Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Applicant’s claim for the benefit of the prior-filed application, U.S. Provisional Patent Application No. 62/886,314 dated August 17, 2019, is acknowledged. 

EXAMINER’S AMENDMENT
Authorization for this examiner’s amendment was given in an examiner-initiated interview with Applicant’s Attorney Matthew Nicholson on May 11, 2021, which is summarized in the attached PTO-413/413b interview summary. 
The application has been amended as shown in attached Appendix A. 

EXAMINER’S STATEMENT OF REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance:
Upon receipt of the application filed on August 13, 2020, Examiner performed a thorough search of the prior art, and determined that several aspects of independent Claims 1, 8, and 15 were not found.  Therefore, a first action allowance was appropriate.  In particular, several of the limitations recite very specific combinations of various IP addresses locations that were not found in the prior art, and those combinations are shown with underlines below.  
Claim 1, the “encapsulating …” and “receiving …” limitations respectively recite the following clauses, which were found to be novel in the art:
wherein the GRE tunnel between each computing device and the single origin router has a first GRE endpoint that has a same first IP address and a second GRE endpoint that has a second IP address that is a publicly routable IP address of the single origin router;
wherein the first source IP address is a third IP address of the client device, wherein the first destination IP address is a fourth IP address of an origin server of the origin network, wherein the fourth IP address is advertised as a first anycast IP address at the distributed cloud computing network;
In Claim 8, the “encapsulating …” limitation recites the following clause, which was found to be novel in the art:
wherein the second source IP address is a third IP address assigned as a first Generic Routing Encapsulation (GRE) endpoint of a GRE tunnel that is configured on the first computing device and each of the other computing devices of the plurality of computing devices, and wherein the second destination IP address is a fourth IP address of a publicly routable IP address of a single origin router of an origin network that is configured as a second GRE endpoint of the GRE tunnel;
Finally, in Claim 15, the “encapsulating …” limitation recites the following clause, which was found to be novel in the art:
wherein the first outer packet has a second source IP address and a second destination IP address, wherein the second source IP address is a third IP address assigned as a first Generic Routing Encapsulation (GRE) endpoint of a GRE tunnel that is configured on the first computing device and each of the other computing devices of the plurality of computing devices, and wherein the second destination IP address is a fourth IP address of a publicly routable IP address of a single origin router of an origin network that is configured as a second GRE endpoint of the GRE tunnel;
In all the citations listed above for the independent claims, the recitation of specific numerical positions for the IP addresses relative to each other within the Generic Routing Encapsulation (GRE) tunnel and participating devices significantly narrows the breadth of the claims and is apparently unique in the art, since no prior art references were found to disclose such relative positioning.  An example is the clause which recites that the “second destination IP address is a fourth IP address of a publicly routable IP address of a single origin router.”  In addition, many of the dependent claims further narrow the scope of the invention by reciting additional numerical positioning clauses.  An example is Claim 5, which recites “wherein the fifth IP address is advertised as a third anycast IP address in the distributed cloud computing network, and wherein third source IP address is a sixth IP address of the second client device.”  Such positional specificity appears to be novel in the art. 
It should be noted that the specification does not specifically disclose the above limitations, but does disclose a complex networking scheme, such as is shown in figures 1 and 4, as well as a plurality of data centers, devices, and IP addresses within the distributed network (see, e.g., paragraphs [0021]-[0022]).  In addition, the specification appears to fully disclose all the networking elements recited in the claims.  Because the 
All that is necessary is that one skilled in the art be able to practice the claimed invention, given the level of knowledge and skill in the art. Further the scope of enablement must only bear a "reasonable correlation" to the scope of the claims. 
Therefore, Claims 1-21 have been allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PHYLLIS A BOOK whose telephone number is (571)272-0698.  The examiner can normally be reached on M-F 10:00 am - 7:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/PHYLLIS A BOOK/Primary Examiner, Art Unit 2454                                                                                                                                                                                                        


Appendix A – Allowed Claims for 16/993,181
A method in a distributed cloud computing network that includes a plurality of computing devices, the method comprising:
configuring a Generic Routing Encapsulation (GRE) tunnel between the plurality of computing devices of the distributed cloud computing network and a single origin router of an origin network, wherein the GRE tunnel between each computing device and the single origin router has a first GRE endpoint that has a same first IP address and a second GRE endpoint that has a second IP address that is a publicly routable IP address of the single origin router;
receiving, from a first client device, a first IP packet at a first one of the plurality of computing devices, wherein the received first IP packet has a first source IP address and a first destination IP address, wherein the first source IP address is a third IP address of the client device, wherein the first destination IP address is a fourth IP address of an origin server of the origin network, wherein the fourth IP address is advertised as a first anycast IP address at the distributed cloud computing network;    
processing the received first IP packet at the first computing device; 
encapsulating the processed first IP packet inside a first outer packet to generate a first GRE encapsulated packet, wherein the first outer packet has a second source IP address and a second destination IP address, wherein the second source IP address is the first IP address, and wherein the second destination IP address is the second IP address; and
transmitting the first GRE encapsulated packet over the GRE tunnel to the second IP address of the single origin router. 
The method of claim 1, wherein processing the received first IP packet at the first computing device includes performing a distributed denial of service (DDoS) mitigation on the first IP packet.
The method of claim 1, wherein the first IP address is a second anycast IP address.
The method of claim 3, further comprising: 

receiving, at a second one of the plurality of computing devices over the GRE tunnel, a second GRE encapsulated packet from the single origin router in response to the transmitted first GRE encapsulated packet, the second GRE encapsulated packet having been directed to the second anycast IP address; 
processing, at the second computing device, the second GRE encapsulated packet including decapsulating the second GRE encapsulated packet to reveal a second IP packet, wherein the second IP packet has a third source IP address and a third destination IP address, wherein the third source IP address is the fourth IP address of the origin server, and wherein the third destination IP address is the third IP address of the first client device; and
transmitting, by the second computing device, the second IP packet to the first client device.
The method of claim 3, further comprising: 
receiving, from a second client device, a second IP packet at the first computing device, wherein the received second IP packet has a third source IP address and a third destination IP address, wherein the third destination IP address is a fifth IP address of a second origin server, wherein the fifth IP address is advertised as a third anycast IP address by the distributed cloud computing network, and wherein the third source IP address is a sixth IP address of the second client device;
processing the received second IP packet at the first computing device; 
encapsulating the processed second IP packet inside a second outer packet to generate a second GRE encapsulated packet, wherein the second outer packet has a fourth source IP address and a fourth destination IP address, wherein the second outer packet has the second anycast IP address as the fourth source IP address, wherein the outer packet has a seventh IP address of a second origin router for the second origin server as the fourth destination IP address; 
transmitting the second GRE encapsulated packet over the GRE tunnel to the seventh IP address of the second origin router for the second origin server;

processing, at the second computing device, the third GRE encapsulated packet including decapsulating the third GRE encapsulated packet to reveal a third IP packet, wherein the third IP packet has a fifth source IP address and a fifth destination IP address, wherein the fifth source IP address is the fifth IP address of the second origin server, and wherein the fifth destination IP address is the sixth IP address of the second client device; 
determining, using a probability map based on the fifth destination IP address, that an ingress for a packet flow of the third IP packet is the first computing device, and responsive to this determining, transmitting the third IP packet from the second computing device to the first computing device;  
processing, at the first computing device, the third IP packet; and
transmitting, by the first computing device, the third IP packet to the second client device. 
The method of claim 3, further comprising: 
receiving, from a second client device, a second IP packet at the first computing device, wherein the received second IP packet has a third source IP address and a third destination IP address, wherein the third destination IP address is a fifth IP address of a second origin server, wherein the fifth IP address is advertised as a third anycast IP address by the distributed cloud computing network, and wherein the third source IP address is a sixth IP address of the second client device;
processing the received second IP packet at the first computing device; 
modifying the processed second IP packet by changing the third source IP address of the received second IP packet to a seventh IP address of the first computing device to create a modified third IP packet; 
encapsulating the modified third IP packet inside a second outer packet to generate a second GRE encapsulated packet, wherein the second outer packet has a fourth source IP address and a fourth destination IP address, wherein the second outer 
transmitting the second GRE encapsulated packet over the GRE tunnel to the eighth IP address of the second origin router for the second origin server;
receiving, at a second one of the plurality of computing devices over the GRE tunnel, a third GRE encapsulated packet from the second origin router in response to the transmitted second GRE encapsulated packet, the third GRE encapsulated packet being directed to the second anycast IP address; 
processing, at the second computing device, the third GRE encapsulated packet including decapsulating the third GRE encapsulated packet to reveal a fourth IP packet, wherein the fourth IP packet has a fifth source IP address and a fifth destination IP address, wherein the fifth source IP address is the fifth IP address of the second origin server, and wherein the fifth destination IP address is the seventh IP address of the first computing device; 
transmitting the fourth IP packet from the second computing device to the first computing device;  
processing, at the first computing device, the fourth IP packet; and
transmitting, by the first computing device, the fourth IP packet to the second client device. 
The method of claim 6, wherein processing the received second IP packet and processing the fourth IP packet include performing layer 4 and/or layer 7 processing.
A non-transitory machine-readable storage medium that provides instructions that, when executed by a processor, cause the processor to perform operations comprising:
receiving, from a first client device, a first IP packet at a first one of a plurality of computing devices of a distributed cloud computing network, wherein the received first IP packet has a first source IP address and a first destination IP address, wherein the first source IP address is a first IP address of the client device, wherein the first destination IP address is a second IP address of an origin server of an origin network, 
processing the received first IP packet at the first computing device; 
encapsulating the processed first IP packet inside a first outer packet to generate a first GRE encapsulated packet, wherein the first outer packet has a second source IP address and a second destination IP address, wherein the second source IP address is a third IP address assigned as a first Generic Routing Encapsulation (GRE) endpoint of a GRE tunnel that is configured on the first computing device and each of the other computing devices of the plurality of computing devices, and wherein the second destination IP address is a fourth IP address of a publicly routable IP address of a single origin router of an origin network that is configured as a second GRE endpoint of the GRE tunnel; and
transmitting the first GRE encapsulated packet over the GRE tunnel to the fourth IP address of the single origin router.  
The non-transitory machine-readable storage medium of claim 8, wherein processing the received first IP packet at the first computing device includes performing a distributed denial of service (DDoS) mitigation on the first IP packet.
The non-transitory machine-readable storage medium of claim 8, wherein the third IP address is a second anycast IP address. 
The non-transitory machine-readable storage medium of claim 10, wherein the operations further comprise: 
wherein the second anycast IP address is advertised by each of the computing devices of the distributed cloud computing network; 
receiving, at a second one of the plurality of computing devices over the GRE tunnel, a second GRE encapsulated packet from the single origin router in response to the transmitted first GRE encapsulated packet, the second GRE encapsulated packet having been directed to the second anycast IP address; 
processing, at the second computing device, the second GRE encapsulated packet including decapsulating the second GRE encapsulated packet to reveal a 
transmitting, by the second computing device, the second IP packet to the first client device.
The non-transitory machine-readable storage medium of claim 10, wherein the operations further comprise: 
receiving, from a second client device, a second IP packet at the first computing device, wherein the received second IP packet has a third source IP address and a third destination IP address, wherein the third destination IP address is a fifth IP address of a second origin server, wherein the fifth IP address is advertised as a third anycast IP address by the distributed cloud computing network, and wherein the third source IP address is a sixth IP address of the second client device;
processing the received second IP packet at the first computing device; 
encapsulating the processed second IP packet inside a second outer packet to generate a second GRE encapsulated packet, wherein the second outer packet has a fourth source IP address and a fourth destination IP address, wherein the second outer packet has the second anycast IP address as the fourth source IP address, wherein the outer packet has a seventh IP address of a second origin router for the second origin server as the fourth destination IP address; 
transmitting the second GRE encapsulated packet over the GRE tunnel to the seventh IP address of the second origin router for the second origin server;
receiving, at a second one of the plurality of computing devices over the GRE tunnel, a third GRE encapsulated packet from the second origin router in response to the transmitted second GRE encapsulated packet, the third GRE encapsulated packet being directed to the second anycast IP address; 
processing, at the second computing device, the third GRE encapsulated packet including decapsulating the third GRE encapsulated packet to reveal a third IP packet, wherein the third IP packet has a fifth source IP address and a fifth destination IP address, wherein the fifth source IP address is the fifth IP address of the second origin 
determining, using a probability map based on the fifth destination IP address, that an ingress for a packet flow of the third IP packet is the first computing device, and responsive to this determining, transmitting the third IP packet from the second computing device to the first computing device;  
processing, at the first computing device, the third IP packet; and
transmitting, by the first computing device, the third IP packet to the second client device. 
The non-transitory machine-readable storage medium of claim 10, wherein the operations further comprise: 
receiving, from a second client device, a second IP packet at the first computing device, wherein the received second IP packet has a third source IP address and a third destination IP address, wherein the third destination IP address is a fifth IP address of a second origin server, wherein the fifth IP address is advertised as a third anycast IP address by the distributed cloud computing network, and wherein the third source IP address is a sixth IP address of the second client device;
processing the received second IP packet at the first computing device; 
modifying the processed second IP packet by changing the third source IP address of the received second IP packet to a seventh IP address of the first computing device to create a modified third IP packet; 
encapsulating the modified third IP packet inside a second outer packet to generate a second GRE encapsulated packet, wherein the second outer packet has a fourth source IP address and a fourth destination IP address, wherein the second outer packet has the second anycast IP address as the fourth source IP address, wherein the outer packet has an eighth IP address of a second origin router for the second origin server as the fourth destination IP address; 
transmitting the second GRE encapsulated packet over the GRE tunnel to the eighth IP address of the second origin router for the second origin server;
receiving, at a second one of the plurality of computing devices over the GRE tunnel, a third GRE encapsulated packet from the second origin router in response to 
processing, at the second computing device, the third GRE encapsulated packet including decapsulating the third GRE encapsulated packet to reveal a fourth IP packet, wherein the fourth IP packet has a fifth source IP address and a fifth destination IP address, wherein the fifth source IP address is the fifth IP address of the second origin server, and wherein the fifth destination IP address is the seventh IP address of the first computing device; 
transmitting the fourth IP packet from the second computing device to the first computing device;  
processing, at the first computing device, the fourth IP packet; and
transmitting, by the first computing device, the fourth IP packet to the second client device. 
The non-transitory machine-readable storage medium of claim 13, wherein processing the received second IP packet and processing the fourth IP packet include performing layer 4 and/or layer 7 processing.
A first computing device of a plurality of computing devices of a distributed cloud computing network, the first computing device comprising:
a processor; and
a non-transitory machine-readable storage medium that provides instructions that, when executed by the processor, causes the first computing device to perform operations comprising:
receiving, from a first client device, a first IP packet at the first computing device, wherein the received first IP packet has a first source IP address and a first destination IP address, wherein the first source IP address is a first IP address of the client device, wherein the first destination IP address is a second IP address of an origin server of an origin network, wherein the second IP address is advertised as a first anycast IP address at the distributed cloud computing network;
processing the received first IP packet at the first computing device;

transmitting the first GRE encapsulated packet over the GRE tunnel to the fourth IP address of the single origin router.  
The first computing device of claim 15, wherein processing the received first IP packet at the first computing device includes performing a distributed denial of service (DDoS) mitigation on the first IP packet.
The first computing device of claim 15, wherein the third IP address is a second anycast IP address. 
The first computing device of claim 17, wherein the operations further comprise: 
wherein the second anycast IP address is advertised by each of the computing devices of the distributed cloud computing network; 
receiving, at a second one of the plurality of computing devices over the GRE tunnel, a second GRE encapsulated packet from the single origin router in response to the transmitted first GRE encapsulated packet, the second GRE encapsulated packet having been directed to the second anycast IP address; 
processing, at the second computing device, the second GRE encapsulated packet including decapsulating the second GRE encapsulated packet to reveal a second IP packet, wherein the second IP packet has a third source IP address and a third destination IP address, wherein the third source IP address is the second IP address of the origin server, and wherein the third destination IP address is the first IP address of the first client device; and

The first computing device of claim 17, wherein the operations further comprise: 
receiving, from a second client device, a second IP packet at the first computing device, wherein the received second IP packet has a third source IP address and a third destination IP address, wherein the third destination IP address is a fifth IP address of a second origin server, wherein the fifth IP address is advertised as a third anycast IP address by the distributed cloud computing network, and wherein the third source IP address is a sixth IP address of the second client device;
processing the received second IP packet at the first computing device; 
encapsulating the processed second IP packet inside a second outer packet to generate a second GRE encapsulated packet, wherein the second outer packet has a fourth source IP address and a fourth destination IP address, wherein the second outer packet has the second anycast IP address as the fourth source IP address, wherein the outer packet has a seventh IP address of a second origin router for the second origin server as the fourth destination IP address; 
transmitting the second GRE encapsulated packet over the GRE tunnel to the seventh IP address of the second origin router for the second origin server;
receiving, at a second one of the plurality of computing devices over the GRE tunnel, a third GRE encapsulated packet from the second origin router in response to the transmitted second GRE encapsulated packet, the third GRE encapsulated packet being directed to the second anycast IP address; 
processing, at the second computing device, the third GRE encapsulated packet including decapsulating the third GRE encapsulated packet to reveal a third IP packet, wherein the third IP packet has a fifth source IP address and a fifth destination IP address, wherein the fifth source IP address is the fifth IP address of the second origin server, and wherein the fifth destination IP address is the sixth IP address of the second client device; 
determining, using a probability map based on the fifth destination IP address, that an ingress for a packet flow of the third IP packet is the first computing device, and 
processing, at the first computing device, the third IP packet; and
transmitting, by the first computing device, the third IP packet to the second client device. 
The first computing device of claim 17, wherein the operations further comprise: 
receiving, from a second client device, a second IP packet at the first computing device, wherein the received second IP packet has a third source IP address and a third destination IP address, wherein the third destination IP address is a fifth IP address of a second origin server, wherein the fifth IP address is advertised as a third anycast IP address by the distributed cloud computing network, and wherein the third source IP address is a sixth IP address of the second client device;
processing the received second IP packet at the first computing device; 
modifying the processed second IP packet by changing the third source IP address of the received second IP packet to a seventh IP address of the first computing device to create a modified third IP packet; 
encapsulating the modified third IP packet inside a second outer packet to generate a second GRE encapsulated packet, wherein the second outer packet has a fourth source IP address and a fourth destination IP address, wherein the second outer packet has the second anycast IP address as the fourth source IP address, wherein the outer packet has an eighth IP address of a second origin router for the second origin server as the fourth destination IP address; 
transmitting the second GRE encapsulated packet over the GRE tunnel to the eighth IP address of the second origin router for the second origin server;
receiving, at a second one of the plurality of computing devices over the GRE tunnel, a third GRE encapsulated packet from the second origin router in response to the transmitted second GRE encapsulated packet, the third GRE encapsulated packet being directed to the second anycast IP address; 
processing, at the second computing device, the third GRE encapsulated packet including decapsulating the third GRE encapsulated packet to reveal a fourth IP packet, wherein the fourth IP packet has a fifth source IP address and a fifth destination IP 
transmitting the fourth IP packet from the second computing device to the first computing device;  
processing, at the first computing device, the fourth IP packet; and
transmitting, by the first computing device, the fourth IP packet to the second client device. 
The first computing device of claim 20, wherein processing the received second IP packet and processing the fourth IP packet include performing layer 4 and/or layer 7 processing.
	





/PHYLLIS A BOOK/Primary Examiner, Art Unit 2454