locations” (Akhavain Mohammadi, para. [0032]).
In regard to claim 20, Ahuja teaches a non-transitory computer-readable storage medium having stored therein instructions which, when executed by a processor, cause the processor to perform operations (“… Network security system microservices are stored in memory ... and executed by one or more hardware processors or processor cores ...” - para. [0023]; “... the microservices are implemented using computer-executable instructions loaded comprising: monitoring traffic in a network environment for providing access to network services (e.g. interface microservices and security microservices – para. [0021]) through the network environment (“… A security system that monitors network traffic often includes multiple interface microservices and multiple security microservices, such as an interface microservice, a TCP/IP security microservice, a DPI security microservice, and an SSL security microservice, to name a few to receive and process network traffic ...” - para. [0021]); 
	identifying a requested network service (e.g. one of the new security microservices requested – para.[0022]) for a client (“… As traffic increases or as new types of security microservices are to be provided, embodiments disclosed herein receive requests to instantiate new microservices ...” - para. [0022]); 
	identifying a related network service (e.g. one of the security microservices or interface microservices – para. [0029]) associated with the requested network service (e.g. one of the security microservices – para. [0022]) recognized by monitoring the traffic in the network environment (FIG. 1; “... As traffic increases or as new types of security microservices are to be provided, embodiments disclosed herein receive requests to instantiate new microservices ...” - para. [0022]; “... Network security system receives traffic via network interface 124 to/from s datacenter ... traffic first passes into and through a segment microservice, then a TCP/IP inspection microservice, then an SSL microservice, then a DPI microservice, then a NOX microservice, and then a DLP microservice. However, one or more of these services may not be enabled ...” - para. [0029]; “... security microservices can choose which interface microservice to use ...” - para. [0056]), …; 
	sending a … probe (e.g. sending packet A to explore – para. [0050]) for the related network service (e.g. one of the security services – para. [0047]) within the network environment to at least one candidate server (e.g. hosts or hardware resources to host the microservices – para. [0027]) of a plurality of candidate servers for provisioning the related network service (e.g. discover configuration information; FIG. 1; FIG. 6; “... Once initiated ... network security system ... will utilize network interface 124 to explore the datacenter to discover what network segments exist, the security requirements of various network segments, what hosts and hardware resources are available, and additional configuration information as needed ...” - para. [0027]; “... Each of the security microservices at the levels of the hierarchy generate their own security load by measuring, scaling, and weighing properties that reflect operating parameters ...” - para. [0047]; “... As illustrated, interface microservice 602 receives packet A 608, which, in some embodiments comprises a header and data ... Interface microservice 602 then accesses load data 652 to conduct a load balancing to select a TCP/IP microservice to receive the packet ...” - para. [0050]), …; 
	assigning a candidate server of the plurality of candidate servers to provision the related network service (e.g. select a suitable virtual machine or server to provision a microservice – para. [0071]) in response to the candidate server accepting provisioning of the related network service based on the … probe (e.g. the configuration microservice calculates the suitability of the virtual machine or server to provision the microservice; FIG. 7; FIG. 11; “... A request may be received to instantiate a new security microservice and deploy it within a security service (such as security service 706) ...” - para. [0059]; “... FIG. 11 is a block flow diagram illustrating a method of a configuration microservice deploying and configuring a , wherein the candidate server is configured to gather, …, one or more pre-fetched resources for provisioning the related network service (e.g. the server or VM with a suitable processing environment is selected to provision the security microservice; FIG. 7; “... Embodiments disclosed herein analyze multiple server properties and virtual machine properties in order to select a processing environment suited to the new microservice ... a new microservice that is expected to use lots of disk accesses will weigh disk access highly. In some embodiments, selecting a suitable processing environment where to deploy a new microservice involves analyzing many properties, each weighted to represent its significance ...” - para. [0062]); 
	…; and 
	steering, from a load balancer of the network environment (e.g. a configuration microservice in the security system – para. [0071]), traffic associated with provisioning of the related network service to the candidate server for provisioning of the related network service using the one or more pre-fetched resources (e.g. directing packets flowing to the microservice that is deployed on the virtual machine or the server; “... FIG. 11 is a block flow diagram illustrating a method of a configuration microservice deploying and configuring a microservice to perform security processing on a suitable virtual machine within a security hierarchy according to an embodiment ... As an example of the selection process, a 
	Ahuja does not explicitly teach, but Lette teaches wherein the related network 9Application No.: 16/380,401Docket No.: 612860 (1020507-US.01) service (e.g. a network service such as an email application registered by the registering consumer – para. [0040]) is identified before the related network service is requested by the client (e.g. the resource pre-allocating system identifying the network service such as the email application before the registering consumer sending requests to the network service – para. [0029] and [0040]) and the related network service is a network service that is requested by the client (e.g. the registering consumer sending requests to the network service such as an email application – para. [0040]) in reaction to provisioning of at least a portion of the requested network service (e.g. the registration process supported by the resource pre-allocating system for the registering consumer accessing the network service – para. [0029]) to the client (e.g. the registering consumer – para. [0029] and [0040]); … gathering one or more pre-fetched resource before the related network service is requested by the client (e.g. pre-allocating resources before the registering consumer sending requests to the network service such as the email  …; receiving a request for the related network service from the client either concurrently with provisioning of the requested network service or after the provisioning of the requested network service (e.g. the registering consumer sending request to the network service such as the email application either when or after the resource pre-allocating system performing the service to support registering the registering consumer to the network service; FIG. 2; FIG. 4; FIG. 5; “… When a registering consumer registers to use an application and/or service, the registering consumer can be mapped to a component managing resources pre-allocated for use by registering users …” – para. [0006]; “… Referring initially to FIG. 1, a system 10 for pre-allocating a resource 20 to support a consumer 30 registering to use an application and/or service 40 … The service 40 can be, for example, an email service. Requests from the registering consumer 30 to access the service 40 over the Internet can be made, for example, by Hypertext Transfer Protocol (HTTP) requests … Information collected from the registering consumer during the registration process can be stored in and/or by the component managing the pre-allocated resources …” – para. [0029]; “… By way of illustration, a user registering to access an email application may require disk space, data communications bandwidth, and access to security devices. Conventionally, such resources may be allocated after receiving a request from a consumer to register for access to the application. The present invention can pre-allocate such resources so that they are available for the registering consumer contemporaneously with the registering consumer's registering for access to the application …” – para. [0040]; see also para. [0038]).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Ahuja in view of Lette in order to incorporate a method to 
	Ahuja in view of Lette do not explicitly teach, but Hugard IV teaches a User Datagram Protocol (UDP) probe (“... an example active sensor can send a DHCPv6 UDP probe to port 547 at the multicast address FF02:0:0:0:0:0:1:2 to discover all DHCP servers and relay agents ...” - para. [0046]).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Ahuja in view of Lette and further in view of Hugard IV in order to incorporate a method to send UDP packet to discover the network devices as disclosed by Hugard IV. One of ordinary skilled in the art would have been motivated because such incorporation would discover live network devices, identify the attributes of the network devices, conduct security management over the discovered devices in the network (Hugard IV, paras. [0002], [0013]) and incur less delay for packet transmission.
	Ahuja in view of Lette and further in view of Hugard IV do not explicitly teach, but Akhavain Mohammadi teaches wherein the UDP probe (e.g. the UDP packet – para. [0041]) includes an SRv6 header (e.g. SR header – para. [0035]) identifying the plurality of candidate servers (e.g. list of network devices; FIG. 3; FIG. 7; FIG. 8; “... For SRv6, an IPv6 address is 
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Ahuja in view of Lette in view of Hugard IV and further in view of Akhavain Mohammadi in order to incorporate a method to insert a SRv6 header which hosts a list of IP addresses for the network devices into an UDP packet as disclosed by Akhavain
Mohammadi. One of ordinary skilled in the art would have been motivated because such incorporation would provide a data structure by the SRv6 header holding an ordered list of IP addresses for the network devices to help “either steer traffic flows through the network while confining flow states to the ingress nodes in the SR domains or to indicate functions that are performed at specific network locations” (Akhavain Mohammadi, para. [0032]).
Claims 11-14, 18 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Ahuja et al. (U.S. Pub. No. US 2018/0121221 A1), herein referred to as Ahuja, in view of Lette et al. (U.S. Pub. No. US 2003/0018784 A1), herein referred to as Lette, in view of Hugard IV et al. (U.S. Pub. No. US 2013/0275574 A1), herein referred to as Hugard IV, and in further view of .
In regard to claim 11, Ahuja in view of Lette and further in view of Hugard IV do not explicitly teach, but Natarajan teaches further comprising: generating a temporal dependency mapping of network services (e.g. a metric dweight - p. 2509, col. 2, para. 3) provisioned through the network environment including the requested network service (e.g. the original service request - p. 2509, col. 2, para. 1) and the related network service (e.g. the upstream service requests; Fig. 1; Fig. 2; “... In order to serve the original service request, all the upstream service requests initiated by this service take place while the original service request is still active ...” - p. 2509, col. 2, para. 1; “... we analyze the flow records for service dependencies. We track such dependencies using a metric dweight, which is the number of times a flow to the upstream service happened when the downstream service is invoked ...” - p. 2509, col. 2, para. 3); and
	identifying the related network service (e.g. the upstream service request B - p. 2509, col. 2, para. 3) is associated with the requested network service (e.g. the original service request A - p. 2509, col. 2, para. 3) based on the temporal dependency mapping of the network services (“... A potential dependency A->B is tracked as dweight(A, B) ...” - p. 2509, col. 2, para. 3).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Ahuja in view of Lette in view of Hugard IV and further in view of Natarajan in order to incorporate a method to discover the dependency between the network services as disclosed by Natarajan. One of ordinary skilled in the art would have been motivated 
In regard to claim 12, Ahuja in view of Lette and further in view of Hugard IV do not explicitly teach, but Natarajan teaches wherein the temporal dependency mapping is generated by: analyzing traffic to generate per-flow information of traffic flows in the traffic (e.g. check the traffic flow record; “... We process each flow record sorted in the order of their StartTime. On receiving a flow record, we consider it as an outbound flow record of the SourceIP and look back at all previous records to see if the current record is encompassed within the connection timeframe of any previous inbound flow record to the same SourceIP ...” - p. 2509, col. 2, para. 4);
	translating the per-flow information into per-service information to identify a service-to-service delay distribution of the network services provisioned through the network environment (e.g. correlate the traffic flow records to the service dependency relationship; “... If such an inbound flow record is found, the current outbound flow might be a flow that depends on the identified inbound flow, and can be considered as a candidate dependency ...” - p. 2509, col. 2, para. 4; “... at any point during flow processing, we consider flow records that were active at that instance of time ...” - p. 2510, col. 1, para. 2); and
	generating the temporal dependency mapping of the network services (e.g. the calculated dependency metric dweight - p. 2510, col. 1, para. 4) based on the service-to-service delay distribution of the network services (e.g. the analysis of the service dependency situation; “... We consider a dependency as true, if the ratio of its dweight to the number of times the service is accessed is at least α. In an identical case when a server depends on the dependency for every request it receives, α could be 1 ...” - p. 2510, col. 1, para. 4).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Ahuja in view of Lette in view of Hugard IV and further in view of Natarajan in order to incorporate a method to discover the dependency between the network services as disclosed by Natarajan. One of ordinary skilled in the art would have been motivated because such incorporation would provide a suite of techniques to discover the dependencies of network services and applications to maintain the well-being of an enterprise network. These techniques could provide efficient analysis for the enterprise network to protect it in the presence of network attacks and failures (Natarajan, Abstract), and to provide it valuable information to provision new network services.
In regard to claim 13, Ahuja in view of Lette and further in view of Hugard IV do not explicitly teach, but Natarajan teaches wherein the per-flow information corresponds to an appearance of a traffic flow in the traffic (e.g. a TCP or UDP flow in the traffic; “... Our approach operates on network flows, including TCP and UDP flows ... We represent a TCP or
UDP flow as a tuple of 7 attributes: (StartTime, EndTime, SourceIP, SourcePort, Protocol, DestinationIP, DestinationPort) ...” - p. 2509, col. 1, para. 4) and includes monitored flows within a time window including the traffic flow (e.g. monitor the traffic flow between the time of initiating the original service request and the time when the original service request is granted; FIG. 2; “... In order to serve the original service request, all the upstream service  Figure 2 describes a timeline diagram showing the connections to and from a webserver ...” - p. 2509, col. 1, para. 1).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Ahuja in view of Lette in view of Hugard IV and further in view of Natarajan in order to incorporate a method to discover the dependency between the network services as disclosed by Natarajan. One of ordinary skilled in the art would have been motivated because such incorporation would provide a suite of techniques to discover the dependencies of network services and applications to maintain the well-being of an enterprise network. These techniques could provide efficient analysis for the enterprise network to protect it in the presence of network attacks and failures (Natarajan, Abstract), and to provide it valuable information to provision new network services.
In regard to claim 14, Ahuja in view of Lette and further in view of Hugard IV do not explicitly teach, but Natarajan teaches wherein two or more network services are found to be related if a corresponding service-to-service delay distribution of the two or more network services varies (e.g. decide the access request to a web server is related to authentication service and database access service after the design algorithm analyzed the related network services are encompassed within the original requested services - p. 2509, col. 2, para. 1) in the service-to-service delay distribution of the network services (Fig. 2; “... For example, when a client connects to a web server, the web server internally connects to an authentication server to authenticate the client and then connects to a database server for data access. All these outgoing connections from the web server are encompassed within the time frame of the StartTime. On receiving a flow record, we consider it as an outbound flow record of the SourceIP and look back at all previous records to see if the current record is encompassed within the connection timeframe of any previous inbound flow record to the same SourceIP. If such an inbound flow record is found, the current outbound flow might be a flow that depends on the identified inbound flow, and can be considered as a candidate dependency ...” - p. 2509, col. 2, para.4).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Ahuja in view of Lette in view of Hugard IV and further in view of Natarajan in order to incorporate a method to discover the dependency between the network services as disclosed by Natarajan. One of ordinary skilled in the art would have been motivated because such incorporation would provide a suite of techniques to discover the dependencies of network services and applications to maintain the well-being of an enterprise network. These techniques could provide efficient analysis for the enterprise network to protect it in the presence of network attacks and failures (Natarajan, Abstract), and to provide it valuable information to provision new network services.
In regard to claim 18, Ahuja in view of Lette and further in view of Hugard IV do not explicitly teach, but Natarajan teaches wherein the instructions which, when executed by the one or more processors, further cause the one or more processors to perform operations comprising: generating a temporal dependency mapping of network services (e.g. a metric dweight - p. 2509, col. 2, para. 3) provisioned through the network environment including the requested network service (e.g. the original service request - p. 2509, col. 2, para. 1) and the related network service (e.g. the upstream service requests; Fig. 1; Fig. 2; “... In order to serve the original service request, all the upstream service requests initiated by this service take place while the original service request is still active ...” - p. 2509, col. 2, para. 1; “... we analyze the flow records for service dependencies. We track such dependencies using a metric dweight, which is the number of times a flow to the upstream service happened when the downstream service is invoked ...” - p. 2509, col. 2, para. 3); and 
	identifying the related network service (e.g. the upstream service request B - p. 2509, col. 2, para. 3) is associated with the requested network service (e.g. the original service request A - p. 2509, col. 2, para. 3) based on the temporal dependency mapping of the network services (“... A potential dependency A->B is tracked as dweight(A, B) ...” - p. 2509, col. 2, para. 3).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Ahuja in view of Lette in view of Hugard IV and further in view of Natarajan in order to incorporate a method to discover the dependency between the network services as disclosed by Natarajan. One of ordinary skilled in the art would have been motivated because such incorporation would provide a suite of techniques to discover the dependencies of network services and applications to maintain the well-being of an enterprise network. These techniques could provide efficient analysis for the enterprise network to protect it in the presence of network attacks and failures (Natarajan, Abstract), and to provide it valuable information to provision new network services.
In regard to claim 19, Ahuja in view of Lette and further in view of Hugard IV do not explicitly teach, but Natarajan teaches wherein the instructions which, when executed by the one or more processors, further cause the one or more processors to perform operations comprising: analyzing traffic to generate per-flow information of traffic flows in the traffic (e.g. check the traffic flow record; “... We process each flow record sorted in the order of their StartTime. On receiving a flow record, we consider it as an outbound flow record of the SourceIP and look back at all previous records to see if the current record is encompassed within the connection timeframe of any previous inbound flow record to the same SourceIP ...” - p. 2509, col. 2, para. 4); 
	translating the per-flow information into per-services information to identify a service-to-service delay distribution of the network services provisioned through the network environment (e.g. correlate the traffic flow records to the service dependency relationship; “... If such an inbound flow record is found, the current outbound flow might be a flow that depends on the identified inbound flow, and can be considered as a candidate dependency ...” - p. 2509, col. 2, para. 4; “... at any point during flow processing, we consider flow records that were active at that instance of time ...” - p. 2510, col. 1, para. 2); and 
	generating the temporal dependency mapping of the network services (e.g. the calculated dependency metric dweight - p. 2510, col. 1, para. 4) based on the service-to-service delay distribution of the network services (e.g. the analysis of the service dependency situation; “... We consider a dependency as true, if the ratio of its dweight to the number of times the service is accessed is at least α. In an identical case when a server depends on the dependency for every request it receives, α could be 1 ...” - p. 2510, col. 1, para. 4).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Ahuja in view of Lette in view of Hugard IV and further in view of 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZONGHUA DU whose telephone number is (408)918-7596.  The examiner can normally be reached on Monday - Friday 7:30 AM - 4:00 PM PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Peter-Anthony Pappas can be reached on (571) 272-7646.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR 






/Z.D./Examiner, Art Unit 2448                                                                                                                                                                                                        
/JONATHAN A BUI/Primary Examiner, Art Unit 2448