Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This communication is in response to the amended application filed on 10/08/2021.
Claims 21-40 are pending. 
Claims 21, 27 and 33 are amended.
Response to Arguments
	Applicant’s arguments (“Remarks”) filed on 10/08/2021 have been considered, however, they are unpersuasive.
Regarding the rejection of claim 21
Applicant argues that the prior art does not explicitly teach 
“identify a particular packet of a network flow, wherein the packet is to be transformed in accordance with a packet processing requirement of an application implemented at least in part at an isolated virtual network at which the client-side component is also implemented.” Remarks at page 8.

Examiner respectfully disagrees. Hussain (Pub. No. US 2012/0057460 A1) teaches applications (see Hussain Abstract & ¶ [0010], packet is directed to one of multiple virtual services processing resources representing application-tailored engines – these virtual services processing resources are applications because they are separate software modules that perform separate functions as in Fig. 4 & ¶ [0037], “intelligently partitioning out the processing elements into application-tailored engines such as the VRE, VSE and ASE, and by distributing functions across them”), where those applications transform identified packets of a network flow according to the packet 
Applicant’s arguments that these application-tailored engines and the client-side components are not implemented at an isolated virtual network are unpersuasive. A (virtual private network) VPN is an isolated virtual network because it secures endpoints via encryption that only entities with proper key(s) get access too. Hussain ¶¶ [0087]-[0089] teach that the AES creates, terminates and transports tunnels for VPNs by performing a plurality of functions such as packet encapsulation. Therefore, the AES is an application that is part of the isolated virtual network (VPN). See also Fig. 2 & ¶ [0033], telework device utilizes IPsec tunnel/VPN via the engines in the client side switch 10.
Applicant furthermore argues that Hussain does not teach the transformation occurring at a client side component. However, Hussain does teach transformation happening in switch 10 in Fig. 1 which is a client side component according to Applicant’s Specification (“Spec.”) ¶ [0083], which teaches that a client side component can be in the backend, “The VMSs 1204 (e.g., 1204A, 1204B or 1204C) may be considered client-side components of the FMS in the depicted embodiment.” See also Spec. ¶ [0099], “VMSs and edge devices may thus be considered examples of client-side components of the FMS.”
Regarding the rejection of claims 27 and 33
	Applicant’s arguments with regard to claims 27 and 33 are rebutted in the same way as asserted above with regard to claim 21.
Regarding the double patenting rejection

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).

Claims 21-40 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over the claims of Patent No. 10,749,808 (“Pat. ‘808”).
Claim #
Present Application
Pat. ‘808
Claim #
21
One or more non-transitory computer-accessible storage media storing program instructions that when executed on or across one or more processors implement a client-side component of a flow management service, wherein the client-side component is configured to: 







identify a particular packet of a network flow, wherein the packet is to be transformed in accordance with a packet processing requirement of an application implemented at least in part at an isolated virtual network at which the client-side component is also 











detect, responsive to identifying the particular packet of the network flow, that a cache of rewriting directives at the client-side component does not include a rewriting directive generated for at least the network flow to transform packets in accordance with the packet processing requirement, wherein the cache of rewriting directives comprises a plurality of rewriting directives to transform packets in accordance with a plurality of different packet processing requirements; 

obtain, responsive to the detecting from a rewriting decisions tier of the flow management service different from the client-side component, a particular rewriting directive applicable to the network flow; 

store the obtained particular rewriting directive in the cache; 

and 2obtain the stored particular rewriting directive from the cache to generate a different transformed packet corresponding to a different packet of the network flow.


wherein each node set of the plurality of node sets is designated to transform packets of one or more respective network flows in accordance with one or more packet processing requirements of a plurality of packet processing requirements 







identify, within a cache of rewrite entries maintained at the particular node, the particular rewrite entry to be used to generate one or more transformed packets corresponding to the particular packet; 








generate the one or more transformed packets corresponding to the particular packet, and transmit, to one or more respective addresses identified in accordance with the particular rewrite entry, the one or more transformed packets.

27
A method, comprising: 















identifying, at a client-side component of a packet transformation tier, a particular packet of a network flow, wherein the packet is to be transformed in accordance with a packet processing requirement of an application implemented at least in part at an isolated virtual network at which the client-side component is also implemented;











detecting, responsive to identifying the particular packet of the network flow, that a cache of rewriting directives at the client-side component does not include a rewriting directive generated for at least the network flow to transform packets in accordance with the packet processing requirement, wherein the cache of rewriting 

obtaining, responsive to the detecting from a rewriting decisions tier of the flow management service different from the client-side component, a particular rewriting directive applicable to the network flow; 

storing the obtained particular rewriting directive in the cache; 

and obtaining the stored particular rewriting directive from the cache to generate a different transformed packet corresponding to a different packet of the network flow.


wherein each node set of the plurality of node sets is designated to transform packets of one or more respective network flows in accordance with one or more packet processing requirements of a plurality of packet processing requirements of the packet transformation tier…the first packet processing requirement associated with an application implemented at least in part at the first isolated virtual network…determine that a particular packet is part of the particular packet flow to be transformed in accordance with the first packet processing requirement, and responsive to the determining…







identify, within a cache of rewrite entries maintained at the particular node, the particular rewrite entry to be used to generate one or more 










generate the one or more transformed packets corresponding to the particular packet, and transmit, to one or more respective addresses identified in accordance with the particular rewrite entry, the one or more transformed packets.


A system, comprising:





a multi-tier network flow management service comprising a packet transformation tier and a rewriting decisions tier; and a computing device implementing a client-side component of the packet transformation tier configured to: 



identify a particular packet of a network flow, wherein the packet is to be transformed in accordance with a packet processing requirement of an application implemented at least in part at an isolated virtual network at which 











detect, responsive to identifying the particular packet of the network flow, that a cache of rewriting directives at the client-side component does not include a rewriting directive generated for at least the network flow to transform packets in accordance with the packet processing requirement, wherein the cache of rewriting directives comprises a plurality of rewriting directives to transform packets in accordance with a plurality of different packet processing requirements; 

obtain, responsive to the detecting from a rewriting decisions tier of the flow management service different from the client-side component, a particular rewriting directive applicable to the network flow; 

store the obtained particular rewriting directive in the cache; 

and obtain the stored particular rewriting directive from the cache to generate a different transformed packet corresponding to a different packet of the network flow.

a multi-tier network flow management service of the provider network, wherein the service includes a packet transformation tier and a rewriting decisions tier, wherein the packet transformation tier comprises a plurality of node sets each comprising one or more node,

wherein each node set of the plurality of node sets is designated to transform packets of one or more respective network flows in accordance with one or more packet processing requirements of a plurality of 







identify, within a cache of rewrite entries maintained at the particular node, the particular rewrite entry to be used to generate one or more transformed packets corresponding to the particular packet; 











generate the one or more transformed packets corresponding to the particular packet, and transmit, to one or more respective addresses identified in accordance with the 



Although the independent claims here are not exactly the same as claim 1 of Pat. ‘808, they are not patentably distinct in view of Pat. 808 and Thubert (Pub. No. US 2016/0277440 A1). Thubert Fig. 6 & ¶¶ [0077]-[0078] and [0083], a determination is made by the device as to whether an L3 address indicated by the packet matches an L2 address in the cache of the device – if there is no associated L2 entry for the packet in the cache, the device obtains an L2 address from another node and adds that L2 address entry into its cache to forward subsequent packets.

	Claims 22, 28 and 34 here are not patentably distinct in view of limitations in claim 1 of Pat. ‘808.
	Claims 23, 29 and 35 here are not patentably distinct in view of Pat. 808 and Thubert. Thubert Fig. 6 & ¶ [0083], device sends L3 address from the packet to another device.
Claims 24, 30 and 36 here are not patentably distinct in view of limitations in claim 1 of Pat. ‘808.
Claims 25 and 31 here are not patentably distinct in view of limitations in claim 1 of Pat. ‘808.
	Claims 26, 32 and 39 here are not patentably distinct in view of Pat. 808 and Balasubramanian (Pub. No. US 2014/0119374 A1). Balasubramanian ¶ [0087], entries from the cache are purged based on a detection of a flow termination.
Claim Rejections - 35 U.S.C. § 103

The following is a quotation of 35 U.S.C. § 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. § 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 21-25, 27-31, 33-36 and 38 are rejected under 35 U.S.C. § 103 as being unpatentable over Hussain (Pub. No. US 2012/0057460 A1) in view of Thubert (Pub. No. US 2016/0277440 A1).

(Hussain Figs. 1 & 4 and ¶ [0010], packets that are part of a packet flow are processed and fields are manipulated with the help of a packet flow cache to allow VPN functionality; see also ¶¶ [0034]-[0035], the application based engines [applications] transform packets according to the application’s requirements to allow for VPN functionality and therefore are implemented at least in part at an isolated virtual network; see also ¶¶ [0087] & [0089], the ASE performs packet transformation for security to implement an isolated virtual network); detect, responsive to identifying the particular packet of the network flow, that a cache of rewriting directives at the client-side component does not include a rewriting directive generated for at least the network flow to transform packets in accordance with the packet processing requirement, wherein the cache of rewriting directives comprises a plurality of rewriting directives to transform packets in accordance with a plurality of different packet processing requirements (Hussain ¶ [0010], packet flow cache contains packet processing actions or packet field manipulations; see also ¶ [0079]-[0080], cache allows for identification of packet processing/manipulation requirements; see also ¶ [0081], a determination is made that that caching for a packet that is part of a flow hasn’t been set up); obtain, responsive to the detecting from a rewriting decisions tier of the flow management service a particular rewriting directive applicable to the network flow (Hussain ¶¶ [0080]-[0081], processing actions and packet manipulations for packets of a flow are set up and stored in the cache); store the obtained particular rewriting directive in the cache (Hussain ¶¶ [0080]-[0081], processing actions and packet manipulations for packets of a flow are set up and stored in the cache); and 2obtain the stored particular rewriting directive from the cache to generate a different transformed packet corresponding to a different packet of the network flow (Hussain ¶¶ [0080]-[0081], processing actions and packet manipulations for packets of a flow are set up and stored in the cache causing different packets of the packet flow to be routed according to the cache entries).
Hussain does not explicitly teach obtain, responsive to the detecting from a rewriting decisions tier of the flow management service different from the client-side component, a particular rewriting directive applicable to the network flow.
However, Thubert teaches detect that a cache does not have a rewriting directive and obtain, responsive to the detecting from a rewriting decisions tier of the flow management service different from the client-side component, a particular rewriting directive applicable to the network flow (Thubert Fig. 6 & ¶¶ [0077]-[0078] and [0083], a determination is made by the device as to whether an L3 address indicated by the packet matches an L2 address in the cache of the device – if there is no associated L2 entry for the packet in the cache, the device obtains an L2 address from another node and adds that L2 address entry into its cache to forward subsequent packets).
Thubert ¶ [0083]. Furthermore, this is merely combining prior art elements according to known methods to yield predictable result. MPEP 2143(I).

Regarding claim 22, Hussain and Thubert teach the one or more non-transitory computer-accessible storage media as recited in claim 21. Hussain furthermore teaches wherein the client-side component is further configured to: generate, using the obtained particular rewriting directive, a transformed packet corresponding to the particular packet (Hussain ¶ [0010], “A packet flow cache is maintained by the virtual routing processing resources by setting up packet flow entries for each established packet flow containing information indicative of packet processing actions or packet field manipulations”); and transmit the transformed packet to respective destinations (Hussain ¶ [0010], “the received packet is returned to the selected virtual routing processing resource for forwarding”).

Regarding claim 23, Hussain and Thubert teach the one or more non-transitory computer-accessible storage media as recited in claim 21. 

However, Thubert teaches wherein to obtain the particular rewriting directive applicable to the network flow, the client-side component is configured to transmit at least a portion of the particular packet to a component of the flow management service other than the client-side component (Thubert Fig. 6 & ¶ [0083], device sends L3 address from the packet to another device).
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Hussain and Thubert to teach that upon not finding a routing address entry in the local cache of a device, the device should request the routing address entry from another device and store the received address as a new entry in the cache “for allowing direct forwarding of subsequent packets addressed to the same address.” Thubert ¶ [0083]. Furthermore, this is merely combining prior art elements according to known methods to yield predictable result. MPEP 2143(I).
Regarding claim 24, Hussain and Thubert teach the one or more non-transitory computer-accessible storage media as recited in claim 21. Hussain furthermore teaches wherein the client-side component is further configured to: receive the particular packet of the network flow at a virtual network interface associated with the packet processing requirement (Hussain Fig. 4 & ¶ [0046]-[0047], traffic is forwarded to the virtual network interface of an engine).

Regarding claim 25, Hussain and Thubert teach the one or more non-transitory computer-accessible storage media as recited in claim 21. Hussain furthermore teaches wherein the network flow is one of a plurality of packet flows comprising packets to be transformed in accordance with a plurality of different packet processing requirements (Hussain ¶ [0010], “A packet flow cache is maintained by the virtual routing processing resources by setting up packet flow entries for each established packet flow containing information indicative of packet processing actions or packet field manipulations”; see also¶¶ [0100] & [0102], about the different types of processing requirements for the packet).

Regarding claim 27, Hussain teaches a method, comprising: identifying, at a client-side component of a packet transformation tier, a particular packet of a network flow, wherein the packet is to be transformed in accordance with a packet processing requirement of an application implemented at least in part at an isolated virtual network at which the client-side component is also implemented (Hussain Figs. 1 & 4 and ¶ [0010], packets that are part of a packet flow are processed and fields are manipulated with the help of a packet flow cache to allow VPN functionality; see also ¶¶ [0034]-[0035], the application based engines [applications] transform packets according to the application’s requirements to allow for VPN functionality and therefore are implemented at least in part at an isolated virtual network; see also ¶¶ [0087] & [0089], the ASE performs packet transformation for security to implement an isolated virtual network); detecting, responsive to identifying the (Hussain ¶ [0010], packet flow cache contains packet processing actions or packet field manipulations; see also ¶ [0079]-[0080], cache allows for identification of packet processing/manipulation requirements; see also ¶ [0081], a determination is made that that caching for a packet that is part of a flow hasn’t been set up); obtaining, responsive to the detecting from a rewriting decisions tier of the flow management service, a particular rewriting directive applicable to the network flow (Hussain ¶¶ [0080]-[0081], processing actions and packet manipulations for packets of a flow are set up and stored in the cache); storing the obtained particular rewriting directive in the cache (Hussain ¶¶ [0080]-[0081], processing actions and packet manipulations for packets of a flow are set up and stored in the cache); and obtaining the stored particular rewriting directive from the cache to generate a different transformed packet corresponding to a different packet of the network flow (Hussain ¶¶ [0080]-[0081], processing actions and packet manipulations for packets of a flow are set up and stored in the cache causing different packets of the packet flow to be routed according to the cache entries).
Hussain does not explicitly teach obtain, responsive to the detecting from a rewriting decisions tier of the flow management service different from the client-side component, a particular rewriting directive applicable to the network flow.
(Thubert Fig. 6 & ¶¶ [0077]-[0078] and [0083], a determination is made by the device as to whether an L3 address indicated by the packet matches an L2 address in the cache of the device – if there is no associated L2 entry for the packet in the cache, the device obtains an L2 address from another node and adds that L2 address entry into its cache to forward subsequent packets).
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Hussain and Thubert to teach that upon not finding a routing address entry in the local cache of a device, the device should request the routing address entry from another device and store the received address as a new entry in the cache “for allowing direct forwarding of subsequent packets addressed to the same address.” Thubert ¶ [0083]. Furthermore, this is merely combining prior art elements according to known methods to yield predictable result. MPEP 2143(I).

Regarding claim 28, Hussain and Thubert teach the method as recited in claim 27. Hussain furthermore teaches generating, using the obtained particular rewriting directive, a transformed packet corresponding to the particular packet (Hussain ¶ [0010], “A packet flow cache is maintained by the virtual routing processing resources by setting up packet flow entries for each established packet flow containing information indicative of packet processing actions or packet field manipulations”); and transmitting the transformed packet to respective destinations (Hussain ¶ [0010], “the received packet is returned to the selected virtual routing processing resource for forwarding”).

Regarding claim 29, Hussain and Thubert teach the method as recited in claim 27. 
Hussain does not explicitly teach wherein to obtain the particular rewriting directive applicable to the network flow, the client-side component is configured to transmit at least a portion of the particular packet to a component of the flow management service other than the client-side component.
However, Thubert teaches wherein to obtain the particular rewriting directive applicable to the network flow, the client-side component is configured to transmit at least a portion of the particular packet to a component of the flow management service other than the client-side component (Thubert Fig. 6 & ¶ [0083], device sends L3 address from the packet to another device).
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Hussain and Thubert to teach that upon not finding a routing address entry in the local cache of a device, the device should request the routing address entry from another device and store the received address as a new entry in the cache “for allowing direct forwarding of subsequent packets addressed to the same address.” Thubert ¶ [0083]. Furthermore, MPEP 2143(I).

Regarding claim 30, Hussain and Thubert teach the method as recited in claim 27. Hussain furthermore teaches receiving the particular packet of the network flow at a virtual network interface associated with the packet processing requirement (Hussain Fig. 4 & ¶ [0046]-[0047], traffic is forwarded to the virtual network interface of an engine).

Regarding claim 31, Hussain and Thubert teach the method as recited in claim 27. Hussain furthermore teaches wherein the network flow is one of a plurality of packet flows comprising packets to be transformed in accordance with a plurality of different packet processing requirements (Hussain ¶ [0010], “A packet flow cache is maintained by the virtual routing processing resources by setting up packet flow entries for each established packet flow containing information indicative of packet processing actions or packet field manipulations”; see also¶¶ [0100] & [0102], about the different types of processing requirements for the packet).
Regarding claim 33, Hussain teaches a system, comprising: a multi-tier network flow management service comprising a packet transformation tier and a rewriting decisions tier (Hussain Figs. 3 & 4 and ¶¶ [0010] & [0035], the IPSG device 20 in Fig. 3 comprises application engines that perform packet transformation tier and manipulation and therefore Hussain teaches both of the claimed tiers – for example, the ASE can be interpreted as the rewriting decision/packet transformation tier which performs TTL decrementing and prepending a tunnel header as in ¶ [0104], VRE can be interpreted as the rewriting decision/packet transformation tier according to ¶ [0102]); and a computing device implementing a client-side component of the packet transformation tier configured (Hussain Figs. 1 & 3 and ¶¶ [0010] & [0032], switch 10 in Fig. 1 is on the remote office side (client side) and contains multiple IP service generator devices (Fig. 3, IPSG 20)) to: identify a particular packet of a network flow, wherein the packet is to be transformed in accordance with a packet processing requirement of an application implemented at least in part at an isolated virtual network at which the client-side component is also implemented (Hussain [0010], packets that are part of a packet flow are processed and fields are manipulated with the help of a packet flow cache to allow VPN functionality; see also ¶¶ [0034]-[0035], the application based engines [applications] transform packets according to the application’s requirements to allow for VPN functionality and therefore are implemented at least in part at an isolated virtual network; see also ¶¶ [0087] & [0089], the ASE performs packet transformation for security to implement an isolated virtual network); detect, responsive to identifying the particular packet of the network flow, that a cache of rewriting directives at the client-side component does not include a rewriting directive generated for at least the network flow to transform packets in accordance with the packet processing requirement, wherein the cache of rewriting directives comprises a plurality of rewriting directives to transform packets in accordance with a plurality of different packet processing requirements (Hussain ¶ [0010], packet flow cache contains packet processing actions or packet field manipulations; see also ¶ [0079]-[0080], cache allows for identification of packet processing/manipulation requirements; see also ¶ [0081], a determination is made that that caching for a packet that is part of a flow hasn’t been set up); obtain, responsive to the detecting a particular rewriting directive applicable to the network flow (Hussain ¶¶ [0080]-[0081], processing actions and packet manipulations for packets of a flow are set up and stored in the cache); store the obtained particular rewriting directive in the cache (Hussain ¶¶ [0080]-[0081], processing actions and packet manipulations for packets of a flow are set up and stored in the cache); and obtain the stored particular rewriting directive from the cache to generate a different transformed packet corresponding to a different packet of the network flow (Hussain ¶¶ [0080]-[0081], processing actions and packet manipulations for packets of a flow are set up and stored in the cache causing different packets of the packet flow to be routed according to the cache entries).
Hussain does not explicitly teach obtain, responsive to the detecting from a rewriting decisions tier of the flow management service different from the client-side component, a particular rewriting directive applicable to the network flow.
However, Thubert teaches detect that a cache does not have a rewriting directive and obtain, responsive to the detecting from a rewriting decisions tier of the flow management service different from the client-side component, a particular rewriting directive applicable to the network flow (Thubert Fig. 6 & ¶¶ [0077]-[0078] and [0083], a determination is made by the device as to whether an L3 address indicated by the packet matches an L2 address in the cache of the device – if there is no associated L2 entry for the packet in the cache, the device obtains an L2 address from another node and adds that L2 address entry into its cache to forward subsequent packets).
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Hussain and Thubert to teach that upon not finding a routing address entry in the local cache of a device, the device should request the routing address entry from another device and store the received address as a new entry in the cache “for allowing direct forwarding of subsequent packets addressed to the same address.” Thubert ¶ [0083]. Furthermore, this is merely combining prior art elements according to known methods to yield predictable result. MPEP 2143(I).

Regarding claim 34, Hussain and Thubert teach the system as recited in claim 33. Hussain furthermore teaches wherein the client-side component is further configured to: generate, using the obtained particular rewriting directive, a transformed packet corresponding to the particular packet (Hussain ¶ [0010], “A packet flow cache is maintained by the virtual routing processing resources by setting up packet flow entries for each established packet flow containing information indicative of packet processing actions or packet field manipulations”); and transmit the transformed packet to respective destinations (Hussain ¶ [0010], “the received packet is returned to the selected virtual routing processing resource for forwarding”).


Hussain does not explicitly teach wherein to obtain the particular rewriting directive applicable to the network flow, the client-side component is configured to transmit at least a portion of the particular packet to a component of the flow management service other than the client-side component.
However, Thubert teaches wherein to obtain the particular rewriting directive applicable to the network flow, the client-side component is configured to transmit at least a portion of the particular packet to a component of the flow management service other than the client-side component (Thubert Fig. 6 & ¶ [0083], device sends L3 address from the packet to another device).
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Hussain and Thubert to teach that upon not finding a routing address entry in the local cache of a device, the device should request the routing address entry from another device and store the received address as a new entry in the cache “for allowing direct forwarding of subsequent packets addressed to the same address.” Thubert ¶ [0083]. Furthermore, this is merely combining prior art elements according to known methods to yield predictable result. MPEP 2143(I).
Regarding claim 36, Hussain and Thubert teach the system as recited in claim 33. Hussain furthermore teaches wherein the client-side component is further configured to: receive the particular packet of the network flow at a virtual network (Hussain Fig. 4 & ¶ [0046]-[0047], traffic is forwarded to the virtual network interface of an engine).

Regarding claim 38, Hussain and Thubert teach the system as recited in claim 33. Hussain furthermore teaches wherein the network flow is one of a plurality of packet flows comprising packets to be transformed in accordance with a plurality of different packet processing requirements (Hussain ¶ [0010], “A packet flow cache is maintained by the virtual routing processing resources by setting up packet flow entries for each established packet flow containing information indicative of packet processing actions or packet field manipulations”; see also¶¶ [0100] & [0102], about the different types of processing requirements for the packet).

Claims 26, 32 and 39 are rejected under 35 U.S.C. § 103 as being unpatentable over Hussain (Pub. No. US 2012/0057460 A1) in view of Thubert (Pub. No. US 2016/0277440 A1) and further in view of Balasubramanian (Pub. No. US 2014/0119374 A1).
Regarding claim 26, Hussain and Thubert teach the one or more non-transitory computer-accessible storage media as recited in claim 21, wherein the client-side component is further configured to: clear the particular rewriting directive from the cache responsive to receiving a request to terminate the network flow.
Hussain and Thubert do not explicitly teach wherein the client-side component is further configured to: clear the particular rewriting directive from the cache responsive to receiving a request to terminate the network flow.
(Balasubramanian ¶ [0087], entries from the cache are purged based on a detection of a flow termination).
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Hussain, Thubert and Balasubramanian to teach purging the cache based on a termination of a flow because it allows for the system to “detect and delete relatively older or stale flows” thereby conserving cache space. Balasubramanian ¶ [0087]. Furthermore, this is 
combining prior art elements (cache for quick access to information) according to known methods (purging cache) to yield predictable result (conserving memory/storage resources). MPEP 2143(I).

Regarding claim 32, Hussain and Thubert teach the method as recited in claim 27, further comprising.
Hussain and Thubert do not explicitly teach clearing the particular rewriting directive from the cache responsive to receiving a request to terminate the network flow.
However, Balasubramanian teaches clearing the particular rewriting directive from the cache responsive to receiving a request to terminate the network flow (Balasubramanian ¶ [0087], entries from the cache are purged based on a detection of a flow termination).
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Hussain, Balasubramanian ¶ [0087]. Furthermore, this is 
combining prior art elements (cache for quick access to information) according to known methods (purging cache) to yield predictable result (conserving memory/storage resources). MPEP 2143(I).

Regarding claim 39, Hussain and Thubert teach the system as recited in claim 33. 
Hussain and Thubert do not explicitly teach wherein the client-side component is further configured to: clear the particular rewriting directive from the cache responsive to receiving a request to terminate the network flow.
However, Balasubramanian teaches wherein the client-side component is further configured to: clear the particular rewriting directive from the cache responsive to receiving a request to terminate the network flow (Balasubramanian ¶ [0087], entries from the cache are purged based on a detection of a flow termination).
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Hussain, Thubert and Balasubramanian to teach purging the cache based on a termination of a flow because it allows for the system to “detect and delete relatively older or stale flows” thereby conserving cache space. Balasubramanian ¶ [0087]. Furthermore, this is 
combining prior art elements (cache for quick access to information) according to known methods (purging cache) to yield predictable result (conserving memory/storage MPEP 2143(I).

Claim 37 is rejected under 35 U.S.C. § 103 as being unpatentable over Hussain (Pub. No. US 2012/0057460 A1) in view of Thubert (Pub. No. US 2016/0277440 A1) and further in view of Tang (Pub. No. US 2016/0259659 A1).

Regarding claim 37, Hussain and Thubert teach the system as recited in claim 36. 
Hussain and Thubert do not explicitly teach wherein the rewriting decisions tier is configured to: assign a network address to the virtual network interface associated with the packet processing requirement.
However, Tang teaches wherein the rewriting decisions tier is configured to: assign a network address to the virtual network interface associated with the packet processing requirement (Smith ¶ [0031] & [0040], VNIC is assigned an address).
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Hussain, Thubert and Tang to teach assigning an address to a VNIC because merely combining prior art elements (virtual interfaces) according to known methods (assigning addresses to interfaces) to yield predictable result (wherein assigning an address to an interface allows for the interface to send and receive data). MPEP 2143(I).

40 is rejected under 35 U.S.C. § 103 as being unpatentable over Hussain (Pub. No. US 2012/0057460 A1) in view of Thubert (Pub. No. US 2016/0277440 A1) and further in view of Saladi (Pub. No. US 2016/0070587 A1).

Regarding claim 40, Hussain and Thubert teach the system as recited in claim 33. 
Hussain and Thubert do not explicitly teach wherein the computing device comprises a virtualization host, wherein the application is implemented at least in part on a guest virtual machine of the virtualization host.
However, Saladi teaches wherein the computing device comprises a virtualization host, wherein the application is implemented at least in part on a guest virtual machine of the virtualization host (Saladi Fig. 2 & ¶ [0027], guest VM runs applications; see also ¶ [0028], VMs run on top of a hypervisor 230 which runs on top of the hardware).
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Hussain, Thubert and Saladi to teach an application of a guest VM because it greatly improves “the flexibility of resource allocation.” Saladi ¶ [0001].
Conclusion
THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY P TOLCHINSKY whose telephone number is (571)270-0599.  The examiner can normally be reached on m-f (9:30-6:30PM).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Umar Cheema can be reached on 571-270-3037.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 




Gregory P. Tolchinsky
/G.P.T./Examiner, Art Unit 2454                                                                                                                                                                                                        01/04/2022

/Brian Whipple/Primary Examiner, Art Unit 2454                                                                                                                                                                                                        1/4/2022