DETAILED ACTION
This action is responsive to amendment filed on October 13th, 2021. 
Claims 1~30 are examined.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
The objection to the title is withdrawn in view of amended title.
Claims 8 and 23 rejected under 35 USC § 112 is withdrawn in view of amendments.
Response to Arguments
Applicant's arguments filed 10/13/21 have been fully considered but they are not persuasive. 
In response to Applicant’s newly amended limitations of “for each respective simulated forwarding path of the one or more simulated forwarding paths, determining, by the data processing hardware, at least one egress firewall rule that applies to the respective simulated forwarding path; determining, by the data processing hardware, at least one ingress firewall rule that applies to the respective simulated forwarding path; and determining, by the data processing hardware, the reachability status of the target based on the at least one egress firewall rule and the at least one ingress firewall rule.” Examiner points out Erickson still teaches the amended limitations (see the rejection below) since the CanReachAll check has multiple extensions that analyzes packets entering the network at each ingress port in the list P and packets that do not exit the network at any egress port other than those in the list P [¶66; ¶68; ¶69]. 
As such, the rejection is sustained below:
Claim Rejections - 35 USC § 102
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1~7 and 9 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Erickson et al. hereinafter Erickson (U.S 2016/0036636).
Regarding Claim 1, 
Erickson taught a method of cloud network reachability analysis, the method comprising: 
receiving, at data processing hardware, a reachability query requesting a reachability status of a target, the reachability query comprising a packet header associated with a data packet [¶59, performing a CanReachAll check of the network by receiving an input string comprising of packet header objects], the packet header comprising: 
a source internet protocol (IP) address associated a source of the data packet [¶61, “ipv4_src addr 192.168.2.0/24”]; and
a destination IP address associated with a destination of the data packet [¶61, “ipv4_dst addr 192.168.3.0/24”]; 
generating, by the data processing hardware, using a data plane model, one or more simulated forwarding paths for the data packet based on the packet header [¶79~¶81; ¶84~¶86; Fig. 6, ‘606’ and ‘608’ with regards to network model], each simulated forwarding path comprising corresponding network configuration information [¶87, reporting identified failover paths between particular locations including suggested network configuration changes]; 

determining, by the data processing hardware, at least one egress firewall rule that applies to the respective simulated forwarding path [¶69, canOnlyReach <list of ports P> there exists no packet that can exit the network at any egress port other than those in the list P]; 
determining, by the data processing hardware, at least one ingress firewall rule that applies to the respective simulated forwarding path [¶68, <list of ports P> canReachAll, there exists packet entering the network that can exit the network]; and 
determining, by the data processing hardware, the reachability status of the target based on the at least one egress firewall rule and the at least one ingress firewall rule [¶66, the CanReachAll check can include multiple extensions; ¶68; ¶69; ¶80, system can present trace results relevant to the search to rapidly converge to the relevant traffic of interest]; and 
providing, by the data processing hardware, the determined reachability status and the one or more simulated forwarding paths to a user device associated with the reachability query [¶81, provide an interface where the user can view virtual packet traces], the one or more simulated forwarding paths when received by the user device causing the user device to present the network configuration information for each simulated forwarding path [¶87, a query can be submitted to identify a number of failover paths between particular locations (i.e., a particular network property) and flow paths matching the failover paths may be returned; report generated based on the comparison 
Regarding Claim 2, 
Erickson taught wherein determining the reachability status of the one or more simulated forwarding paths comprises using a network abstract state machine [¶23, state information parsed to generate a network model 112].
Regarding Claim 3, 
Erickson taught wherein the user device is configured to send the data packet from a remote network using locally advertised routes [¶61~¶64, user requests to check reachability of the specified subnet addresses].
Regarding Claim 4, 
Erickson taught wherein the network configuration information comprises at least one of the following: a network configuration associated with each step along the corresponding simulated forwarding path [¶87, identify a number of failover paths between particular locations].
Regarding Claim 5, 
Erickson taught further comprising executing, by the data processing hardware, network reachability analysis on each of the one or more simulated forwarding paths based on the corresponding network configuration information [¶55, modify a snapshot of a network to model and test potential changes to the network].
Regarding Claim 6, 
Erickson taught wherein the network reachability analysis is configured to at least one of: determine a final state of reachability for the data packet along the corresponding simulated forwarding path [¶55, changes can be tested using the network model].
Regarding Claim 7, 

Regarding Claim 9, 
Erickson taught wherein the packet header further comprises: a protocol associated with the data packet; a source port associated with the data packet; and a destination port associated with the data packet [¶61].
Claim Rejections - 35 USC § 103
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 8, 10~15, 23, and 25~30 are rejected under 35 U.S.C. 103 as being unpatentable over Erickson in view of Dodge et al. hereinafter Dodge (U.S 2020/0007569).
Regarding Claim 8, 
Erickson in view of Dodge taught wherein executing the network reachability analysis comprises executing the network reachability analysis in a continuous mode [¶23, the analysis may be performed by network security evaluator 100 in an automated manner thus, making it obvious the analysis can be initiated manually by a user with a choice to stop the analysis at any given time].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention was made, to combine, Dodge’s teaching of executing the network reachability analysis comprises executing the network reachability analysis 
Regarding Claim 10, 
Erickson in view of Dodge taught wherein the source of the data packet comprises a first instance executing in a first network and the destination of the data packet comprises a second instance executing in a second network different than the first network [Dodge: ¶104~¶105].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention was made, to combine, Dodge’s teaching of the source of the data packet comprises a first instance executing in a first network and the destination of the data packet comprises a second instance executing in a second network different than the first network with the teachings of Erickson, because the combination would improve the speed of network reachability analysis by eliminating the need to send packets to a large number of ports on many computers and wait for responses [Dodge: ¶19].
Regarding Claim 11, 
Erickson in view of Dodge taught wherein the first network comprises a virtual private cloud (VPC) network and the second network comprises an on-premises network [Dodge: ¶47, reachability from a VPC and other networks]. See motivation of claim 10.
Regarding Claim 12, 
Erickson in view of Dodge taught wherein the first network and the second network comprise respective virtual private cloud (VPC) networks [Dodge: ¶24, network reachability analysis using data 110 which includes information about VPCs]. See motivation of claim 10.
Regarding Claim 13, 

Regarding Claim 14, 
Erickson in view of Dodge taught wherein the source of the data packet is located in an external network and the destination of the data packet comprises a global HTTPS load balancer executing in a virtual private cloud (VPC) network, the global HTTPS load balancer configured to route the data packet to one of multiple different backend virtual machines (VMs) [Dodge: ¶107, HTTPS access instances 814 for accessing resource instances 818A and 818B]. See motivation of claim 10.
Regarding Claim 15, 
Erickson in view of Dodge taught wherein generating one or more simulated forwarding paths for the data packet comprises generating a corresponding simulated forwarding path from the global HTTPS load balancer to each one of the multiple different backend VMs [Dodge: ¶80; ¶107, HTTPS access instances 814 for accessing resource instances 818A and 818B; ¶120]. See motivation of claim 10.
Regarding Claims 23 and 25~30, the claims are similar in scope to claim(s) 8 and 10~15 respectively and therefore, rejected under the same rationale.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HEE SOO KIM whose telephone number is (571)270-3229. The examiner can normally be reached on M-F 9AM-5PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas Taylor can be reached on (571) 272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.