DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

General Remarks
1/ claims 1-15 are pending 
2/ claims 1, 9 and 13 are independent
3/ Application claims priority date of 12/27/2018
4/ 16 and 17 are new
5/ claims 9-12 are cancelled

Response to Arguments
Applicant's arguments filed 09/30/2021 have been fully considered but they are not persuasive. –Applicant argued that the combination does not explicitly disclose:
“wherein the load side of the plurality of security forwarding devices share a same IP address, and a virtual IP address of the first load balancer is the same as the IP address of the load sides of the plurality of security forwarding devices”.
Examiner respectfully disagrees:
Cisco in fig. 11.2 discloses the load side of the plurality of firewalls are connected to VLAN 111 that shares the same IP address 25.0.11.10 that corresponds to shared IP address by the firewalls. In re DiStefano, 808 F.3d 845, 117 USPQ2d 1267-1268 (Fed. Cir. 2015). If a new and unobvious functional relationship between the printed matter and the substrate does not exist. USPTO personnel need not give patentable weight to printed matter. See In re Lowry, 32 F.3d 1579, 1583-84, 32 USPQ2d 1031, 1035 (Fed. Cir. 1994); In re Ngai, 367 F.3d 1336, 70 USPQ2d 1862 (Fed. Cir. 2004). The printed matter or display format do not have structural difference on the system. The IP addresses assigned in specific way so that the network elements to forward data in specific way is taught by  a system that forwards data using addressing information. What identifier is assigned to elements is effectuated by programming that amounts to using printed matter to differentiate from the priors arts where that is an obvious variation that does not amount to an inventive concept.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-5, and 7, and 13-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cisco, “Catalyst 6500 Series Switch Content Switching Module Installation and Configuration Note Software Release 4.1.”, further in view of Sandbu, “Netscaler and Traffic Flow Explained”.
Regarding claim 1. Cisco discloses a load balancing system, comprising: 
a client (fig. 11.2 discloses CSM-A external load balancer connected to internet, and CSM-B internal load balancer connected to intranet. The device connected to the CSM-A through internet corresponds to client, and the device connected to CSM-B through intranet corresponds to server); 
a first load balancer coupled to the client (fig. 11.2 discloses CSM-A external load balancer connected to internet); 
a plurality of security forwarding devices whose load sides are coupled to the first load balancer and forwarding sides are coupled to a second load balancer (fig. 11.2 discloses a plurality of forwarding firewalls connected externally to external load balancer CSM-A and internally to internal load balancer SCM-B) wherein the load side of the plurality of security forwarding devices share a same IP address (fig. 11.2 discloses the load side of the plurality of firewalls are connected to VLAN 111 that shares the same IP address 25.0.11.10 that corresponds to shared IP address by the firewalls), and a virtual IP address of the first load balancer is the same as the IP address of the load sides of the plurality of security forwarding devices (fig. 11.2 discloses the VLAN 11 IP address that corresponds to the shared IP address by VIP of catalyst 6500 (first load balancer) is the same with VLAN 111 IP address that is  IP address shared by the load side of the firewalls and  the forwarding side of the firewalls share the same IP address of VLAN 112 that is the same IP address of VLAN 200 that corresponds to VIP of the second catalyst 6500 (the second load balancer). Further configuring IP address of elements is performed using software programming on network elements and the forwarding elements could be assigned identifiers such as the VIP of the load balancer and the shared IP address of the firewalls to be the same and the elements can be programmed with rules to forward data across the network with specific order of elements and when specific addressing information is met. Where assigning IP address to elements or enabling the network elements communicate in certain way using programming of elements amount to using printed matter to effectuate data forwarding rule where the programming of the elements has no difference on the overall structure of the system or it does not have non-obvious functional relationship to the structure of the system hence according to MPEP is not given patentable weight. A large number of changes can be affected on the prior art by modifying the printed matter of the substrate to assign different addressing identifiers and adding forwarding rules to direct communication. However, the printed matter (programming) has no structural change on the system. According to MPEP 2111.05, In re DiStefano, 808 F.3d 845, 117 USPQ2d 1267-1268 (Fed. Cir. 2015). If a new and unobvious functional relationship between the printed matter and the substrate does not exist. USPTO personnel need not give patentable weight to printed matter. See In re Lowry, 32 F.3d 1579, 1583-84, 32 USPQ2d 1031, 1035 (Fed. Cir. 1994); In re Ngai, 367 F.3d 1336, 70 USPQ2d 1862 (Fed. Cir. 2004). The printed matter or display format do not have structural difference on the system). The IP addresses assigned in specific way to elements to enable the elements` forwarding to behave in specific way is taught by system that forwards data using addressing information. What identifier is assigned to elements is effectuated by programming that amounts to using printed matter to differentiate from the priors arts where that is an obvious variation that does not amount to an inventive concept); 
the second load balancer (fig. 11.2 discloses CSM-B internal load balancer connected to intranet); and
 a server coupled with the second load balancer (fig. 11.2 discloses CSM-B internal load balancer connected to intranet. The device connected to the load balancer through intranet corresponds to server); 
wherein the first load balancer is configured to: receive a first access request packet from the client (fig. 11-2, CSM-A is configured to receive packet through internet from client connected to the internet); 
use a scheduling algorithm to select a target security forwarding device from the plurality of security forwarding devices (Cisco page. 2, Configuring Regular Firewall Load Balancing discloses the CSM balances traffic among regular firewalls as if they were real servers. The algorithm used to select the firewalls corresponds to scheduling algorithm); 
send the second access request packet to access to the server through the target security forwarding device (fig. 11-2 discloses the packet (second access request) received from CSM-A is forwarded through selected firewall to the destination server in the intranet).  
But Cisco does not explicitly disclose:
when a destination IP address of the first access request packet is the same as an IP address of a load side of the target security forwarding device, rewrite a destination MAC address of the first access request packet with a MAC address of the load side of the target security forwarding device to generate a second access request packet;
However, in the same field of endeavor, Sandbu discloses when a destination IP address of the first access request packet is the same as the IP address of the load side of the target security forwarding device (the figure discloses that  packet coming from client that is destined to load side IP address of VPX (security forwarding device) has VIP1 that is similar with the load side of VPX (security forwarding device) and the MAC of the packet is rewritten to MAC of the load side of VPX (interface 1)), rewrite a destination MAC address of the first access request packet with a MAC address of the load side of the target security forwarding device to generate a second access request packet (the figure discloses that  packet coming from client that is destined to load side IP address of VPX (security device) has VIP1 that is similar with the load side IP of VPX and the MAC of the packet is rewritten to MAC of the load side of VPX (MAC: interface 1));
Therefore, it would have been obvious to a person having ordinary skill in the art at the time of the invention was effectively filed to combine the teaching of the combination with Sandbu. The modification would allow layer 2 packet forwarding in a segmented network for a more network isolation and segmentation in order to enable a secured network system.
Regarding claim 2. The combination discloses the system according to claim 1.
Sandbu further discloses, wherein the first load balancer is further configured to: 
receive a first response packet returned by the server through the target security forwarding device (fig. 1 discloses the router1 and switch receive the reverse response packet from server through VPX to be forwarded to client);
 rewrite a destination MAC address of the first response packet with a MAC address of the client to acquire a second response packet; and transmit the second response packet to the client (fig. 1 discloses the router1 and switch receive the reverse response packet from server through VPX to be forwarded to client. The router changing the destination MAC address to the client to forward the final response corresponds to rewriting MAC to client MAC).  
Regarding claim 3. The combination discloses system according to claim 1.
Sandbu discloses, wherein the target security forwarding device is configured to: 
receive the second access request packet (the figure discloses VPX receives packet from client through R1 and switch that corresponds to second request packet); and 
construct a third access request packet according to the second access request packet, wherein a source IP address of the third access request packet is an IP address of a forwarding side of the target security forwarding device, a destination MAC address of the third access request packet is a MAC address of the server (the figure discloses that the VPX forwards the second request packet by changing the source IP address to SNIP (IP address of the forwarding side of the security device) and the destination MAC address as MAC address of the server); 
transmitting the third access request packet to the second load balancer, so that the 18PAR1914476US-MV second load balancer transmits the third access request packet to the server (the figure discloses the VPX is configured to forward the packet to server2 through R2 (second load balancer)).  
Regarding claim 4. The combination discloses the system according to claim 3.
Sandbu further discloses the wherein the target security forwarding device is further configured to: 
receive a fourth response packet from the second load balancer (The response received from Router2 at VPX  corresponds to fourth response), wherein the fourth response packet is acquired by rewriting, by the second load balancer, a destination MAC address of a third response packet returned by the server with a MAC address of the forwarding side of the target security forwarding device and the MAC address of the forwarding side of the target security forwarding device is recorded by the second load balancer(Sandbu in the figure discloses the forward routing of packet from client to server through router1 and router2 that corresponds to load balancers  via VPX (security forwarding device). In the forwarding, the IP address and MAC address of the intermediate device is used to forward packet. The reverse direction implemented to send response back to the client corresponds to response forwarding back to the client. The information stored in R2 to send the response back to the VPX to the client corresponds to stored information), in session information of an access session established between the second load balancer and the server after receiving the third access request packet (Sandbu discloses that the traffic flow will work like so. Client –> VIP –> NetScaler –> SNIP (Closest L2 IP) –> Server, and when the NetScaler now responds back to the client Server –> SNIP –> NetScaler (Session Table) –> VIP–> Client. The figure discloses the forward and backward direction works the same way as indicated in the figure by changing the IP and MAC address of the components being trespassed to forward the packet to the intended destination); and 
construct a first response packet, wherein a destination MAC address of the first response packet is a MAC address of the first load balancer; and send the first response packet to the first load balancer, so that the first load balancer rewrites the destination MAC address of the first response packet with a MAC address of the client to generate a second response packet, and forwards the second response packet to the client (Sandbu discloses that the traffic flow will work like Client –> VIP –> NetScaler –> SNIP (Closest L2 IP) –> Server, and when the NetScaler now responds back to the client Server –> SNIP –> NetScaler (Session Table) –> VIP–> Client. The figure discloses the forward and backward direction works the same way as indicated in the figure by changing the IP and 

Regarding claim 5. The combination discloses the system according to claim 3.
Sandbu discloses, wherein the second load balancer (router 2 in the figure) is configured to:  forward the third access request packet from the target security forwarding device to the server (The figure discloses that router 2 is configured to forward packet from VPX to server2); 
record a MAC address of the forwarding side of the target security forwarding device in session information of an access session established with the server (The figure discloses the forwarding side of the VPX MAC address is used as a source address to forward packet from VPX to router 2. The router using the MAC address to response packet corresponds to storing); 
when a third response packet corresponding to the third access request packet returned by the server is received, rewrite a destination MAC address of the third response packet with the MAC address recorded in the session information to acquire a fourth response packet; and 	transmitting the fourth response packet to the target security forwarding device (The figure discloses the forwarding side of the VPX MAC address is used as a source address to forward packet from VPX to router 2. The router using the MAC address to use it to response packet corresponds to storing and converting the MAC address of the response packet from server 2 to MAC address of the interface 2 of VPX corresponds to rewriting and transmitting).  
Regarding claim 7. The combination discloses the system according to claim 1.
an IP address of the forwarding side of the target security forwarding device is the same as a virtual IP address of the second load balancer (figure 11-2 discloses the forwarding side of the firewalls and the CSM-B are in the same virtual subnet sharing similar IP address of the virtual LAN that corresponds to sharing same IP address).  
Regarding claim 13. Cisco discloses a load balancing method applicable to a target security forwarding device, comprising: 
receiving a second access request packet from a first load balancer (fig. 11-2, CSM-A is configured to receive packet through internet from client connected to the internet through CSM-A and forward it (second access request) to the selected firewall), wherein the target security forwarding device is one of a plurality of security forwarding devices and selected by the first load balancer with a scheduling algorithm (Cisco page. 2,  Configuring Regular Firewall Load Balancing discloses the CSM balances traffic among regular firewalls as if they were real servers. The algorithm used to select the firewalls corresponds to scheduling algorithm), the first load balancer is coupled to load sides of the plurality of security forwarding devices (fig. 11-2 discloses that CSM-A is coupled to load side of plurality of firewalls and CSM-B is coupled to forwarding side of the plurality of firewalls), and
transmitting the third access request packet to a second load balancer, so that the second load balancer transmits the third access request packet to the server, wherein the second load balancer is coupled to forwarding sides of the plurality of security forwarding devices (figure 11-2 discloses the CSM-B coupled to servers in intranet is configured to pass packet received from the forwarding side of the firewalls (third access request)).  
the load side of the plurality of security forwarding devices share a same IP address (fig. 11.2 discloses the load side of the plurality of firewalls are connected to VLAN 111 that shares the same IP address 25.0.11.10 that corresponds to shared IP address by the firewalls), and a virtual IP address of the first load balancer is the same as the IP address of the load sides of the plurality of security forwarding devices ((fig. 11.2 discloses the VLAN 11 IP address that corresponds to the shared IP address by VIP of catalyst 6500 (first load balancer) is the same with VLAN 111 IP address, IP address shared by the load side of the firewalls and  the forwarding side of the firewalls share the same IP address of VLAN 112 that is the same IP address of VLAN 200 that corresponds to VIP of the second catalyst 6500 (the second load balancer). Further configuring IP address of elements is performed using software programming on network elements and the forwarding elements could be assigned identifiers such as the VIP of the load balancer and the shared IP address of the firewalls to be the same and the elements can be programmed with rules to forward data across the network with specific order of elements and when specific addressing information is met. Where assigning IP address to elements or enabling the network elements communicate in certain way using programming of elements amount to using printed matter to effectuate data forwarding rule where the programming of the elements has no difference on the overall structure of the system or it does not have non-obvious functional relationship to the structure of the system hence according to MPEP is not given patentable weight. A large number of changes can be affected on the prior art by modifying the printed matter of the substrate to assign different addressing identifiers and adding forwarding rules to direct communication. However, the printed matter (programming) has no structural change on the system. According to In re DiStefano, 808 F.3d 845, 117 USPQ2d 1267-1268 (Fed. Cir. 2015). If a new and unobvious functional relationship between the printed matter and the substrate does not exist. USPTO personnel need not give patentable weight to printed matter. See In re Lowry, 32 F.3d 1579, 1583-84, 32 USPQ2d 1031, 1035 (Fed. Cir. 1994); In re Ngai, 367 F.3d 1336, 70 USPQ2d 1862 (Fed. Cir. 2004). The printed matter or display format do not have structural difference on the system). The IP addresses assigned in specific way to elements to enable the elements` forwarding to behave in specific way is taught by system that forwards data using addressing information. What identifier is assigned to elements is effectuated by programming that amounts to using printed matter to differentiate from the priors arts where that is an obvious variation that does not amount to an inventive concept); and
But, the combination does not explicitly disclose:
the second access request packet is generated by rewriting a destination MAC address of a first access request packet from a client with a MAC address of a load side of the target security forwarding device ;and 
constructing a third access request packet according to the second access request packet, wherein a source IP address of the third access request packet is an IP address 
However, in the same field of endeavor, Sandbu discloses the second access request packet is generated by rewriting a destination MAC address of a first access request packet from a client with a MAC address of a load side of the target security forwarding device (The figure discloses that the packet entering (second request) the VPX through interface 1 is addressed with the MAC address of interface 1 (MAC address of load side) as the destination MAC address that corresponds to rewriting the MAC address of the request to the load side MAC address of the VPX) 
constructing a third access request packet according to the second access request packet, wherein a source IP address of the third access request packet is an IP address of a forwarding side of the target security forwarding device, a destination MAC address of the third access request packet is a MAC address of the server (The figure discloses the packet exiting the VPX through the interface 2 with the source IP address of the forwarding side of VPX and the MAC address  of the receiving server corresponds to the constructed third access request with the addressing scheme of the claim);
Therefore, it would have been obvious to a person having ordinary skill in the art at the time of the invention was effectively filed to combine the teaching of the combination with Sandbu. The modification would allow layer 2 packet forwarding in a segmented network for a more network isolation in order to enable a secured network system.
Regarding claim 14. The combination discloses the method according to claim 13.

Regarding claim 15. The method according to claim 13, further comprising: 
All other limitations of claim 15 are similar with the limitations of claim 4 above. Claim 15 is rejected on the analysis of claim 4 above.
Claim 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Cisco, “Catalyst 6500 Series Switch Content Switching Module Installation and Configuration Note Software Release 4.1.”, and Sandbu, “Netscaler and Traffic Flow Explained”, further in view of Koponen (US pg. no. 20160080261).
Regarding claim 6. The combination discloses the system according to claim 5.
But the combination does not explicitly disclose:
 wherein the second load balancer is further configured to:
 query whether there exists a conflicting packet of the third access request packet in the session information of the access session established with the server, wherein a source IP address, a source port number, a destination IP address, and a destination port number of the conflicting packet are consistent with those of the third access request packet; and
 if there exists the conflicting packet of the third access request packet in the session 19PAR1914476US-MV information of the access session established with the server, perform NAT processing on a source port number of the third access request packet.  
However, in the same field of endeavor, Koponen discloses wherein the second load balancer is further configured to:
query whether there exists a conflicting packet of the third access request packet in the session information of the access session established with the server, wherein a source IP address, a source port number, a destination IP address, and a destination port number of the conflicting packet are consistent with those of the third access request packet ([0007] discloses the managed forwarding element (load balancer) to which the third virtual machine (server) connects will be processing packets (third request packet) and forwarding packets to the third virtual machine for two connections that, in certain important respects, appear identical that corresponds to detecting a conflicting packet (i.e., have the same set of characteristics defining the connection). However, because these connections are received via different tunnels, the managed forwarding element can perform conflict resolution (e.g., by modifying source IP addresses or port numbers, etc.). The query used to determine availability of conflict corresponds to query); and
 if there exists the conflicting packet of the third access request packet in the session 19PAR1914476US-MV information of the access session established with the server, perform NAT processing on a source port number of the third access request packet ([0007] discloses the managed forwarding element to which the third virtual machine connects will be processing packets and forwarding packets to the third virtual machine for two connections that, in certain important respects, appear identical (i.e., have the same set of characteristics defining the connection). However, because these connections are received via different tunnels, the managed forwarding element can perform conflict resolution (e.g., by modifying source IP addresses or port numbers, etc.) that corresponds to performing NAT processing on the port number. Thus, the third virtual machine will not receive packets from two different connections that it is unable to resolve).  
.
Claim 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Cisco, “Catalyst 6500 Series Switch Content Switching Module Installation and Configuration Note Software Release 4.1.”, and Sandbu, “Netscaler and Traffic Flow Explained”, further in view of Higgins (US pg. no. 20150163299).
Regarding claim 8. The combination discloses the system according to claim 1.
But the combination does not explicitly discloses wherein the first load balancer is further configured to use a scheduling algorithm and a used time length to select the target security forwarding device from the plurality of security forwarding devices.  
However, in the same field of endeavor, Higgins discloses wherein the first load balancer is further configured to use a scheduling algorithm ([0018] discloses the particular resources 62 may be selected according to a load balancing determination) and a used time length to select the target security forwarding device from the plurality of security forwarding devices ([0018] discloses load balancing determination may use any suitable load balancing algorithm or combination of algorithms, such as round robin, variable hash, least used resource (used time length).  
Therefore, it would have been obvious to a person having ordinary skill in the art at the time of the invention was effectively filed to combine the teaching of the combination with Higgins. The modification would allow effective task scheduling and device selection .

Claim 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over the Bommareddy (US pat. No. 6880089), further in view of Cisco, “Catalyst 6500 Series Switch Content Switching Module Installation and Configuration Note Software Release 4.1.”.
Regarding claim 16. A load balancing method, comprising: 
receiving, by a first load balancer, an ARP request packet from a client (col. 8, lines 36-45 discloses In a response to ARP request operation 216, the internal network flow controller 110 (load balancer) responds to an Address Resolution Protocol (ARP) request from the servers 150 to identify a Media Access Control (MAC) address associated with the firewall cluster IP); 
in response to determining that a destination IP address of the ARP request packet is the same as a virtual IP address of the first load balancer, transmitting, by the first load balancer an ARP response packet with a MAC address of the first load balancer to the client (col. 8, lines 36-45 discloses In a response to ARP request operation 216, the internal network flow controller 110 responds to an Address Resolution Protocol (ARP) request from the servers 150 to identify a Media Access Control (MAC) address associated with the firewall cluster IP. The external network flow controller 112 responds to an Address Resolution Protocol (ARP) request from the servers 150 to identify a Media Access Control (MAC) address associated with the firewall cluster IP (virtual IP address 
in response to receiving the ARP response packet, transmitting, by the client, a first access request packet to the first load balancer (fig. 4 discloses that the system is able to performing ARP address resolution and based on the address information from ARP request, performing communication between server 450 and client through cluster of firewalls 414 and 415 through load balancing internal and external hyper flow components 410 and 412 respectively); 
receiving, by the first load balancer, the first access request packet transmitted by the client (fig. 4, 430 router), and determining, by the first load balancer, whether a destination IP address of the first access request packet is the same as the virtual IP address of the first load balancer (fig. 4 discloses external hyperFlow component (fist load balancer) load balances traffic from router 430 to cluster of firewalls. The forwarding information referenced and  checked by the hyperFlow 412 to forward the data to the correct firewall corresponds to determining, by the first load balancer, whether a destination IP address of the first access request packet is the same as the virtual IP address of the first load balance. The system is capable of being programmed for assigning the VIP of hyperflow to be the same as Cext IP of the firewall cluster and use it as a rule to forward data. Where assigning IP address to elements or enabling the network elements communicate in certain way using programming of elements amount to using printed matter to effectuate data forwarding rule where the programming of the elements In re DiStefano, 808 F.3d 845, 117 USPQ2d 1267-1268 (Fed. Cir. 2015); 
in response to determining that the destination IP address of the first access request packet is the same as the virtual IP address of the first load balancer, rewriting, by the first load balancer, a destination MAC address in the first access request packet with a MAC address of the load side of a target security forwarding device to acquire a second access request packet (fig. 4 discloses that the hyperFlow 412 rewrites the MAC address of data MACCext of the external firewall cluster sharing IPcext address to send data to the firewall cluster. The address information (forwarding information) checked by HyperFlow 412 to select the correct destination corresponds to in response to determining that the destination IP address of the first access request packet is the same as the virtual IP address of the first load balancer. The system is capable of assigning the VIP of wherein the target security forwarding device is selected by the first load balancer with a scheduling algorithm from a plurality of security forwarding devices (col. 10, lines 4-12 discloses A first redirection operation is a set cluster identifier operation 522 in which the cluster address in the form of either the MAC address or the destination IP address is set to identify the cluster data structure. A bucket check operation 524 determines whether at least one bucket exists in a cluster data Structure. If the cluster data Structure does not include at least one bucket, a load balancing operation 526 retrieves an appropriate bucket that attains load balancing (selecting with scheduling algorithm); col. 10, lines 56-62 discloses “Dynamic Load Balancer for Multiple Network Servers'. It uses hashing to Separate data requests from clients into a plurality of buckets to consistently balance the load on a plurality of Servers. Buckets are dynamically assigned to the Server having the lightest load, as necessary. The load balancer tracks the State of each Server), the load sides of the plurality of security forwarding devices share a same IP address (fig. 4 discloses the load side (external side) of the firewall cluster shares the same IP IPCext), receiving, by the target security forwarding device, the second access request packet, constructing, by the target security forwarding device, a third access request packet, and transmitting, by the target security forwarding device, the constructed third access request packet to a second load balancer (fig. 4 discloses the firewall received data from the HyperFlow 412 and re-writes the address information to forward the data to The HyperFlow 410 discloses the firewall 2003 receives data from gateway 201 and constructs the packet with rewritten MAC address and send packet to dispatches 205);   Appl. No. 16/724,745Attorney Docket No. P59503 
receiving, by the second load balancer, the third access request packet from the target security forwarding device (fig. 4 discloses the hyperFlow 414 is capable of receiving data from the firewall cluster), and when a source IP address of the third access request packet is the same as a virtual IP address of the second load balancer, querying, by the second load balancer, whether the third access request packet is a conflicting packet (col.8, lines 52-60 discloses 10 and 112. The traffic distributor 300, in a select firewall for processing operation 310, Selects a firewall from among the firewall clusters 116 and 118 to forward the traffic based on information in the packet header. In a packet filtering operation 312 (querying), both the internal and the external network flow controller units 110 and 112 use the Source and destination IP address and port to identify the client-server flow that corresponds to checking for conflict on the packets. The system of fig. 4 is fully capable of being configured for the VIP of hyperFlow 414 and IPCint of the internal side of the firewall cluster to be the same and a forwarding rule to be associated with the IP similarity. In light of the teaching of the prior art, the above limitation is obvious because the difference is only printed matter that would be used to configure the devices); 
in response to determining that the third access request packet is not a conflicting packet, transmitting, by the second load balancer, the third access request packet to a server and recording, by the second load balancer, a MAC address of a forwarding side of the target security forwarding device in session information of an access session established with the server (fig. 4 discloses hyperFlow 410 sends data to server by rewriting the MAC address to the respective elements. The MAC address is re-written as packet traverse through 412, 416, 418, and 410. The system of fig. 4 is capable checking if no conflict exists in flow, and capable of being configured for the function, based on the 
receiving, by the second load balancer (fig. 4, 410), a third response packet corresponding to the third access request packet returned by the server (fig. 4 discloses the server 450 returned response for a request associated with the response to the HyperFlow 410), and setting, by the second load balancer, the MAC address recorded in the access session corresponding to the third access request packet as a destination MAC address of the third response packet to acquire a fourth response packet (fig. 4, discloses the HyperFlow 410 changes the destination MAC address to MACfirewall1 that is the MAC address recorded in the request towards the server or HyperFlow 410); 
in response to receiving the fourth response packet, constructing, by the target security forwarding device (fig. 4, firewall), a first response packet according to the fourth response packet, and transmitting, by the target security forwarding device, the first response packet to the first load balancer (fig. 4 discloses in response to receiving data from Hperflow 410 (second load balancer), the firewall1 constructs response packet and forwards it to HyperFlow 412) packet; and 
in response to receiving the first response packet, querying, by the first load balancer, session information corresponding to the first response packet, rewriting, by the first load balancer, a destination MAC address of the first response packet with a MAC address acquired from the session information to acquire a second response packet, and transmitting, by the first load balancer, the second response packet to the client (col. 9. 
But, Bommareddy does not explicitly disclose:
the virtual IP address of the first load balancer is the same as the IP address of the load sides of the plurality of security forwarding devices;
However, in the same field of endeavor, Cisco discloses the virtual IP address of the first load balancer is the same as the IP address of the load sides of the plurality of security forwarding devices (fig. 11.2 discloses the VLAN 11 IP address that corresponds to the shared IP address by VIP of catalyst 6500 (first load balancer) is the same with VLAN 111 IP address that is  IP address shared by the load side of the firewalls and  the forwarding side of the firewalls share the same IP address of VLAN 112 that is the same IP address of VLAN 200 that corresponds to VIP of the second catalyst 6500 (the second load balancer).
.
Claim 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Bommareddy (US pat. No. 6880089), and Cisco, “Catalyst 6500 Series Switch Content Switching Module Installation and Configuration Note Software Release 4.1.”, further in view of Xu (US pg. no. 20130165084).
Regarding claim 17. The combination discloses the method according to claim 16.
But, the combination does not explicitly disclose:  further comprising: in response to determining that the third access request packet is a conflicting packet, determining, by the second load balancer, a port number that is currently in an idle state 
performing, by the second load balancer, NAT on a source port number of the third access request packet with the port number that is currently in the idle state transmitting, by the second load balancer, the NAT-processed third access request packet to the server;
	However, in the same field of endeavor, Xu discloses, further comprising: in response to determining that the third access request packet is a conflicting packet, determining, by the second load balancer, a port number that is currently in an idle state  performing, by the second load balancer, NAT on a source port number of the third access request packet with the port number that is currently in the idle state ([0149] discloses In the event that the combination of IP addresses, port numbers, and protocol types used by APP-agent cooperative communications is the same as the combination used by application data traffic, the other logic module 927 may 
select a new, unused combination and communicate this new combination to the affected terminal nodes. Mapping the unused port to the source port for enabling data forwarding corresponds to performing NAT on the ports); 
	transmitting, by the second load balancer, the NAT-processed third access request packet to the server (0149] discloses In the event that the combination of IP addresses, port numbers, and protocol types used by APP-agent cooperative communications is the same as the combination used by application data traffic, the other logic module 927 may select a new, unused combination and communicate this new combination to the affected terminal nodes. Mapping the unused port to the source port for enabling data forwarding corresponds to performing NAT on the ports. The data communication after 
	Therefore, it would have been obvious to a person having ordinary skill in the art at the time of the invention was effectively filled to combine the teaching of the combination with Xu. The modification would allow resolving IP conflict among network elements to enable effective data communication to respective destination.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MESSERET F GEBRE whose telephone number is (571)272-8272.  The examiner can normally be reached on M-F 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar Louie can be reached on 571-2701684.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MESSERET F GEBRE/Examiner, Art Unit 2445                                                                                                                                                                                                        
/OSCAR A LOUIE/Supervisory Patent Examiner, Art Unit 2445                                                                                                                                                                                                        01/03/2022