Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Amendment filed on February 18, 2021 in response to the Office Action of November 30, 2020 is acknowledged and has been entered. Claims 1, 11 and 20 have been amended. Claims 1- 20 are pending and under examination in this Office Action.
Continued Examination Under 37 CFR 1.114
A request for continued examination under37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on February 18, 2021 has been entered.
Response to Amendment
Applicant's arguments with respect to claims 1-20 have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection. The previous claim rejections under35 U.S.C. 103 to claims 1-20 are now withdrawn in view of the claim amendments. However, upon further consideration in view of the amendments, new grounds of rejection are now made. See the rejection section for details.
Claim Objections
Claims 1, 11 and 20 are objected to because of the following informalities:  
Claims 1, 11 and 20 recites the limitation “determining the type of forwarding engine” in line 11, line 12 and line 13 respectively. It is not clear to the examiner to    
Appropriate correction is required.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 9-14 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Liang et al. (U.S. Pub. No. US 2017/0126469 A1), herein referred to as Liang, in view of Djordjevic et al. (U.S. Pub. No. US 2018/0191782 A1), herein referred to as Djordjevic, and in further view of McRae et al. (U.S. Patent No. US 6,785,843 B1), herein referred to as McRae.
In regard to claim 1, Liang teaches a method, comprising: receiving, by an agent (e.g. the container runtime environment – para. [0021]) of a first container (e.g. the control plane agent – para. [0023]) of a network device from a second container (e.g. an application of the network device (e.g. the computing host – para. [0021]), a request (e.g. requests received by the container runtime environment – para. [0021]) for a forwarding engine (e.g. the network interface accessible to the application container – para. [0033]) of the network device (e.g. the computing host – para. [0021]) to perform an operation (e.g. transmitting a packet; FIG. 2; FIG. 4; “... The container runtime environment 210 manages a set of application containers 220 that access computing resources of the computing host 110 ... When an application container 220 requests access to services and resources managed by the operating system 200, the container runtime environment 210 may receive these requests and translate the requests if necessary prior to transmitting the request to the operating system 200 ...” - para. [0021]; “... the control plane agent 230 is itself a container of the container runtime environment 210 ...” - para. [0023]; “... When a packet is transmitted from the application container 410 to the network interface accessible to the application container 410, the packet is encapsulated using the tunnel prior to transmission to the computing host of the application container 440 …” - para. [0033]),
	wherein: the first container (e.g. the control plane agent – para. [0019]) and the second container (e.g. the application container – para. [0019]) are located on a control plane of the network device (e.g. the control plane of the computing host; FIG. 2; FIG. 6; “... A service control system manages computing services for a set of containers in various computing hosts using a control plane ...” - para. [0004]; “... This services architecture provides a control plane for each computing host ...” - para. [0006]; “... FIG. 2 illustrates the components of a computing host 110 according to one embodiment. In this example, the computing host 110 includes an operating system 200, a container runtime environment 210, one or more application  plane agent 230 ...” - para. [0019]; “... each computing host may include a container for the control plane agent as well as additional containers executing various applications ...” - para. [0044]);
	the first container (e.g. the control plane agent – para. [0023]) comprises a set of drivers (e.g. operating system libraries and binary executable files – para. [0021]) to support multiple types of forwarding engines (e.g. CPU, memory, storage, networking, and other resources; Examiner notes that the claim limitation “a forwarding engine” previously maps to “the network interface accessible to the application container” as one type of forwarding engines, here the claim limitation “multiple types of forwarding engines” maps to “CPU, memory, storage, networking, and other resources” that also include other types of forwarding engines and correspond to various types of forwarding engines exemplified in Specification (para. [0017] and [0029]); FIG. 2; “... A container provides a standardized runtime environment for applications executing in the container, and provides the application code, system tools, system libraries, and other functions running in each container's logically separate access to CPU, memory, storage,  networking, and other resources ...” - para. [0004]; “... When an application container 220 requests access to services and resources managed by the operating system 200, the container runtime environment 210 may receive these requests and translate the requests if necessary prior to transmitting the request to the operating system 200 ... The container runtime environment 210 thus provides a consistent set of operating system libraries and binary executable files for an application accessible within the application container 220 ...” - para. [0021]; “... the control plane agent 230 is itself a container of the container runtime environment 210 ...” - para. [0023]); and ...
providing the request to the operating system (e.g. transmitting access request to the operating system – para. [0021]), wherein … the operating system … selecting … a first driver (e.g. a driver to resolve the network interface of a networking resource – para. [0032]) of the set of drivers to communicate with the forwarding engine (e.g. the network interface accessible to the application container; FIG. 2; FIG. 4; “... When an application container 220 requests access to services and resources managed by the operating system 200, the container runtime environment 210 may receive these requests and translate the requests if necessary prior to transmitting the request to the operating system 200 ...” - para. [0021]; “... FIG. 4 shows an interaction diagram for an algorithm for initializing a tunnel between two containers ...” - para. [0031]; “... an application container 410 seeks to send messages to application container 440, each of which operates on a separate computing host that has a control plane agent 420 and a control plane agent 430, respectively ... Thus to send a message, the application container 410 issues an address resolution protocol (ARP) request to identify the link layer address for the container. This ARP request may be provided to the operating system 200 via the container runtime environment 210 ...” - para. [0032]; “... When a packet is transmitted from the application container 410 to the network interface accessible to the application container 410, the packet is encapsulated using the tunnel prior to transmission to the computing host of the application container 440 ...” - para. [0033]);
	performing the operation requested by the second container (e.g. transmitting a packet; FIG. 4; “... When a packet is transmitted from the application container 410 to the network interface accessible to the application container 410, the packet is encapsulated using and ...
	Liang does not explicitly teach, but Djordjevic teaches the first container (e.g. the container manager – para. [0071]) further comprises an operating system (e.g. the device OS; FIG. 5; “... A device may have its own operating system supporting a container environment (device OS) ...” - para. [0058]; “... A device may have a container manager function to control a container environment of the device. The container management function may be part of the device OS. It may also be an added software function on top of the operating system ...” - para. [0071]; “... FIG. 5 illustrates a system 500 comprising a device 505 that is similar to device 405, except that the container manager and device OS are further connected to an input/output (10) interface such as a GUI, audio interface, etc. ...” - para. [0076]); …
	providing a result of the operation to the second container in response to determining that the result should be provided to the second container (e.g. the container manager determines from the received message if it is intended for an application in the second container; “... Typically, incoming traffic will end up in/be controlled by the container manager. Implementation-wise, the container manager may control the internal routing engine ... It is then up to the container manager to determine if a signal or message is for itself or for a container. The combination of interface and slice identity of the messages indicates for which container the message is intended. This information is used for routing the message ...” - para. [0127]).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Liang in view of Djordjevic in order to incorporate a method of 
	Liang in view of Djordjevic do not explicitly teach, but McRae teaches wherein in response to the operating system determining a type of forwarding engine (e.g. the functionality/feature to be implemented by a forwarding engine - col. 9, ll. 32-51) to be used for performing the operation, selecting, based on the type of forwarding engine to be used, a first driver (e.g. the cooperation of a specialized piece of code/a FP client with a FP driver - col. 8, ll. 47-67) of the set of drivers to communicate with the forwarding engine (e.g. the cooperation of the FP client and FP driver communicating a corresponding FIB table with the forwarding engine; FIG. 4; FIG. 6; “… FIG. 4 is a schematic block diagram of an aggregation router 400 … The aggregation router comprises a plurality of line cards 410 coupled to at least one performance routing engine (PRE 470) … The PRE 470 is an assembly comprising a fast packet ‘forwarding’ processor (FP) module 452 and a route processor (RP) module 472 adapted to perform packet forwarding and routing operations, respectively …” – col. 5, ll. 50-67; “… The operating system 600 is functionally divided into a generic, platform-independent code region  including drivers, that ‘hook’ the generic code into the specific platforms used to implement the operating system … In the illustrative embodiment, the platform-specific code region 640 includes a FP driver 650 configured to operate with the forwarding engine 454 of the data plane 670 used in the aggregation router. The operating system 600 includes a plurality of specialized pieces of code or FP clients 630 that reside between the generic region 610 and the platform-specific region 640 of the operating system 600. The FP clients interact with the FP driver 650 to essentially translate software representing generic functions of the operating system into platform-specific format for use by the FP driver …” – col. 8, ll. 47-67; “… Within the generic code region 610 of the operating system 600, there are further pieces of code that are used to build forwarding information base (FIB) tables subsequently downloaded by the FP driver 650 into the forwarding engine for use by the FP micro-code 660. Examples of these various pieces of code include IP unicast forwarding code 612, IP multicast forwarding code 614 and tag switching code 616. Each of these ‘features’ of the operating system has an associated FP client 630 that ‘owns’ the corresponding FIB table in memory of the forwarding engine 454 …” – col. 9, ll. 32-51); …
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Liang in view of Djordjevic and further in view of McRae in order to incorporate a method of cooperating a platform specialized code with a forwarding processor driver to communicate the various functionalities/features of an operating system with a forwarding engine as disclosed by McRae. One of ordinary skilled in the art would have been motivated because such incorporation would permit the development of software modules to 
In regard to claim 2, Liang teaches wherein performing the operation comprises: translating the request to a format that is used by a process of the operating system (e.g. translate the request – para. [0021]); and providing the translated request to the process of the operating system (e.g. transmitting the request to the operating system; FIG. 2; “... When an application container 220 requests access to services and resources managed by the operating system 200, the container runtime environment 210 may receive these requests and translate the requests if necessary prior to transmitting the request to the operating system 200 ...” - para. [0021]).
In regard to claim 3, Liang does not explicitly teach, but Djordjevic teaches further comprising: determining, by the first container (e.g. the container manager – para. [0127]), that the forwarding engine (e.g. I/O interface or routing engine – para. [0127]) has detected an event (e.g. the incoming traffic or message or event; “... incoming traffic will end up in/be controlled by the container manager. Implementation-wise, the container manager may control the internal routing engine ...” - para. [0127]; “... The incoming message for a certain application in a certain container might be an event trigger for activating the application ...” - para. [0128]); and transmitting, by the first container (e.g. the container manager – para. [0127]) to the second container (e.g. a container – para. [0127]), a message indicating that the event was detected (e.g. the message is sent to a container for which it intends; “... It is then up to the container manager to determine if a signal or message is for itself or for a container. 
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Liang in view of Djordjevic in order to incorporate a method of configuring a container manager to control communication between the applications in the containers and network connections (Djordjevic, para. [0008]). One of ordinary skilled in the art would have been motivated because such incorporation would provide different services/products in isolated fashion and adapt these services/products to meet specific requirements (Djordjevic, para. [0007]).
In regard to claim 4, Liang does not explicitly teach, but Djordjevic teaches wherein determining that the forwarding engine has detected the event comprises one or more of: receiving, by the first container (e.g. the container manager – para. [0127]), a second message (e.g. the incoming traffic or message or event – para. [0127]) from the forwarding engine (e.g. I/O interface or routing engine; “... incoming traffic will end up in/be controlled by the container manager. Implementation-wise, the container manager may control the internal routing engine ...” - para. [0127]; “... The incoming message for a certain application in a certain container might be an event trigger for activating the application ...” - para. [0128]); and detecting, by the first container (e.g. the container manager – para. [0133]), an interrupt (e.g. the container manager manages the interrupt system – para. [0133]) from the forwarding engine (e.g. device resources such as I/O interfaces and/or network connection; FIG. 5; “... The container manager may be solely responsible for managing device resources. Certain exceptions include memory and disk storage, and internal bus direct memory access (DMA), 
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Liang in view of Djordjevic in order to incorporate a method of configuring a container manager to handle communication between the applications in the containers and device resources (Djordjevic, para. [0009]). One of ordinary skilled in the art would have been motivated because such incorporation would provide different services/products in isolated fashion and adapt these services/products to meet specific requirements (Djordjevic, para. [0007]).
In regard to claim 5, Liang in view of Djordjevic do not explicitly teach, but McRae teaches further comprising: identifying a type of the forwarding engine (e.g. identifying the functionality/feature to be implemented by a forwarding engine - col. 9, ll. 32-51); and identifying the first driver (e.g. the cooperation of a specialized piece of code/a FP client with a FP driver - col. 8, ll. 47-67) from the set of drivers based on the type of the forwarding engine (e.g. the cooperation of the FP client and FP driver communicating a corresponding FIB table with the forwarding engine; FIG. 4; FIG. 6; “… FIG. 4 is a schematic block diagram of an aggregation router 400 … The aggregation router comprises a plurality of line cards 410 coupled to at least one performance routing engine (PRE 470) … The PRE 470 is an assembly comprising a fast packet ‘forwarding’ processor (FP) module 452 and a route processor (RP) module 472 adapted to perform packet forwarding and routing operations, respectively …” – col. 5, ll. 50-67; “… The operating system 600 is functionally divided into a generic, platform-independent  including drivers, that ‘hook’ the generic code into the specific platforms used to implement the operating system … In the illustrative embodiment, the platform-specific code region 640 includes a FP driver 650 configured to operate with the forwarding engine 454 of the data plane 670 used in the aggregation router. The operating system 600 includes a plurality of specialized pieces of code or FP clients 630 that reside between the generic region 610 and the platform-specific region 640 of the operating system 600. The FP clients interact with the FP driver 650 to essentially translate software representing generic functions of the operating system into platform-specific format for use by the FP driver …” – col. 8, ll. 47-67; “… Within the generic code region 610 of the operating system 600, there are further pieces of code that are used to build forwarding information base (FIB) tables subsequently downloaded by the FP driver 650 into the forwarding engine for use by the FP micro-code 660. Examples of these various pieces of code include IP unicast forwarding code 612, IP multicast forwarding code 614 and tag switching code 616. Each of these ‘features’ of the operating system has an associated FP client 630 that ‘owns’ the corresponding FIB table in memory of the forwarding engine 454 …” – col. 9, ll. 32-51).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Liang in view of Djordjevic and further in view of McRae in order to incorporate a method of cooperating a platform specialized code with a forwarding processor driver to communicate the various functionalities/features of an operating system with a forwarding engine as disclosed by McRae. One of ordinary skilled in the art would have been motivated because such incorporation would permit the development of software modules to 
In regard to claim 9, Liang in view of Djordjevic do not explicitly teach, but McRae teaches wherein the forwarding engine is located on a data plane of the network device (FIG. 4; FIG. 6; “… The aggregation router further comprises a data plane that includes hardware components, such as a forwarding engine, configured to perform forwarding operations for data forwarded by the router …” – col. 3, ll. 38-41; “… In the illustrative embodiment, the platform-specific code region 640 includes a FP driver 650 configured to operate with the forwarding engine 454 of the data plane 670 used in the aggregation router …” – col. 8, ll. 58-61).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Liang in view of Djordjevic and further in view of McRae in order to incorporate a method of separating data plane from control plane for network operations as disclosed by McRae. One of ordinary skilled in the art would have been motivated because such incorporation would help to limit the service interruption of the network by restarting a data plane of a network device without changing the state of a control plane in the network device (McRae, col. 4, ll. 7-19).
In regard to claim 10, Liang does not explicitly teach, but Djordjevic teaches wherein the request (e.g. the outgoing traffic or message – para. [0129]) for the forwarding engine (e.g. the I/O interface or network connection – para. [0129]) of the network device to perform the operation (e.g. routing data – para. [0129]) is received from a library (e.g. applications – para. [0129]) of the second container (e.g. one of the containers; “... Outgoing traffic is generated by 
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Liang in view of Djordjevic in order to incorporate a container management method of passing the service request to the forwarding engine for a set of containers in a network device (Djordjevic, para. [0129]). One of ordinary skilled in the art would have been motivated because such incorporation would simplify the application library of a container and make it easier to integrate the containers with different functionalities (Djordjevic, para. [0129]).
In regard to claim 11, Liang teaches a network device (e.g. a computing host – para. [0016]), comprising: a memory configured to store a first container and a second container (e.g. the containers 130C and 130D in the computing host 110C in FIG. 1); and a processing device coupled to the memory, the processing device to (FIG. 1; “... each computing host 110 provides logical computing resources in which a container 130 operates, such as CPU, memory, storage, and networking. A computing host may be a physical server system, or may be a virtual machine ...” - para. [0016]):
	receive, by an agent (e.g. the container runtime environment – para. [0021]) of the first container (e.g. the control plane agent – para. [0023]) from the second container (e.g. an application container 220 in FIG. 2 – para. [0021]), a request (e.g. requests received by the container runtime environment – para. [0021]) for a forwarding engine (e.g. the network interface accessible to the application container – para. [0033]) of the network device (e.g. the to perform an operation (e.g. transmitting a packet; FIG. 2; FIG. 4; “... The container runtime environment 210 manages a set of application containers 220 that access computing resources of the computing host 110 ... When an application container 220 requests access to services and resources managed by the operating system 200, the container runtime environment 210 may receive these requests and translate the requests if necessary prior to transmitting the request to the operating system 200 ...” - para. [0021]; “... the control plane agent 230 is itself a container of the container runtime environment 210 ...” - para. [0023]; “... When a packet is transmitted from the application container 410 to the network interface accessible to the application container 410, the packet is encapsulated using the tunnel prior to transmission to the computing host of the application container 440 …” - para. [0033]),
	wherein: the first container (e.g. the control plane agent – para. [0019]) and the second container (e.g. the application container – para. [0019]) are located on a control plane of the network device (e.g. the control plane of the computing host; FIG. 2; FIG. 6; “... A service control system manages computing services for a set of containers in various computing hosts using a control plane ...” - para. [0004]; “... This services architecture provides a control plane for each computing host ...” - para. [0006]; “... FIG. 2 illustrates the components of a computing host 110 according to one embodiment. In this example, the computing host 110 includes an operating system 200, a container runtime environment 210, one or more application containers 220, and a control plane agent 230 ...” - para. [0019]; “... each computing host may include a container for the control plane agent as well as additional containers executing various applications ...” - para. [0044]);
the first container (e.g. the control plane agent – para. [0023]) comprises a set of drivers (e.g. operating system libraries and binary executable files – para. [0021]) to support multiple types of forwarding engines (e.g. CPU, memory, storage, networking, and other resources; Examiner notes that the claim limitation “a forwarding engine” previously maps to “the network interface accessible to the application container” as one type of forwarding engines, here the claim limitation “multiple types of forwarding engines” maps to “CPU, memory, storage, networking, and other resources” that also include other types of forwarding engines and correspond to various types of forwarding engines exemplified in Specification (para. [0017] and [0029]); FIG. 2; “... A container provides a standardized runtime environment for applications executing in the container, and provides the application code, system tools, system libraries, and other functions running in each container's logically separate access to CPU, memory, storage,  networking, and other resources ...” - para. [0004]; “... When an application container 220 requests access to services and resources managed by the operating system 200, the container runtime environment 210 may receive these requests and translate the requests if necessary prior to transmitting the request to the operating system 200 ... The container runtime environment 210 thus provides a consistent set of operating system libraries and binary executable files for an application accessible within the application container 220 ...” - para. [0021]; “... the control plane agent 230 is itself a container of the container runtime environment 210 ...” - para. [0023]); and ...
	provide the request to the operating system (e.g. transmitting access request to the operating system – para. [0021]), wherein … the operating system … selecting … a first driver (e.g. a driver to resolve the network interface of a networking resource – para. [0032]) of the set of drivers to communicate with the forwarding engine (e.g. the network interface accessible to the application container; FIG. 2; FIG. 4; “... When an application container 220 requests access to services and resources managed by the operating system 200, the container runtime environment 210 may receive these requests and translate the requests if necessary prior to transmitting the request to the operating system 200 ...” - para. [0021]; “... FIG. 4 shows an interaction diagram for an algorithm for initializing a tunnel between two containers ...” - para. [0031]; “... an application container 410 seeks to send messages to application container 440, each of which operates on a separate computing host that has a control plane agent 420 and a control plane agent 430, respectively ... Thus to send a message, the application container 410 issues an address resolution protocol (ARP) request to identify the link layer address for the container. This ARP request may be provided to the operating system 200 via the container runtime environment 210 ...” - para. [0032]; “... When a packet is transmitted from the application container 410 to the network interface accessible to the application container 410, the packet is encapsulated using the tunnel prior to transmission to the computing host of the application container 440 ...” - para. [0033]);
	perform the operation requested by the second container (e.g. transmitting a packet; FIG. 4; “... When a packet is transmitted from the application container 410 to the network interface accessible to the application container 410, the packet is encapsulated using the tunnel prior to transmission to the computing host of the application container 440 ...” - para. [0033]); and ...
	Liang does not explicitly teach, but Djordjevic teaches the first container (e.g. the container manager – para. [0071]) further comprises an operating system (e.g. the device OS; ; …
	provide a result of the operation to the second container in response to determining that the result should be provided to the second container (e.g. the container manager determines from the received message if it is intended for an application in the second container; “... Typically, incoming traffic will end up in/be controlled by the container manager. Implementation-wise, the container manager may control the internal routing engine ... It is then up to the container manager to determine if a signal or message is for itself or for a container. The combination of interface and slice identity of the messages indicates for which container the message is intended. This information is used for routing the message ...” - para. [0127]).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Liang in view of Djordjevic in order to incorporate a method of managing computing services for a set of containers in a computing host and controlling access of applications to the device resources using a control plane (Liang, para. [0004]) as well as configuring a container manager to control communications between the applications in a plurality of containers and the network (Djordjevic, para. [0008]). One of ordinary skilled in the 
	Liang in view of Djordjevic do not explicitly teach, but McRae teaches wherein in response to the operating system determining a type of forwarding engine (e.g. the functionality/feature to be implemented by a forwarding engine - col. 9, ll. 32-51) to be used for performing the operation, selecting, based on the type of forwarding engine to be used, a first driver (e.g. the cooperation of a specialized piece of code/a FP client with a FP driver - col. 8, ll. 47-67) of the set of drivers to communicate with the forwarding engine (e.g. the cooperation of the FP client and FP driver communicating a corresponding FIB table with the forwarding engine; FIG. 4; FIG. 6; “… FIG. 4 is a schematic block diagram of an aggregation router 400 … The aggregation router comprises a plurality of line cards 410 coupled to at least one performance routing engine (PRE 470) … The PRE 470 is an assembly comprising a fast packet ‘forwarding’ processor (FP) module 452 and a route processor (RP) module 472 adapted to perform packet forwarding and routing operations, respectively …” – col. 5, ll. 50-67; “… The operating system 600 is functionally divided into a generic, platform-independent code region 610 that runs on any router platform and a platform-specific code region 640, including drivers, that ‘hook’ the generic code into the specific platforms used to implement the operating system … In the illustrative embodiment, the platform-specific code region 640 includes a FP driver 650 configured to operate with the forwarding engine 454 of the data plane 670 used in ; …
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Liang in view of Djordjevic and further in view of McRae in order to incorporate a method of cooperating a platform specialized code with a forwarding processor driver to communicate the various functionalities/features of an operating system with a forwarding engine as disclosed by McRae. One of ordinary skilled in the art would have been motivated because such incorporation would permit the development of software modules to implement various features of the operating system and therefore to increase the reliability of the operating system (McRae, col. 9, ll. 32-51).
In regard to claim 12, Liang teaches wherein performing the operation comprises: translating the request to a format that is used by a process of the operating system (e.g. and providing the translated request to the process of the operating system (e.g. transmitting the request to the operating system; FIG. 2; “... When an application container 220 requests access to services and resources managed by the operating system 200, the container runtime environment 210 may receive these requests and translate the requests if necessary prior to transmitting the request to the operating system 200 ...” - para. [0021]).
In regard to claim 13, Liang does not explicitly teach, but Djordjevic teaches wherein the processing device is further configured to: determining, by the first container (e.g. the container manager – para. [0127]), that the forwarding engine (e.g. I/O interface or routing engine – para. [0127]) has detected an event (e.g. the incoming traffic or message or event; “... incoming traffic will end up in/be controlled by the container manager. Implementation-wise, the container manager may control the internal routing engine ...” - para. [0127]; “... The incoming message for a certain application in a certain container might be an event trigger for activating the application ...” - para. [0128]); and transmitting, by the first container (e.g. the container manager – para. [0127]) to the second container (e.g. a container – para. [0127]), a message indicating that the event was detected (e.g. the message is sent to a container for which it intends; “... It is then up to the container manager to determine if a signal or message is for itself or for a container. The combination of interface and slice identity of the messages indicates for which container the message is intended. This information is used for routing the message ...” - para. [0127]).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Liang in view of Djordjevic in order to incorporate a method of 
In regard to claim 14, Liang in view of Djordjevic do not explicitly teach, but McRae teaches wherein the processing device is further configured to: identifying a type of the forwarding engine (e.g. identifying the functionality/feature to be implemented by a forwarding engine - col. 9, ll. 32-51); and identifying the first driver (e.g. the cooperation of a specialized piece of code/a FP client with a FP driver - col. 8, ll. 47-67) from the set of drivers based on the type of the forwarding engine (e.g. the cooperation of the FP client and FP driver communicating a corresponding FIB table with the forwarding engine; FIG. 4; FIG. 6; “… FIG. 4 is a schematic block diagram of an aggregation router 400 … The aggregation router comprises a plurality of line cards 410 coupled to at least one performance routing engine (PRE 470) … The PRE 470 is an assembly comprising a fast packet ‘forwarding’ processor (FP) module 452 and a route processor (RP) module 472 adapted to perform packet forwarding and routing operations, respectively …” – col. 5, ll. 50-67; “… The operating system 600 is functionally divided into a generic, platform-independent code region 610 that runs on any router platform and a platform-specific code region 640, including drivers, that ‘hook’ the generic code into the specific platforms used to implement the operating system … In the illustrative embodiment, the platform-specific code region 640 includes a FP driver 650 configured to operate with the forwarding engine 454 of the data plane 670 used in the aggregation router. The operating 
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Liang in view of Djordjevic and further in view of McRae in order to incorporate a method of cooperating a platform specialized code with a forwarding processor driver to communicate the various functionalities/features of an operating system with a forwarding engine as disclosed by McRae. One of ordinary skilled in the art would have been motivated because such incorporation would permit the development of software modules to implement various features of the operating system and therefore to increase the reliability of the operating system (McRae, col. 9, ll. 32-51).
In regard to claim 18, Liang in view of Djordjevic do not explicitly teach, but McRae teaches wherein the forwarding engine is located on a data plane of the network device (FIG. 4; FIG. 6; “… The aggregation router further comprises a data plane that includes hardware 
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Liang in view of Djordjevic and further in view of McRae in order to incorporate a method of separating data plane from control plane for network operations as disclosed by McRae. One of ordinary skilled in the art would have been motivated because such incorporation would help to limit the service interruption of the network by restarting a data plane of a network device without changing the state of a control plane in the network device (McRae, col. 4, ll. 7-19).
In regard to claim 19, Liang does not explicitly teach, but Djordjevic teaches wherein the request (e.g. the outgoing traffic or message – para. [0129]) for the forwarding engine (e.g. the I/O interface or network connection – para. [0129]) of the network device to perform the operation (e.g. routing data – para. [0129]) is received from a library (e.g. applications – para. [0129]) of the second container (e.g. one of the containers; “... Outgoing traffic is generated by applications in containers or in certain circumstances by the container manager itself ... The container manager couples the slice identity based on the container ( and the required interface if needed) to the message before/during routing ...” - para. [0129]).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Liang in view of Djordjevic in order to incorporate a container 
In regard to claim 20, Liang teaches a non-transitory machine-readable medium having executable instructions to cause one or more processing devices to perform a method comprising (“... Such a product may comprise information resulting from a computing process, where the information is stored on a non-transitory, tangible computer readable storage medium ...” - para. [0049]):
	receiving, by an agent (e.g. the container runtime environment – para. [0021]) of a first container (e.g. the control plane agent – para. [0023]) of a network device from a second container (e.g. an application container 220 in FIG. 2 – para. [0021]) of the network device (e.g. the computing host – para. [0021]), a request (e.g. requests received by the container runtime environment – para. [0021]) for a forwarding engine (e.g. the network interface accessible to the application container – para. [0033]) of the network device (e.g. the computing host – para. [0021]) to perform an operation (e.g. transmitting a packet; FIG. 2; FIG. 4; “... The container runtime environment 210 manages a set of application containers 220 that access computing resources of the computing host 110 ... When an application container 220 requests access to services and resources managed by the operating system 200, the container runtime environment 210 may receive these requests and translate the requests if necessary prior to transmitting the request to the operating system 200 ...” - para. [0021]; “... the control plane ,
	wherein: the first container (e.g. the control plane agent – para. [0019]) and the second container (e.g. the application container – para. [0019]) are located on a control plane of the network device (e.g. the control plane of the computing host; FIG. 2; FIG. 6; “... A service control system manages computing services for a set of containers in various computing hosts using a control plane ...” - para. [0004]; “... This services architecture provides a control plane for each computing host ...” - para. [0006]; “... FIG. 2 illustrates the components of a computing host 110 according to one embodiment. In this example, the computing host 110 includes an operating system 200, a container runtime environment 210, one or more application containers 220, and a control plane agent 230 ...” - para. [0019]; “... each computing host may include a container for the control plane agent as well as additional containers executing various applications ...” - para. [0044]);
	the first container (e.g. the control plane agent – para. [0023]) comprises a set of drivers (e.g. operating system libraries and binary executable files – para. [0021]) to support multiple types of forwarding engines (e.g. CPU, memory, storage, networking, and other resources; Examiner notes that the claim limitation “a forwarding engine” previously maps to “the network interface accessible to the application container” as one type of forwarding engines, here the claim limitation “multiple types of forwarding engines” maps to “CPU, memory, storage, networking, and other resources” that also include other types of forwarding and ...
	providing the request to the operating system (e.g. transmitting access request to the operating system – para. [0021]), wherein … the operating system … selecting … a first driver (e.g. a driver to resolve the network interface of a networking resource – para. [0032]) of the set of drivers to communicate with the forwarding engine (e.g. the network interface accessible to the application container; FIG. 2; FIG. 4; “... When an application container 220 requests access to services and resources managed by the operating system 200, the container runtime environment 210 may receive these requests and translate the requests if necessary prior to transmitting the request to the operating system 200 ...” - para. [0021]; “... FIG. 4 shows an interaction diagram for an algorithm for initializing a tunnel between two containers ...” - para. [0031]; “... an application container 410 seeks to send messages to application ;
	performing the operation requested by the second container (e.g. transmitting a packet; FIG. 4; “... When a packet is transmitted from the application container 410 to the network interface accessible to the application container 410, the packet is encapsulated using the tunnel prior to transmission to the computing host of the application container 440 ...” - para. [0033]); and ...
	Liang does not explicitly teach, but Djordjevic teaches the first container (e.g. the container manager – para. [0071]) further comprises an operating system (e.g. the device OS; FIG. 5; “... A device may have its own operating system supporting a container environment (device OS) ...” - para. [0058]; “... A device may have a container manager function to control a container environment of the device. The container management function may be part of the device OS. It may also be an added software function on top of the operating system ...” - para. [0071]; “... FIG. 5 illustrates a system 500 comprising a device 505 that is similar to device 405, except that the container manager and device OS are further connected to an input/output (10) interface such as a GUI, audio interface, etc. ...” - para. [0076]); …
providing a result of the operation to the second container in response to determining that the result should be provided to the second container (e.g. the container manager determines from the received message if it is intended for an application in the second container; “... Typically, incoming traffic will end up in/be controlled by the container manager. Implementation-wise, the container manager may control the internal routing engine ... It is then up to the container manager to determine if a signal or message is for itself or for a container. The combination of interface and slice identity of the messages indicates for which container the message is intended. This information is used for routing the message ...” - para. [0127]).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Liang in view of Djordjevic in order to incorporate a method of managing computing services for a set of containers in a computing host and controlling access of applications to the device resources using a control plane (Liang, para. [0004]) as well as configuring a container manager to control communications between the applications in a plurality of containers and the network (Djordjevic, para. [0008]). One of ordinary skilled in the art would have been motivated because such incorporation would permit the containers and computing hosts to be managed “with varying heterogeneous configurations (e.g., different types of physical machines and virtual machines) across multiple cloud providers” (Liang, para. [0006]) and allow “different services/products to be provided to different users” for their specific needs (Djordjevic, para. [0007]).
	Liang in view of Djordjevic do not explicitly teach, but McRae teaches wherein in response to the operating system determining a type of forwarding engine (e.g. the to be used for performing the operation, selecting, based on the type of forwarding engine to be used, a first driver (e.g. the cooperation of a specialized piece of code/a FP client with a FP driver - col. 8, ll. 47-67) of the set of drivers to communicate with the forwarding engine (e.g. the cooperation of the FP client and FP driver communicating a corresponding FIB table with the forwarding engine; FIG. 4; FIG. 6; “… FIG. 4 is a schematic block diagram of an aggregation router 400 … The aggregation router comprises a plurality of line cards 410 coupled to at least one performance routing engine (PRE 470) … The PRE 470 is an assembly comprising a fast packet ‘forwarding’ processor (FP) module 452 and a route processor (RP) module 472 adapted to perform packet forwarding and routing operations, respectively …” – col. 5, ll. 50-67; “… The operating system 600 is functionally divided into a generic, platform-independent code region 610 that runs on any router platform and a platform-specific code region 640, including drivers, that ‘hook’ the generic code into the specific platforms used to implement the operating system … In the illustrative embodiment, the platform-specific code region 640 includes a FP driver 650 configured to operate with the forwarding engine 454 of the data plane 670 used in the aggregation router. The operating system 600 includes a plurality of specialized pieces of code or FP clients 630 that reside between the generic region 610 and the platform-specific region 640 of the operating system 600. The FP clients interact with the FP driver 650 to essentially translate software representing generic functions of the operating system into platform-specific format for use by the FP driver …” – col. 8, ll. 47-67; “… Within the generic code region 610 of the operating system 600, there are further pieces of code that are used to build forwarding information base (FIB) tables subsequently downloaded by the FP driver 650 ; …
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Liang in view of Djordjevic and further in view of McRae in order to incorporate a method of cooperating a platform specialized code with a forwarding processor driver to communicate the various functionalities/features of an operating system with a forwarding engine as disclosed by McRae. One of ordinary skilled in the art would have been motivated because such incorporation would permit the development of software modules to implement various features of the operating system and therefore to increase the reliability of the operating system (McRae, col. 9, ll. 32-51).
Claims 6 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Liang et al. (U.S. Pub. No. US 2017/0126469 A1), herein referred to as Liang, in view of Djordjevic et al. (U.S. Pub. No. US 2018/0191782 A1), herein referred to as Djordjevic, in view of McRae et al. (U.S. Patent No. US 6,785,843 B1), herein referred to as McRae, and in further view of Jiang et al. (U.S. Pub. No. US 2019/0272205 A1), herein referred to as Jiang.
In regard to claim 6, Liang in view of Djordjevic and further in view of McRae don’t explicitly teach, but Jiang teaches wherein: the first container (e.g. the container for the first service – para. [0008]) is associated with a first network namespace (e.g. a first network namespace; FIG. 2; “... The corresponding container is created for the first service based on the and the second container (e.g. the container for the second service – para. [0014]) is associated a second network namespace (e.g. a second network namespace – para. [0014]) that is separate from the first network namespace (e.g. FIG. 2 exemplifies the two network namespaces are separated; “... The network device has created and run a container for a second service and a corresponding second load balancing container, and the container for the second service has a corresponding second network namespace and a second IPC namespace …” - para. [0014]).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Liang in view of Djordjevic in view of McRae and further in view of Jiang in order to incorporate a method of isolating the resources used by different containers in a computing host by using a namespace technology (Jiang, para. [0003]). One of ordinary skilled in the art would have been motivated because such incorporation would provide each container with its own logically separate device and networking resources and allow the container to be generally independent from functions of other containers operating in the computing host (Jiang, para. [0003]).
In regard to claim 15, Liang in view of Djordjevic and further in view of McRae don’t explicitly teach, but Jiang teaches wherein: the first container (e.g. the container for the first service – para. [0008]) is associated with a first network namespace (e.g. a first network namespace; FIG. 2; “... The corresponding container is created for the first service based on the container image information, and a first network namespace and a first IPC namespace that are corresponding to a container for the first service are created ...” - para. [0008]); and the second container (e.g. the container for the second service – para. [0014]) is associated a second network namespace (e.g. a second network namespace – para. [0014]) that is separate from the first network namespace (e.g. FIG. 2 exemplifies the two network namespaces are separated; “... The network device has created and run a container for a second service and a corresponding second load balancing container, and the container for the second service has a corresponding second network namespace and a second IPC namespace …” - para. [0014]).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Liang in view of Djordjevic in view of McRae and further in view of Jiang in order to incorporate a method of isolating the resources used by different containers in a computing host by using a namespace technology (Jiang, para. [0003]). One of ordinary skilled in the art would have been motivated because such incorporation would provide each container with its own logically separate device and networking resources and allow the container to be generally independent from functions of other containers operating in the computing host (Jiang, para. [0003]).
Claims 7, 8, 16 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Liang et al. (U.S. Pub. No. US 2017/0126469 A1), herein referred to as Liang, in view of Djordjevic et al. (U.S. Pub. No. US 2018/0191782 A1), herein referred to as Djordjevic, in view of McRae et al. (U.S. Patent No. US 6,785,843 B1), herein referred to as McRae, in view of Jiang et al. (U.S. Pub. No. US 2019/0272205 A1), herein referred to as Jiang, and in further view of Lisle et
al. (U.S. Pub. No. US 2019/0296962 A1), herein referred to as Lisle.
In regard to claim 7, Liang in view of Djordjevic in view of McRae and further in view of Jiang don’t explicitly teach, but Lisle teaches wherein: modifications to a first network stack do not affect a second network stack (e.g. the network stack for container 150B in FIG. 3 – para. [0026]) of the second network namespace (FIG. 3; “... containers 150 also present a limited perspective of the underlying network stack used to communicate with entities external to the containers 150. For example, as will be described with FIG. 3, a container 150 may be responsible for maintaining its own network stack information and is unware of network stack information maintained by other containers or by the host computer system’s operating system ...” - para. [0026]).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Liang in view of Djordjevic in view of McRae in view of Jiang and further in view of Lisle in order to incorporate a method of isolating the management of the network stack used by different containers in a computing host (Lisle, para. [0026]). One of ordinary skilled in the art would have been motivated because such incorporation would provide each container “operable to isolate its contents from the contents of other containers” and potentially increase the network storage security for users (Lisle, para. [0016]).
In regard to claim 8, Liang in view of Djordjevic in view of McRae and further in view of Jiang don’t explicitly teach, but Lisle teaches wherein the first container (e.g. the management controller 140 in FIG. 2 – para. [0025]) is allowed to create a kernel interface (e.g. a virtual interface – para. [0026]) in the second network stack (e.g. the network stack for containers 150 in FIG. 3; “... multi-tenant management controller 140 is also configured to perform various management operations associated with containers 150 ...” - para. [0025]; “... The container 150 may also be presented with a virtual interface through which traffic is to be directed (as  access to the physical interface controlling a network interface card) ...” - para. [0026]). 
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Liang in view of Djordjevic in view of McRae and in view of Jiang and further in view of Lisle in order to incorporate a method of managing the network stack used by different containers in a computing host (Lisle, para. [0026]). One of ordinary skilled in the art would have been motivated because such incorporation would provide management for containers to adjust their operation flexibility and potentially increase the network storage security for users (Lisle, para. [0016]).
In regard to claim 16, Liang in view of Djordjevic in view of McRae and further in view of Jiang don’t explicitly teach, but Lisle teaches wherein: the first container (e.g. the container 150A in FIG. 3 – para. [0026]) is allowed to modify a first network stack of the first network namespace (e.g. container 150A maintains its own network stack information – para. [0026]); and modifications to the first network stack (e.g. container 150A maintains its own network stack information – para. [0026]) do not affect a second network stack (e.g. the network stack for container 150B in FIG. 3 – para. [0026]) of the second network namespace (FIG. 3; “... containers 150 also present a limited perspective of the underlying network stack used to communicate with entities external to the containers 150. For example, as will be described with FIG. 3, a container 150 may be responsible for maintaining its own network stack information and is unware of network stack information maintained by other containers or by the host computer system's operating system ...” - para. [0026]).

In regard to claim 17, Liang in view of Djordjevic in view of McRae and further in view of Jiang don’t explicitly teach, but Lisle teaches wherein the first container (e.g. the management controller 140 in FIG. 2 – para. [0025]) is allowed to create network interfaces (e.g. a virtual interface – para. [0026]) in the second network stack (e.g. the network stack for containers 150 in FIG. 3; “... multi-tenant management controller 140 is also configured to perform various management operations associated with containers 150 ...” - para. [0025]; “... The container 150 may also be presented with a virtual interface through which traffic is to be directed (as opposed to having direct access to the physical interface controlling a network interface card) ...” - para. [0026]). 
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Liang in view of Djordjevic in view of McRae in view of Jiang and further in view of Lisle in order to incorporate a method of managing the network stack used by different containers in a computing host (Lisle, para. [0026]). One of ordinary skilled in the art would have been motivated because such incorporation would provide management for 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZONGHUA DU whose telephone number is (408)918-7596.  The examiner can normally be reached on Monday - Friday 7:30 AM - 4:00 PM PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Peter-Anthony Pappas can be reached on (571) 272-7646.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/Z.D./Examiner, Art Unit 2448                                                                                                                                                                                                        
/JONATHAN A BUI/Primary Examiner, Art Unit 2448