DETAILED ACTION

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee. Authorization for this examiner’s amendment was given by Yi (Claire) Lu (Reg. No. L1255) on 05/26/2021.

Listing of Claims:
1. (Currently Amended)  A data transmission method by a network device, comprising:
receiving a first packet sent by a virtual private network user, wherein the first packet carries a first destination address that does not belong to an address range that has been configured for a virtual private network where the virtual private network user is located;
converting the first destination address to a second destination address;
generating a second packet according to the second destination address and the first packet, wherein the second destination address indicates a network address of a server in a private network that is accessible to the virtual private network user and the private network is outside the virtual private network; and
sending the second packet to a device in the private network outside the virtual private network;
wherein generating the second packet according to the second destination address and the first packet comprises:
replacing first header information abiding by a first format in the first packet with second header information abiding by a second format, wherein the first header information comprises at least an internal source address, an internal destination address, a virtual network identity, an external source address, and an external destination address, and the second header information comprises at least a source address and a destination address.

2. (Original)  The method according to claim 1, wherein converting the first destination address to the second destination address comprises:
parsing the first packet to obtain an internal destination address and a virtual network identifier;
determining the first destination address according to the internal destination address, and determining, according to the virtual network identifier, network identifier information of the virtual private network where the virtual private network user is located;
searching a pre-configured address mapping table for a destination address to which the first destination address and the network identifier information correspond jointly; and
in response to the destination address to which the first destination address and the network identifier information correspond jointly being found, setting the found destination address as the second destination address.

3. (Currently Amended)  The method according to claim 1, wherein generating the second packet according to the second destination address and the first packet comprises:

encapsulating packet information carried by the first packet and the second destination address according to the second format in the second packet.

4. (Currently Amended)  The method according to claim 3, 

wherein encapsulating the packet information carried by the first packet and the second destination address according to the second format in the second packet comprises:
encapsulating the second header information and the packet information in the second packet, wherein the source address carried in the second header information is an address of the network device, and the carried destination address is the second destination address.

5. (Previously Presented)  The method according to claim 1, wherein sending the second packet to the device in the private network outside the virtual private network comprises:
determining a next-hop device according to the second destination address and a routing table, wherein the next-hop device is located outside the virtual private network where the virtual private network user is located; and
sending the second packet to the next-hop device.

6. (Original)  The method according to claim 1, wherein the destination address is considered a designated address that does not belong to an address range that has been configured for a designated network.

7. (Original)  The method according to claim 6, wherein the designated network belongs to an 

8. (Original)  The method according to claim 1, wherein the virtual private network is a Virtual Private Cloud (VPC) network.

9. (Original)  The method according to claim 3, wherein the first format is a Virtual Extensible Local Area Network (VXLAN) format, and the second format is a Virtual Local Area Network (VLAN) format.

10. (Original)  The method according to claim 1, wherein the first destination address and the second destination address correspond to a server.

11. (Original)  The method according to claim 10, wherein the server is one of a Network Time Protocol (NTP) server or an encryption server.

12-23. (Cancelled)

24. (Currently Amended)  A network device, comprising:
an interface configured to receive a first packet sent by a virtual private network user, wherein the first packet carries a first destination address that does not belong to an address range that has been configured for a virtual private network where the virtual private network user is located; 
a memory storing a set of instructions; and 
one or more processors configured to execute the set of instructions to cause the network device to perform:

generating a second packet according to the second destination address and the first packet, wherein the second destination address indicates a network address of a server in a private network that is accessible to the virtual private network user and the private network is outside the virtual private network, and
sending the second packet to a device in the private network outside the virtual private network;
wherein generating the second packet according to the second destination address and the first packet comprises:
replacing first header information abiding by a first format in the first packet with second header information abiding by a second format, wherein the first header information comprises at least an internal source address, an internal destination address, a virtual network identity, an external source address, and an external destination address, and the second header information comprises at least a source address and a destination address.

25. (Original)  The network device according to claim 24, wherein converting the first destination address to the second destination address comprises:
parsing the first packet to obtain an internal destination address and a virtual network identifier;
determining the first destination address according to the internal destination address, and determining, according to the virtual network identifier, network identifier information of the virtual private network where the virtual private network user is located;
searching a pre-configured address mapping table for a destination address to which the first destination address and the network identifier information correspond jointly; and
in response to the destination address to which the first destination address and the network 

26. (Currently Amended)  The network device according to claim 24, wherein generating the second packet according to the second destination address and the first packet comprises:

encapsulating packet information carried by the first packet and the second destination address according to the second format in the second packet.

27. (Currently Amended)  The network device according to claim 24, 

wherein encapsulating the packet information carried by the first packet and the second destination address according to the second format in the second packet comprises:
encapsulating the second header information and the packet information in the second packet, wherein the source address carried in the second header information is an address of the network device, and the carried destination address is the second destination address.


determining a next-hop device according to the second destination address and a routing table, wherein the next-hop device is located outside the virtual private network where the virtual private network user is located; and
sending the second packet to the next-hop device.

29. (Original)  The network device according to claim 24, wherein the first destination address is considered a designated address that does not belong to an address range that has been configured for a designated network.

30. (Original)  The network device according to claim 29, wherein the designated network belongs to an address range from 100.64.0.0 to 100.64.0.10.

31. (Original)  The network device according to claim 24, wherein the virtual private network is a Virtual Private Cloud (VPC) network.

32-34. (Cancelled)

35. (Currently Amended)  A non-transitory computer readable medium that stores a set of instructions that is executable by at least one processor of a computer to cause the computer to perform a method for data transmission, the method comprising: 
receiving a first packet sent by a virtual private network user, wherein the first packet carries a first destination address that does not belong to an address range that has been configured for a virtual 
converting the first destination address to a second destination address;
generating a second packet according to the second destination address and the first packet, wherein the second destination address indicates a network address of a server in a private network that is accessible to the virtual private network user and the private network is outside the virtual private network; and
sending the second packet to a device in the private network outside the virtual private network;
wherein generating the second packet according to the second destination address and the first packet comprises:
replacing first header information abiding by a first format in the first packet with second header information abiding by a second format, wherein the first header information comprises at least an internal source address, an internal destination address, a virtual network identity, an external source address, and an external destination address, and the second header information comprises at least a source address and a destination address.

36-38. (Cancelled)

REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance: The claim limitations presented today, together when taken as a whole and claimed, are found to be novel and not obvious. Claims 1-11, 24-31 and 35 are allowed.
The closest prior art of record, Martini et al. (U.S. Patent Publication No. 2006/0182103) and Kao et al. (U.S. Patent Publication No. 2015/0131674), and none of the prior art of record discloses or suggests, alone or in combination, a data transmission method by a network device, comprising: receiving a first .
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

CONCLUSION
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN KHAN whose telephone number is (313) 446-6574. The examiner can normally be reached on MONDAY - THURSDAY: 8AM-6PM EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on (571) 272-3951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 

/H. A. K./
Examiner, Art Unit 2456
/PHILIP J CHEA/Supervisory Patent Examiner, Art Unit 2456