Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


This action is in response to the amendment filed on 4/30/2021.  Claims 1-10 and 14-23 are pending with claims 1, 7, 17, and 19 being amended.  Claims 21-23 are newly presented. Of such, claims 1 (a method), 7 (a method), 17 (a non-transitory CRM) and 19 (a non-transitory CRM) are independent.

Response to Arguments
Applicant's arguments filed 4/30/2021 have been fully considered but they are not persuasive. 
On page 8 of the remarks, Applicant states “Cooper does not disclose identifying a service tag, nor does it use a set of extracted header values from the data message to identify the service tag from multiple service tags stored in a data store.”
This argument is not persuasive. 

Cooper discloses an LSC ID/tag that is analogous to Applicant’s claimed service tag (“Next, in a block 207 a flow ID tag or LSC tag is attached to the packet data.” Cooper ¶ 39).  As discussed in Cooper ¶ 29, an LSC tag is assigned by flow classification using the information in the packet header (“In a block 206 flow classification of the packet is performed. This will usually involve inspecting applicable 
Thus, Cooper explicitly discloses “using a set of header values extracted from the data message to identify a service tag from a plurality of service tags stored in a data store on the host computer, the service tag specifying a set of at least two middlebox service operations to perform on the data message;” as now recited in claim 1.

On page 9 of the remarks, Applicant states “The cited reference [Cooper] does not disclose a service tag identifying a service rule that identifies at least two service containers to perform the middlebox service operations on the data message”.
This argument is not persuasive.

The service rule is clearly shown in Cooper Figure 4 where each respective LCS ID is marked in respective flow tables where each flow table has the next service to perform on the respective LSC ID.  Thus, the flow tables collectively operate as a service rule that identifies at least two service containers.  The flow of the packet 
Illustratively, Applicant asserts on page 9 that “no portion of Cooper discloses identification of more than one container at a time, as Cooper specifically discloses the flow classifier and each container using their own local flow table to identify the next container in the service chain.” 
Examiner agrees with the characterization of Cooper, that Cooper uses a table that is split among the respective services and used by each respective service to determine the next service in turn.  However, Examiner disagrees that the claim requires “identification of more than one container at a time”. 
Initially, Examiner notes that the independent claims themselves (1, 7, 17, and 19) do not include this requirement.  Further, it is not clear that Applicant’s system would identify “more than one container at a time” given that the claim itself explicitly states that only one service container is used at a time: “passing the data message successively to the service containers identified by the service rule” (Applicant’s claim 1).  Thus, it is not clear that Applicant’s claimed system does, or would even want to, determine a plurality of containers at a time.

In more detail, Applicant’s argument is really asserting that the structure of the flow tables of Cooper is distinct from the claim.  I.e. that Cooper’s flow table is split, as seen in Figure 4.  Conversely, in Applicant’s specification the “service action chain list” is solely retrieved by the message processing engine in order to send the packet to the respective containers (Applicant’s specification ¶¶ 58 and 60).
use of the service rules: “(i) using the service tag to identify a service rule that identifies a set of at least two service containers”.  Cooper uses the flow tables of Cooper figure for to “identify a service rule that identifies a set of at least two service containers”; LSC ID that dictates a plurality virtual appliances.  Thus Cooper need not disclose “identification of more than one container at a time” to disclose Applicant’s claimed: “a service tag identifying a service rule that identifies at least two service containers to perform the middlebox service operations on the data message”.

Examiner reiterates that the structure of Cooper is distinct from that disclosed by Applicant’s specification and could be overcome by, for example directing limitations to the structure, such as: “using the service tag to identify a service rule that contains a list of at least two service containers containing a plurality of containers to process the packet”

On page 9, Applicant states “Raman does not disclose an SVM executing a message processing module that uses the service tag to identify at least two containers to perform at least two middlebox service operations on the data message and then passes the data message successively to the identified service containers also on the SM.  Furthermore, Raman does not disclose an SVM that executes service containers that perform middlebox service operations on data messages.”
In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).

While Examiner agrees with Applicant’s characterization of the Raman reference, the Raman reference was not cited as disclosing “an SVM executing a message processing module… ” or “an SVM that executes service containers”.  Rather Cooper and Wagner were cited and combined with Raman to disclose said features.  Raman was cited as disclosing the term “Service Virtual Machine”, but relied on Cooper to teach the message processing module and relied on Wagner to teach a plurality of containers executing on a virtual machine.  Since the claims stand rejected in view of the combination of Raman in view of Cooper and Wagner, Applicant’s argument is not persuasive.

Applicant’s further remarks depend on those addressed and are not persuasive for the reasons discussed above.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have 

Claim 1-3, 7-10, 14-20, and 23 is/are rejected under 35 U.S.C. 103 as being unpatentable over Raman et al., US 2015/0281180 (published 2015-10), in view of Cooper et al. US 2015/0370586 (filed 2014-06), and Wagner US 9,146,764 (filed 2014-09).
As to claims 1 and 17, Raman discloses a method/CRM comprising: 
performing services on a host computer that executes a plurality of data compute nodes (e.g. virtual machines executing on the host, see the plurality of virtual machines executing on a host of Raman Figure 1.), the method comprising:
at the host computer, receiving a data message (“a novel SVM interface (SVMI) through which the firewall SVM can be accessed for the packets sent by and/or received for the GVMs.” Raman ¶ 2) associated with a data compute node (DCN) executing on the host (the ‘data compute nodes’ are the virtual machines of Raman Figure 1.  E.g. the GVM/SVM); 
…
supplying the data message … to a message processing module executing on a service virtual machine (SVM) (“the firewall SVM 135” Raman ¶ 52) that executes on the host computer (“the forwarding element's port also calls the firewall engine 115 of FIG. 1 when it wants the firewall SVM 135 to perform a firewall check for a packet that the port receives.” Raman ¶ 52.  See also Raman Figures 18-20) to perform a plurality of middlebox service operations; (“Several of the above-described embodiments involve firewall SVMs. However, as mentioned above, some of the apparatuses and methodologies of these embodiments are equally applicable to other SVMs that provide 
, forwarding the data message to a destination of the data message (“the process returns (at 815) to the port the action of the identified entry (e.g., the Allow or Deny).” Raman ¶ 80.  “As shown in FIG. 18, the firewall engine 115 is called twice to process a packet sent from GVM 1805 to GVM 1810, a first time from the port 1815 (connected to GVM 1805) and a second time from the port 1820 (connected to GVM 1810).” Raman ¶ 113.  Also Figures 18-20.  Showing a packet sent from one GVM and forwarded to another GVM after the firewall determination.)

Raman does not disclose:
Using a set of header values extracted from the data message to identify a service tag  from a plurality of service tags stored in a data store on the host computer, the service tag specifying a set of at least two middlebox service operations to perform on the data message; 

identifying a service tag that specifies a set of at least two middlebox service operations to perform on the data message 

along with the service tag



the message processing module (i) using the service tag to identify a service rule that identifies a set of at least two service containers to perform the specified set of at least two middlebox service operations on the data message and (ii) passing the data message successively to the service containers identified by the service rule

after the set of at least two service containers have performed the set of at least two middlebox service operations on the data message.


Cooper discloses: 
Using a set of header values extracted from the data message (“In a block 206 flow classification of the packet is performed. This will usually involve inspecting applicable header fields in a packet header or headers to identify a packet flow that a received packet belongs to (if any)…. classification may also be performed using data in multiple fields, such as through use of well-known N-tuple packet classification techniques.” Cooper ¶ 29) to identify a service tag (“The result of flow classification returns a flow identifier (flow ID) for the packet. In one embodiment, the flow ID” Cooper ¶ 31) from a plurality of service tags stored in a data store on the host computer, (“in block 206, the flow ID is used as a lookup into a flow table 148, which is depicted as being part of virtual switch 109. In one embodiment, the flow table contains a column of flow ID's and a column of vNIC Rx port IDs such that given an input flow ID, the lookup 

along with the service tag (“Next, in a block 207 a flow ID tag or LSC tag is attached to the packet data.” Cooper ¶ 39)

the message processing module (i) using the service tag to identify a service rule (“In conjunction with flow classification, a flow ID for the packet is determined. This is used as a lookup for flow table 148. From the flow ID the ingress port of the VM hosting the first virtual appliance in the service chain can be determined.” Cooper ¶ 52. The Rx is the port of the appliance. See also Cooper Fig. 4) that identifies a set of at least two 

after at least two service containers have performed at least two middlebox services on the data message (“multiple operations are performed for each virtual appliance in a local service chain associated with a give packet flow (or alternatively, as explicitly identified by an LSC ID in a LSC tag, packet header or wrapper). Each LSC comprises multiple services performed by virtual network appliances that are chained together in a sequence in a manner similar to a set of pipelined services. Example services may include NAT (Network Address Translation) services, firewall services, packet-processing services, WAN Optimization, Virtual Private Network Gateway, Video Transcoding, Content Distribution Network services, etc. For illustrative purposes, FIG. 1 shows a chained sequence from Appliance 1 to Appliance 2 . . . to Appliance N.” Cooper ¶ 40) forwarding the data message to a destination of the data message”. (“If the flow ID lookup in block 212 identifies the next buffer as a network Tx port, the flowchart logic proceeds to a block 220 in which a DMA write of the packet data from the current vNIC Rx FIFO slot(s) (or local buffer if associated with the current virtual appliance) to the network Tx buffer” see Cooper ¶¶ 47-48, forwarding on the packet after processing by appliances.)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Raman with Cooper by including the local service chaining for various network packet processing tasks (Cooper ¶ 40, Raman ¶ 140) and the tag assignment of Cooper in the system of Raman.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Raman with Cooper in order to implement local service chaining in a software defined network in which “network service providers can gain flexibility in network configuration, enabling significant benefits including optimization of available bandwidth, cost savings, and faster time to market for new services.”  Cooper ¶ 5.

Raman in view of Cooper does not disclose that a plurality of containers (which perform firewall and other services) may reside on a common service virtual machine (which implements a firewall). As claimed: 
“and on which a plurality of service containers execute”


“and on which a plurality of service containers execute” (A virtual machine is shown to include a plurality of containers, see Wagner Figure 1, VM instance 156 including a plurality of containers 156D/E. “Since the virtual machine instances in the pool have already been booted and loaded with particular operating systems and language runtimes… the delay associated with … executing the user code in one or more containers created on the virtual machine instances is significantly reduced”  Wagner Col. 3, ll. 5-22.)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Raman in view of Cooper with Wagner by incorporating the plurality of containers of Cooper, and associated routing mechanisms, into the SVM of Raman.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Raman in view of Cooper with Wagner in order pre-load the time consuming instantiation of virtual machines (Wagner col. 2, ll. 60-63) and execute dynamic user requests on quickly loaded containers, thereby significantly reducing the time and execution costs to users (Wagner Col. 3, ll. 5-22.)

As to claims 2 and 18, Raman in view of Cooper and Wagner discloses the method/CRM of claims 1 and 17 and further discloses: 


As to claim 3, Raman in view Cooper and Wagner discloses the method of claim 1 and further discloses: 
wherein the data message's destination is a data compute node (a virtual machine) on the host computer. (“FIG. 18 illustrates a data flow diagram that shows the firewall engine 115 checking with the firewall SVM 135 twice for a packet that is exchanged between source and destination GVMs that execute on the same host.” Raman ¶ 113)

As to claims 7 and 19, Raman discloses the method/CRM comprising: 
performing services on a host computer that executes a plurality of data compute nodes (e.g. virtual machines executing on the host, see the plurality of virtual machines executing on a host of Raman Figure 1.), the method comprising:
At the computer,

After receiving the data message (“a novel SVM interface (SVMI) through which the firewall SVM can be accessed for the packets sent by and/or received for the GVMs.” Raman ¶ 2.), identifying a set of one or more services that have to be performed on the data message (All packets are processed via the firewall SVM that determines the disposition of the packet via the firewall. “the forwarding element's port also calls the firewall engine 115 of FIG. 1 when it wants the firewall SVM 135 to perform a firewall check for a packet that the port receives.” Raman ¶ 52);
…
Supplying … the data message to a service virtual machine (SVM) that executes on the host computer (“the forwarding element's port also calls the firewall engine 115 of FIG. 1 when it wants the firewall SVM 135 to perform a firewall check for a packet that the port receives.” Raman ¶ 52.  See also Raman Figures 18-20) …
… forwarding the data message to a destination of the data message. (“the process returns (at 815) to the port the action of the identified entry (e.g., the Allow or Deny).” Raman ¶ 80.  “As shown in FIG. 18, the firewall engine 115 is called twice to process a packet sent from GVM 1805 to GVM 1810, a first time from the port 1815 (connected to GVM 1805) and a second time from the port 1820 (connected to GVM 1810).” Raman ¶ 113.  Also Figures 18-20.)

Raman does not disclose:

the service tag along with
and on which a plurality of service containers that perform a plurality of services executes in order for the SVM to direct a set of service containers to perform the set of services identified by the service tag on the data message;
After the set of services has been performed on the data message …


Cooper discloses:
Using a set of header values extracted from the data message (“In a block 206 flow classification of the packet is performed. This will usually involve inspecting applicable header fields in a packet header or headers to identify a packet flow that a received packet belongs to (if any)…. classification may also be performed using data in multiple fields, such as through use of well-known N-tuple packet classification techniques.” Cooper ¶ 29) to associate a service tag (“The result of flow classification returns a flow identifier (flow ID) for the packet. In one embodiment, the flow ID” Cooper ¶ 31) from a plurality of service tags stored in a data store on the host computer to the data message, (“in block 206, the flow ID is used as a lookup into a flow table 148, which is depicted as being part of virtual switch 109. In one embodiment, the flow table contains a column of flow ID's and a column of vNIC Rx port IDs such that given an 

the service tag along with the data message (“Next, in a block 207 a flow ID tag or LSC tag is attached to the packet data.” Cooper ¶ 39) to a service virtual machine (SVM) (“the packet data is to be forwarded so it can be accessed by either the next virtual appliance in the LSC” Cooper ¶ 42) that executes on the host computer and on which a plurality of service containers (“network service elements (e.g., virtual network appliances) implemented in multiple virtual machines or virtualized containers.” Cooper ¶ 21) that perform a plurality of services executes (“… appliance N” Cooper ¶ 40) in order for the SVM to direct a set of service containers to perform the set of services 
After the set of services has been performed on the data message, …. (“If the flow ID lookup in block 212 identifies the next buffer as a network Tx port, the flowchart logic proceeds to a block 220 in which a DMA write of the packet data from the current vNIC Rx FIFO slot(s) (or local buffer if associated with the current virtual appliance) to the network Tx buffer” see Cooper ¶¶ 47-48, forwarding on the packet after processing by appliances.)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Raman with Cooper by including the local service chaining for various network packet processing tasks (Cooper ¶ 40, Raman ¶ 140) and the tag assignment of Cooper in the system of Raman.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Raman with Cooper in order to implement local service chaining in a software defined network in which “network service providers can gain flexibility in network configuration, enabling significant benefits including optimization of available bandwidth, cost savings, and faster time to market for new services.”  Cooper ¶ 5.

FIG. 1 shows a chained sequence from Appliance 1 to Appliance 2 . . . to Appliance N.” Cooper ¶ 40).  
However, Raman in view of Cooper does not disclose that a plurality of containers (which perform firewall and other services) may reside on a common service virtual machine (which implements a firewall). As claimed: “and on which a plurality of service containers [execute].”

Wagner discloses a structurally similar system where a plurality of virtual machines are executing on a host to process requests, e.g. Wagner Figure 1.  Wagner discloses: 
“and on which a plurality of service containers execute” (A virtual machine is shown to include a plurality of containers, see Wagner Figure 1, VM instance 156 including a plurality of containers 156D/E. “Since the virtual machine instances in the pool have already been booted and loaded with particular operating systems and language runtimes… the delay associated with … executing the user code in one or more containers created on the virtual machine instances is significantly reduced”  Wagner Col. 3, ll. 5-22.)



As to claim 8, Raman in view of Cooper and Wagner as discloses the method of claim 7 and further discloses:
…
retrieving the service tag from the identified security profile before associating the service tag to the data message. (“the flow ID is used as a lookup into a flow table 148, which is depicted as being part of virtual switch 109. …Flow table 148 may also contain an LSC ID” Cooper ¶ 33.  The service tag is the LSC ID, looked up with the flow ID.)

Raman in view of Cooper and Wagner, as combined in claim 7, does not disclose: 
wherein identifying the set of services comprises: comparing a set of header attributes of the data message with a set of matching criteria for each of a plurality of 

Cooper further discloses: 
wherein identifying the set of services comprises:
comparing a set of header attributes of the data message with a set of matching criteria for each of a plurality of security profiles; (“In a block 206 flow classification of the packet is performed. This will usually involve inspecting applicable header fields in a packet header or headers to identify a packet flow that a received packet belongs to (if any). As described in further detail below, in some embodiments packet flow information may be explicitly defined in a packet header field. Packet flow classification may also be performed using data in multiple fields, such as through use of well-known N-tuple packet classification techniques.” Cooper ¶ 29.  Where the packet flow matching is the “security profile” matching, see below.)
identifying a security profile that has a set of matching criteria that matches the data message's set of header attributes; and  (“The result of flow classification returns a flow identifier (flow ID) for the packet.”  Cooper ¶ 31)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have further combined Raman in view of Cooper and Wagner with Cooper by including the local service chaining for various network packet processing tasks (Cooper ¶ 40, Raman ¶ 140) and the tag matching of Cooper in the system of Raman.  It would have been obvious to a person of ordinary skill in the art before the 

As to claim 9, Raman in view of Cooper and Wagner as discloses the method of claim 7 and further discloses:
…
identifying a security profile that has a set of matching criteria that matches the data message's set of header attributes; (“The result of flow classification returns a flow identifier (flow ID) for the packet.”  Cooper ¶ 31)
…

Raman in view of Cooper and Wagner, as combined in claim 7, does not disclose: 
comparing a set of header attributes of the data message with a set of matching criteria for each of a plurality of security profiles;
retrieving identity of the set of services from the identified security profile; and
generating the service tag based on the retrieved identity of the set of service operations.

Cooper further discloses: 
inspecting applicable header fields in a packet header or headers to identify a packet flow that a received packet belongs to (if any). As described in further detail below, in some embodiments packet flow information may be explicitly defined in a packet header field. Packet flow classification may also be performed using data in multiple fields, such as through use of well-known N-tuple packet classification techniques.” Cooper ¶ 29.  Where the packet flow matching is the “security profile” matching, see below.)
…
retrieving identity of the set of services from the identified security profile; and (“LSCs used on a per-flow implementation may be either preconfigured by SDN controller 114, or determined when a flow first appears. For example, in accordance with the OpenFlow protocol, packet flows and corresponding LSCs may be determined during run-time operations.” Cooper ¶ 50)
generating the service tag based on the retrieved identity of the set of service operations. (“Each of Table1, Table2 and TableN include an LSC ID column, a Next Port column, and a Services column. In one embodiment, the table data for each of tables 148, Table1, Table2, and TableN is managed by SDN controller 114. Generally, the table data may be populated during initialization of the compute platform and/or during run-time operations.” Cooper ¶ 51.  LSC ID determined during run-time, when the flow first appears per Cooper ¶ 50).



As to claim 10, Raman in view of Cooper and Wagner as discloses the method of claim 7 and further discloses:
The method of claim 7, wherein the set of services includes more than one service (“As used herein, the term “Local service chaining” (LSC) is used to describe a flow of packets traversing a network that is internal to a compute node that are processed by a series of network service elements implemented in VMs or virtualized containers.”  Cooper ¶ 6), at least two different service containers on the SVM (see Wagner Figure 1, VM instance 156 including a plurality of containers 156D/E.) perform at least two different services (“a given Appliance may be configured to perform different services for different packet flows.” Cooper ¶ 40.  The Appliance is a container, Cooper ¶ 72), and the service tag specifies a chain sequence of servics. (“FIG. 1 shows a chained sequence from Appliance 1 to Appliance 2 . . . to Appliance N. However, this is merely exemplary as the LSC may traverse any combination of Appliances. Moreover, 


As to claims 14 and 23, Raman in view Cooper and Wagner discloses the method/CRM of claims 1 and 17 and further discloses:
wherein the data message is discarded in response to the middlebox service operations performed on the data message. (“When the process 800 identifies (at 810) an entry in the connection state data storage 125 that matches the received packet attribute set (e.g., identifies a hash value that matches the computed hash value), the process returns (at 815) to the port the action of the identified entry (e.g., the Allow or Deny).” Raman ¶ 80. Denying the forwarding of the packet is discarding the packet.)

As to claim 15, Raman in view Cooper and Wagner discloses the method of claim 1 and further discloses:
wherein the data message is sent by the DCN associated with the data message. (“FIG. 19 illustrates a data flow diagram that shows the firewall engine 115 checking with the firewall SVM 135 only at the source side for a packet that is exchanged between source and destination GVMs” Raman ¶ 115.  The act of sending the data message means the message is “associated” with the DCN.)

As to claim 16, Raman in view Cooper and Wagner discloses the method of claim 1 and further discloses:


As to claim 20, Raman in view Cooper and Wagner discloses the CRM of claim 17 and further discloses:
receiving a second data message (“firewall service virtual machine (SVM) on the host to check the packets sent by and/or received for the GVMs.” Raman ¶ 34, plural packets) associated with a second DCN executing on the host; (plural GVMs noted in Raman ¶ 34)
determining, after receiving the second data message, that at least one middlebox service has to be performed on the second data message; (“the forwarding element's port also calls the firewall engine 115 of FIG. 1 when it wants the firewall SVM 135 to perform a firewall check for a packet that the port receives.” Raman ¶ 52. “a given Appliance may be configured to perform different services for different packet flows.” Cooper ¶ 40.)
 supplying the data message to the message processing module, the message processing module (i) identifying a second set of at least two middlebox services that have to be performed on the second data message from a set of identifier attributes of the second data message (“As depicted by the loop delineated by start and end loop 
after the set of at least two service containers have performed the set of at least two middlebox service operations on the second data message (“multiple operations are performed for each virtual appliance in a local service chain associated with a give packet flow… FIG. 1 shows a chained sequence from Appliance 1 to Appliance 2 . . . to Appliance N.” Cooper ¶ 40), forwarding the second data message to a second destination of the second data message. (“If the flow ID lookup in block 212 identifies the next buffer as a network Tx port, the flowchart logic proceeds to a block 220 in which a DMA write of the packet data from the current vNIC Rx FIFO slot(s) (or local buffer if associated with the current virtual appliance) to the network Tx buffer” see Cooper ¶¶ 47-48, forwarding on the packet after processing by appliances.)


Claims 4-6, 21, and 22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Raman et al., US 2015/0281180 (published 2015-10), in view of Cooper et al. US 2015/0370586 (filed 2014-06), Wagner US 9,146,764 (filed 2014-09), and Thota et al., US 2015/0379277 (published 2015-12).
As to claim 4, Raman in view of Cooper and Wagner discloses the method of claim 1 but does not disclose:
wherein the data message's destination is a data compute node outside of the host computer.

 Thota discloses a system with a nearly identical structure to that of Raman, see e.g. Thota Figure 2.  Thota further discloses use cases where packets from GVMs on the host are sent to other hosts: “a GVM 1105 on a host 1110 sends one packet 1150 to a GVM 1115 on a host 1120, and a second packet 1152 to a GVM 1125 on a host 1130.” Thota ¶ 111.  See also Figures 11-17.

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Raman in view of Cooper and Wagner with Thota by utilizing the system of Raman in view of Cooper and Wagner to send packets to similarly configured external hosts, as shown in Thota. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Raman in view of Cooper and Wagner with Thota in order to allow the GVMs on the host to communicate with external entities, thereby providing network connectivity for collaborative workloads or presentation of computational results to requesting entities.


wherein the data message's destination is either (i) a data compute node executing on another host computer, or (ii) a standalone machine operating outside and independently of the host computer.

Thota discloses:
wherein the data message's destination is either (i) a data compute node executing on another host computer (“a GVM 1105 on a host 1110 sends one packet 1150 to a GVM 1115 on a host 1120, and a second packet 1152 to a GVM 1125 on a host 1130.” Thota ¶ 111), or (ii) a standalone machine operating outside and independently of the host computer. (the host computer of (i) is a standalone machine operating outside and independently of the host computer)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Raman in view of Cooper and Wagner with Thota by utilizing the system of Raman in view of Cooper and Wagner to send packets to similarly configured external hosts, as shown in Thota. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Raman in view of Cooper and Wagner with Thota in order to allow the GVMs on the host to communicate with external entities, thereby providing network connectivity for collaborative workloads or presentation of computational results to requesting entities.


As to claims 6 and 22, Raman in view of Cooper and Wagner discloses the method/CRM of claims 1 and 17 and further discloses:
wherein receiving the data message comprises receiving the data message at a software forwarding element executing on the host (Raman Figures 1 and 18-20, a software switch.) to forward data messages to and from the data compute nodes executing on the host computer (“between source and destination GVMs that execute on the same host.” Raman ¶ 113)

Raman in view of Cooper and Wagner does not disclose:
from and to data compute nodes operating outside of the host computer.
 
Thota discloses:
from and to data compute nodes operating outside of the host computer.
(“a GVM 1105 on a host 1110 sends one packet 1150 to a GVM 1115 on a host 1120, and a second packet 1152 to a GVM 1125 on a host 1130.” Thota ¶ 111)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Raman in view of Cooper and Wagner with Thota by utilizing the system of Raman in view of Cooper and Wagner to send packets to similarly configured external hosts, as shown in Thota. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention .


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892, particularly:
Sharma et al., US 8,830,834, discloses service virtualization and routing in a virtual network.
Sahu et al., US 2005/0289244, discloses service chaining in a communication network.
Edwards et al., US 8,370,834, discloses routing between a plurality of virtual machines in a virtual network.
Shieh, US 9,191,327, discloses applying session policies to a packet to route through multiple services that are respectively load balanced.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

                                                                                                             
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL W CHAO whose telephone number is (571)272-5165.  The examiner can normally be reached on M, W-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-






/MICHAEL W CHAO/Examiner, Art Unit 2492