Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-8, 10-15 17-21 is/are rejected under 35 U.S.C. 103 as being unpatentable over TUMULURU et al. (U.S. Pub No.2018/0069924 A1) in view of AKIYOSHI (U.S. Pub No. 2016/0157274 A1).


1. TUMULURU teaches a method for a network device to perform service insertion ina public cloud environment that includes a first virtual network and a second virtual network [par 0025, 0026, Cloud computing environment 170 supports the creation of a virtual data center 180 having a plurality of virtual machines 172 instantiated to, for example, host deployed multi-tier applications. Virtual data center 180 includes one or more virtual networks 182 used to communicate between VMs 172 and managed by at least one networking gateway component (e.g., gateway 184), as well as one or more isolated internal networks 186 not connected to gateway 184. Gateway 184 (e.g., executing as a virtual machine) is configured to provide VMs 172 and other components in cloud computing environment 170 with connectivity to an external network 140 (e.g., Internet)|, wherein the method comprises: in response to receiving a first encapsulated packet from a first virtualized computing instance located in the first virtual network, generating, by the network device, a decapsulated packet by performing decapsulation to remove, from the first encapsulated packet, a first outer header that is addressed from the first virtualized computing instance to the network device [par 0052, the packets may all have the same source and destination IP address in their outer headers and be placed based on RSS/RPS hashing into the same queue, which can create an undesirable bottleneck. One embodiment provides an enhancement to RPS that looks deeper in received packets at internal IP addresses rather than just IP addresses in the outer header. In one embodiment, L2 concentrator 185 determines whether a received packet is a FOU packet and, if such is the case, L2 concentrator 185 looks deeper at an IPsec outer IP address, which is used to hash and place the FOU packet in a receive queue associated with a CPU that removes the FOU header, decrypts and decapsulates the IPsec packet, and removes the GRE header]; sending, by the network device, the decapsulated packet, or generating and sending, by the network device, a second encapsulated packet that includes a second outer header and the decapsulated packet, towards a destination address of the decapsulated packet [par 0052, Doing so distributes FOU packets would otherwise hash to the same queue across different queues, thereby providing performance parallelism. In a particular embodiment, the hash on the IPsec outer IP address may include computing the outer IP address modulo a number of available CPUs or cores. After CPUs or cores 460.sub.i process packets, the packets are sent to respective transmit queues 470.sub.i for transmission over a cloud-side network to which L2 concentrator 185 is connected], wherein the service path and the network device are both located in the second virtual network [par 0026, Gateway 184 is a WAN facing device providing services such as intelligent routing, traffic steering, WAN optimization, encryption, etc. Gateway 184 may be configured to provide virtual private network (VPN) connectivity over a network 140 with another VPN endpoint, such as a gateway 124 within virtualized computing system 102. In other embodiments, gateway 184 may be configured to connect to communicate with virtualized computing system 102 using a high-throughput, dedicated link between virtualized computing system 102 and cloud computing system 150].
 TUMULURU fail to show based on one or more characteristics of the decapsulated packet, identifying, by the network device, a service path specified by a service insertion rule, wherein the service path and the network device are both located in the second virtual network; sending, by the network device, the decapsulated packet to the service path to cause the service path to process the decapsulated packet according to one or more services; and in response to the network device receiving the decapsulated packet processed by the service path,
 	In an analogous art AKIYOSHI show based on one or more characteristics of the decapsulated packet, identifying, by the network device, a service path specified by a service insertion rule [par 0079, The packet forward section 12, in accordance with the packet forward rule, can exchange information related to the logical path termination processing with the logical path module 11 concurrently with packet forwarding. Moreover, the packet forward section 12 manages the logical path module 11 as a logical port P.sub.L similarly to a physical port. That is, when a packet is received from the logical port P.sub.L, the identification information of the logical path 50 to which this packet belongs is received as metadata along with the decapsulated data packet, wherein the service path and the network device are both located in the second virtual network]; sending, by the network device, the decapsulated packet to the service path to cause the service path to process the decapsulated packet according to one or more services; and in response to the network device receiving the decapsulated packet processed by the service path [par 0078, 0091, The decapsulation function section 103, when receiving a packet belonging to the logical path 50, decapsulates the received packet and then outputs the decapsulated data packet to the packet forward section 12 and also outputs the identification information of the logical path 50 included in the outer header to the packet forward section 12 as metadata. The logical path module 11, when identifying the logical path 50 based on header information in an input data packet, decapsulates the data packet and outputs the decapsulated data packet to the packet forward section 12 and also outputs metadata including the identification information of the logical path 50 to the packet forward section 12].
 	Before the effective filing date it would have been obvious to one of ordinary skill in the art to combine the teachings of TUMULURU and AKIYOSHI because communication system in which a logical path is configured in a network to perform communication, comprising: second gateways, which are deployed for a plurality of first gateways.


3. TUMULURU and AKIYOSHI displays the method of claim 1, TUMULURU fail to show wherein sending the decapsulated packet to the service path comprises: based on the service insertion rule, sending the decapsulated packet to a first service virtualized computing instance located on the service path in the second virtual network.
 	In an analogous art AKIYOSHI show wherein sending the decapsulated packet to the service path comprises: based on the service insertion rule, sending the decapsulated packet to a first service virtualized computing instance located on the service path in the second virtual network [par 0078, 0079, The decapsulation function section 103, when receiving a packet belonging to the logical path 50, decapsulates the received packet and then outputs the decapsulated data packet to the packet forward section 12 and also outputs the identification information of the logical path 50 included in the outer header to the packet forward section 12 as metadata. The packet forward section 12 performs packet forwarding in accordance with a packet forward rule from the control apparatus 20. The packet forward section 12, in accordance with the packet forward rule, can exchange information related to the logical path termination processing with the logical path module 11 concurrently with packet forwarding].
 	Before the effective filing date it would have been obvious to one of ordinary skill in the art to combine the teachings of TUMULURU and AKIYOSHI because communication system in which a logical path is configured in a network to perform communication, comprising: second gateways, which are deployed for a plurality of first gateways.


4. TUMULURU and AKIYOSH illustrate the method of claim 3, TUMULURU fail to show wherein sending the decapsulated packet to the service path comprises: identifying that the first service virtualized computing instance is assigned with an active role based on a control-plane advertisement or a data-plane probe from the first service virtualized computing instance, wherein the first service virtualized computing instance and a second service virtualized computing instance are configured as a high availability (HA) pair
 	In an analogous art AKIYOSHI show wherein sending the decapsulated packet to the service path comprises: identifying that the first service virtualized computing instance is assigned with an active role based on a control-plane advertisement or a data-plane probe from the first service virtualized computing instance, wherein the first service virtualized computing instance and a second service virtualized computing instance are configured as a high availability (HA) pair [par 0206, The core system 701 includes a virtual S-GW 740 that is constructed by using software such as Virtual Machine. The virtual S-GW 740 includes a C-plane S-GW and a plurality of U-plane S- GWs 740-1 and 740-2 that correspond to the plurality of P-GWs 720-1 and 720-2, respectively. For example, the virtual S-GW 740 is constructed by activating software such as Virtual Machine on a server or general communication equipment. The C-plane S-GW 730 may be an apparatus different from an apparatus on which the virtual S-GW 740 is constructed. Moreover, it is also possible that the C-plane S-GW 730 is constructed by using software such as Virtual Machine on the apparatus on which the virtual S-GW 740 is constructed].


5. TUMULURU and AKIYOSHI provide the method of claim 1, TUMULURU fail to show wherein sending the decapsulated packet towards the destination address comprises: sending the decapsulated packet towards the destination address associated with a destination located in an external network, wherein the network device connects the first virtualized computing instance to the external network.
 	In an analogous art AKIYOSHI show wherein sending the decapsulated packet towards the destination address comprises: sending the decapsulated packet towards the destination address associated with a destination located in an external network, wherein the network device connects the first virtualized computing instance to the external network [par 0059, 0244, if the logical path 50 is constructed in multiple stages in a cascaded manner, not a combination of decapsulating processing and encapsulating processing but a modification to information included in the outer header may be performed. Examples of the information to be modified include, but are not limited to, information for identifying a logical path included in the outer header, such as source and destination IP addresses and a Tunneling Endpoint Identifier (TEID). The U- plane S-GW 740-2 forwards a packet to the IPsec function 7712. The IPsec function 7712 encrypts the packet. The IPsec function 7712 determines which of the IPsec GWs 780-1 and 780-2 the packet is forwarded to, based on the destination IP address of the packet. If the destination IP address is IP address (A), which is the address of the virtual S-GW 740]
 	Before the effective filing date it would have been obvious to one of ordinary skill in the art to combine the teachings of TUMULURU and AKIYOSHI because communication system in which a logical path is configured in a network to perform communication, comprising: second gateways, which are deployed for a plurality of first gateways.

6. TUMULURU and AKIYOSHI displays the method of claim 1, TUMULURU fail to show wherein generating the second encapsulated packet comprises: generating the second encapsulated packet by encapsulating the decapsulated packet with a second outer header, wherein the second outer header is addressed from the network device to a second virtualized computing instance located in the first virtual network.
 	In an analogous art AKIYOSHI show wherein generating the second encapsulated packet comprises: generating the second encapsulated packet by encapsulating the decapsulated packet with a second outer header, wherein the second outer header is addressed from the network device to a second virtualized computing instance located in the first virtual network [par 0078, The encapsulation function section 102 performs encapsulation based on a data packet input from the packet forward section 12 and metadata including identification information for identifying the logical path 50 and sends the resultant as a packet belonging to the logical path 50. Note that it is also possible to mark the header of a packet with QoS (Quality of Service) information at the time of encapsulation. The decapsulation function section 103, when receiving a packet belonging to the logical path 50, decapsulates the received packet and then outputs the decapsulated data packet to the packet forward section 12 and also outputs the identification information of the logical path 50 included in the outer header to the packet forward section 12 as metadata].
 	Before the effective filing date it would have been obvious to one of ordinary skill in the art to combine the teachings of TUMULURU and AKIYOSHI because communication system in which a logical path is configured in a network to perform communication, comprising: second gateways, which are deployed for a plurality of first gateways


7. TUMULURU and AKIYOSHI describe the method of claim 1, TUMULURU fail to show wherein the method further comprises: prior to receiving the first encapsulated packet, configuring the service insertion rule in a route table associated with a subnet interface.
 	In an analogous at AKIYOSHI show wherein the method further comprises: prior to receiving the first encapsulated packet, configuring the service insertion rule in a route table associated with a subnet interface [par 0104, 0105, A flow entry includes Match Fields, which prescribe matching rules to be matched against information (e.g., destination IP address, VLAN ID, and the like) included in a header of a packet received by the Switch, a field (Counters) indicating statistical information on each packet flow, and an action field (Action), which prescribes packet processing methods that match the matching rules. If an entry that matches the header information in the received packet is retrieved, the OpenFlow Switch 391 processes the received packet in accordance with a processing method prescribed in the action field of the retrieved entry].
 	Before the effective filing date it would have been obvious to one of ordinary skill in the art to combine the teachings of TUMULURU and AKIYOSHI because communication system in which a logical path is configured in a network to perform communication, comprising: second gateways, which are deployed for a plurality of first gateways.

8. TUMULURU describe a non-transitory computer-readable storage medium that includes a set of instructions which, in response to execution by a processor of a network device, cause the processor to perform a method of service insertion in a public cloud environment that includes a first virtual network and a second virtual network [par 0025, 0026, Cloud computing environment 170 supports the creation of a virtual data center 180 having a plurality of virtual machines 172 instantiated to, for example, host deployed multi-tier applications. Virtual data center 180 includes one or more virtual networks 182 used to communicate between VMs 172 and managed by at least one networking gateway component (e.g., gateway 184), as well as one or more isolated internal networks 186 not connected to gateway 184. Gateway 184 (e.g., executing as a virtual machine) is configured to provide VMs 172 and other components in cloud computing environment 170 with connectivity to an external network 140 (e.g., Internet)|, wherein the method comprises: in response to receiving a first encapsulated packet from a first virtualized computing instance located in the first virtual network, par 0052, the packets may all have the same source and destination IP address in their outer headers and be placed based on RSS/RPS hashing into the same queue, which can create an undesirable bottleneck. One embodiment provides an enhancement to RPS that looks deeper in received packets at internal IP addresses rather than just IP addresses in the outer header. In one embodiment, L2 concentrator 185 determines whether a received packet is a FOU packet and, if such is the case, L2 concentrator 185 looks deeper at an IPsec outer IP address, which is used to hash and place the FOU packet in a receive queue associated with a CPU that removes the FOU header, decrypts and decapsulates the IPsec packet, and removes the GRE header]; sending, by the network device, the decapsulated packet, or generating and sending, by the network device, a second encapsulated packet that includes a second outer header and the decapsulated packet, towards a destination address of the decapsulated packet [par 0052, Doing so distributes FOU packets would otherwise hash to the same queue across different queues, thereby providing performance parallelism. In a particular embodiment, the hash on the IPsec outer IP address may include computing the outer IP address modulo a number of available CPUs or cores. After CPUs or cores 460.sub.i process packets, the packets are sent to respective transmit queues 470.sub.i for transmission over a cloud-side network to which L2 concentrator 185 is connected].
 	TUMULURU fail to show based on one or more characteristics of the decapsulated packet, identifying, by the network device, a service path specified by a 
 	In an analogous art AKIYOSHI show based on one or more characteristics of the decapsulated packet, identifying, by the network device, a service path specified by a service insertion rule [par 0079, The packet forward section 12, in accordance with the packet forward rule, can exchange information related to the logical path termination processing with the logical path module 11 concurrently with packet forwarding. Moreover, the packet forward section 12 manages the logical path module 11 as a logical port P.sub.L similarly to a physical port. That is, when a packet is received from the logical port P.sub.L, the identification information of the logical path 50 to which this packet belongs is received as metadata along with the decapsulated data packet], wherein the service path and the network device are both located in the second virtual network [par 0207, For example, the U-plane S-GWs 740-1 and 740-2 each can execute functions corresponding to the GTP-U tunnel module 511 and switch 512 illustrated in FIG. 20 by using software applications operating on Virtual Machine. The functions corresponding to the GTP-U tunnel module 511 and switch 512 are as described in the above-described second exemplary embodiment, and therefore a description thereof in the fourth exemplary embodiment will be omitted. Moreover, the configurations of the U- plane S-GWs 740-1 and 740-2 may be designed to modify information included in the outer header, not to perform decapsulation processing and encapsulation processing in combination]; sending, by the network device, the decapsulated packet to the service path to cause the service path to process the decapsulated packet according to one or more services; and in response to the network device receiving the decapsulated packet processed by the service path[par 0078, 0091, The decapsulation function section 103, when receiving a packet belonging to the logical path 50, decapsulates the received packet and then outputs the decapsulated data packet to the packet forward section 12 and also outputs the identification information of the logical path 50 included in the outer header to the packet forward section 12 as metadata. The logical path module 11, when identifying the logical path 50 based on header information in an input data packet, decapsulates the data packet and outputs the decapsulated data packet to the packet forward section 12 and also outputs metadata including the identification information of the logical path 50 to the packet forward section 12].
 	Before the effective filing date it would have been obvious to one of ordinary skill in the art to combine the teachings of TUMULURU and AKIYOSHI because communication system in which a logical path is configured in a network to perform communication, comprising: second gateways, which are deployed for a plurality of first gateways.



10. TUMULURU and AKIYOSHI demonstrate the non-transitory computer-readable storage medium of claim 8, TUMULURU fail to show wherein sending the decapsulated 
 	In an analogous art AKIYOSHI show wherein sending the decapsulated packet to the service path comprises: based on the service insertion rule, sending the decapsulated packet to a first service virtualized computing instance located on the service path in the second virtual network [par 0078, 0079, The decapsulation function section 103, when receiving a packet belonging to the logical path 50, decapsulates the received packet and then outputs the decapsulated data packet to the packet forward section 12 and also outputs the identification information of the logical path 50 included in the outer header to the packet forward section 12 as metadata. The packet forward section 12 performs packet forwarding in accordance with a packet forward rule from the control apparatus 20. The packet forward section 12, in accordance with the packet forward rule, can exchange information related to the logical path termination processing with the logical path module 11 concurrently with packet forwarding].
 	Before the effective filing date it would have been obvious to one of ordinary skill in the art to combine the teachings of TUMULURU and AKIYOSHI because communication system in which a logical path is configured in a network to perform communication, comprising: second gateways, which are deployed for a plurality of first gateways.



 	In an analogous art AKIYOSHI show wherein sending the decapsulated packet to the service path comprises: identifying that the first service virtualized computing instance is assigned with an active role based on a control-plane advertisement or a data-plane probe from the first service virtualized computing instance, wherein the first service virtualized computing instance and a second service virtualized computing instance are configured as a high availability (HA) pair[par 0206, The core system 701 includes a virtual S-GW 740 that is constructed by using software such as Virtual Machine. The virtual S-GW 740 includes a C-plane S-GW and a plurality of U-plane S- GWs 740-1 and 740-2 that correspond to the plurality of P-GWs 720-1 and 720-2, respectively. For example, the virtual S-GW 740 is constructed by activating software such as Virtual Machine on a server or general communication equipment. The C-plane S-GW 730 may be an apparatus different from an apparatus on which the virtual S-GW 740 is constructed. Moreover, it is also possible that the C-plane S-GW 730 is constructed by using software such as Virtual Machine on the apparatus on which the virtual S-GW 740 is constructed].


12. TUMULURU and AKIYOSHI defines the non-transitory computer-readable storage medium of claim 8, TUMULURU fail to show wherein sending the decapsulated packet towards the destination address comprises: sending the decapsulated packet towards the destination address associated with a destination located in an external network, wherein the network device connects the first virtualized computing instance to the external network.
 	In an analogous art AKIYOSHI show wherein sending the decapsulated packet towards the destination address comprises: sending the decapsulated packet towards the destination address associated with a destination located in an external network, wherein the network device connects the first virtualized computing instance to the external network [par 0059, 02444, If the logical path 50 is constructed in multiple stages in a cascaded manner, not a combination of decapsulating processing and encapsulating processing but a modification to information included in the outer header may be performed. Examples of the information to be modified include, but are not limited to, information for identifying a logical path included in the outer header, such as source and destination IP addresses and a Tunneling Endpoint Identifier (TEID). The U- plane S-GW 740-2 forwards a packet to the IPsec function 7712. The IPsec function 7712 encrypts the packet. The IPsec function 7712 determines which of the [Psec GWs 780-1 and 780-2 the packet is forwarded to, based on the destination IP address of the packet. If the destination IP address is IP address (A), which is the address of the virtual S-GW 740]
Before the effective filing date it would have been obvious to one of ordinary skill in the art to combine the teachings of TUMULURU and AKIYOSHI because communication system in which a logical path is configured in a network to perform communication, comprising: second gateways, which are deployed for a plurality of first gateways.

13. TUMULURU and AKIYOSHI display the non-transitory computer-readable storage medium of claim 8, TUMULURU fail to show wherein generating the second encapsulated packet comprises: generating the second encapsulated packet by encapsulating the decapsulated packet with a second outer header, wherein the second outer header is addressed from the network device to a second virtualized computing instance located in the first virtual network.
 	In an analogous art AKIYOSHI show wherein generating the second encapsulated packet comprises: generating the second encapsulated packet by encapsulating the decapsulated packet with a second outer header, wherein the second outer header is addressed from the network device to a second virtualized computing instance located in the first virtual network[par 0078, The encapsulation function section102 performs encapsulation based on a data packet input from the packet forward section 12 and metadata including identification information for identifying the logical path 50 and sends the resultant as a packet belonging to the logical path 50. Note that it is also possible to mark the header of a packet with QoS (Quality of Service) information at the time of encapsulation. The decapsulation function section 103, when receiving a packet belonging to the logical path 50, decapsulates the received packet and then outputs the decapsulated data packet to the packet forward section 12 and also outputs the identification information of the logical path 50 included in the outer header to the packet forward section 12 as metadata].
 	Before the effective filing date it would have been obvious to one of ordinary skill in the art to combine the teachings of TUMULURU and AKIYOSHI because communication system in which a logical path is configured in a network to perform communication, comprising: second gateways, which are deployed for a plurality of first gateways

14. TUMULURU and AKIYOSHI provides the non-transitory computer-readable storage medium of claim 8, TUMULURU fail to show wherein the method further comprises: prior to receiving the first encapsulated packet, configuring the service insertion rule in a route table associated with a subnet interface.
 	In an analogous art AKIYOSHI show wherein the method further comprises: prior to receiving the first encapsulated packet, configuring the service insertion rule in a route table associated with a subnet interface[par 0104, 0105, A flow entry includes Match Fields, which prescribe matching rules to be matched against information (e.g., destination IP address, VLAN ID, and the like) included in a header of a packet received by the Switch, a field (Counters) indicating statistical information on each packet flow, and an action field (Action), which prescribes packet processing methods that match the matching rules. If an entry that matches the header information in the received packet is retrieved, the OpenFlow Switch 391 processes the received packet in accordance with a processing method prescribed in the action field of the retrieved entry].
 	Before the effective filing date it would have been obvious to one of ordinary skill in the art to combine the teachings of TUMULURU and AKIYOSHI because communication system in which a logical path is configured in a network to perform communication, comprising: second gateways, which are deployed for a plurality of first gateways.

15. TUMULURU provide a computer system configured to perform service insertion in a public cloud environment that includes a first virtual network and a second virtual network, wherein the computer system comprises: a processor; and a non-transitory computer-readable medium having stored thereon instructions that, when executed by the processor[par 0006, 0025, 0026, Cloud computing environment 170 supports the creation of a virtual data center 180 having a plurality of virtual machines 172 instantiated to, for example, host deployed multi-tier applications. Virtual data center 180 includes one or more virtual networks 182 used to communicate between VMs 172 and managed by at least one networking gateway component (e.g., gateway 184), as well as one or more isolated internal networks 186 not connected to gateway 184. Gateway 184 (e.g., executing as a virtual machine) is configured to provide VMs 172 and other components in cloud computing environment 170 with connectivity to an external network 140 (e.g., Internet)], cause the processor: in response to receiving a first encapsulated packet from a first virtualized computing instance located in the first virtual network, generate a decapsulated packet by performing decapsulation to remove, from the first encapsulated packet, a first outer header that is addressed from the first virtualized computing instance to the computer system [par 0052, the packets may all have the same source and destination IP address in their outer headers and be placed based on RSS/RPS hashing into the same queue, which can create an undesirable bottleneck. One embodiment provides an enhancement to RPS that looks deeper in received packets at internal IP addresses rather than just IP addresses in the outer header. In one embodiment, L2 concentrator 185 determines whether a received packet is a FOU packet and, if such is the case, L2 concentrator 185 looks deeper at an IPsec outer IP address, which is used to hash and place the FOU packet in a receive queue associated with a CPU that removes the FOU header, decrypts and decapsulates the IPsec packet, and removes the GRE header]; send the decapsulated packet, or generating and send a second encapsulated packet that includes a second outer header and the decapsulated packet, towards a destination address of the decapsulated packet [par 0052, Doing so distributes FOU packets would otherwise hash to the same queue across different queues, thereby providing performance parallelism. In a particular embodiment, the hash on the IPsec outer IP address may include computing the outer IP address modulo a number of available CPUs or cores. After CPUs or cores 460.sub.i process packets, the packets are sent to respective transmit queues 470.sub.i for transmission over a cloud-side network to which L2 concentrator 185 is connected].

 	In an analogous art AKIYOSHI show based on one or more characteristics of the decapsulated packet, identify a service path specified by a service insertion rule[par 0079, The packet forward section 12, in accordance with the packet forward rule, can exchange information related to the logical path termination processing with the logical path module 11 concurrently with packet forwarding. Moreover, the packet forward section 12 manages the logical path module 11 as a logical port P.sub.L similarly to a physical port. That is, when a packet is received from the logical port P.sub.L, the identification information of the logical path 50 to which this packet belongs is received as metadata along with the decapsulated data packet], wherein the service path and the computer system are both located in the second virtual network [par 0207, For example, the U-plane S-GWs 740-1 and 740-2 each can execute functions corresponding to the GTP-U tunnel module 511 and switch 512 illustrated in FIG. 20 by using software applications operating on Virtual Machine. The functions corresponding to the GTP-U tunnel module 511 and switch 512 are as described in the above-described second exemplary embodiment, and therefore a description thereof in the fourth exemplary embodiment will be omitted. Moreover, the configurations of the U-plane S-GWs 740-1 and 740-2 may be designed to modify information included in the outer header, not to perform decapsulation processing and encapsulation processing in combination]; send the decapsulated packet to the service path to cause the service path to process the decapsulated packet according to one or more services; and in response to the computer system receiving the decapsulated packet processed by the service path[par 0078, 0091, The decapsulation function section 103, when receiving a packet belonging to the logical path 50, decapsulates the received packet and then outputs the decapsulated data packet to the packet forward section 12 and also outputs the identification information of the logical path 50 included in the outer header to the packet forward section 12 as metadata. The logical path module 11, when identifying the logical path 50 based on header information in an input data packet, decapsulates the data packet and outputs the decapsulated data packet to the packet forward section 12 and also outputs metadata including the identification information of the logical path 50 to the packet forward section 12].
 	Before the effective filing date it would have been obvious to one of ordinary skill in the art to combine the teachings of TUMULURU and AKIYOSHI because communication system in which a logical path is configured in a network to perform communication, comprising: second gateways, which are deployed for a plurality of first gateways.


17. TUMULURU and AKIYOSHI create the computer system of claim 15, TUMULURU fail to show wherein the instructions for send the decapsulated packet to the service path cause the processor to: based on the service insertion rule, send the decapsulated 
 	In an analogous art AKIYOSHI show wherein the instructions for send the decapsulated packet to the service path cause the processor to: based on the service insertion rule, send the decapsulated packet to a first service virtualized computing instance located on the service path in the second virtual network[par 0078, 0079, The decapsulation function section 103, when receiving a packet belonging to the logical path 50, decapsulates the received packet and then outputs the decapsulated data packet to the packet forward section 12 and also outputs the identification information of the logical path 50 included in the outer header to the packet forward section 12 as metadata. The packet forward section 12 performs packet forwarding in accordance with a packet forward rule from the control apparatus 20. The packet forward section 12, in accordance with the packet forward rule, can exchange information related to the logical path termination processing with the logical path module 11 concurrently with packet forwarding].
 	Before the effective filing date it would have been obvious to one of ordinary skill in the art to combine the teachings of TUMULURU and AKIYOSHI because communication system in which a logical path is configured in a network to perform communication, comprising: second gateways, which are deployed for a plurality of first gateways.

18. TUMULURU and AKIYOSHI reveal the computer system of claim 17, TUMULURU fail to show wherein the instructions for send the decapsulated packet to the service 
 	In an analogous art AKIYOSHI show wherein the instructions for send the decapsulated packet to the service path cause the processor to: identify that the first service virtualized computing instance is assigned with an active role based on a control-plane advertisement or a data-plane probe from the first service virtualized computing instance, wherein the first service virtualized computing instance and a second service virtualized computing instance are configured as a high availability (HA) pair [par 0078, 0079, The decapsulation function section 103, when receiving a packet belonging to the logical path 50, decapsulates the received packet and then outputs the decapsulated data packet to the packet forward section 12 and also outputs the identification information of the logical path 50 included in the outer header to the packet forward section 12 as metadata. The packet forward section 12 performs packet forwarding in accordance with a packet forward rule from the control apparatus 20. The packet forward section 12, in accordance with the packet forward rule, can exchange information related to the logical path termination processing with the logical path module 11 concurrently with packet forwarding].
 	Before the effective filing date it would have been obvious to one of ordinary skill in the art to combine the teachings of TUMULURU and AKIYOSHI because communication system in which a logical path is configured in a network to perform 

19. TUMULURU and AKIYOSHI illustrate the computer system of claim 15, TUMULURU fail to shows wherein the instructions for send the decapsulated packet towards the destination address cause the processor to: send the decapsulated packet towards the destination address associated with a destination located in an external network, wherein the computer system connects the first virtualized computing instance to the external network.
 	In an analogous art AKIYOSHI shows wherein the instructions for send the decapsulated packet towards the destination address cause the processor to: send the decapsulated packet towards the destination address associated with a destination located in an external network, wherein the computer system connects the first virtualized computing instance to the external network[par 0059, 0244, If the logical path 50 is constructed in multiple stages in a cascaded manner, not a combination of decapsulating processing and encapsulating processing but a modification to information included in the outer header may be performed. Examples of the information to be modified include, but are not limited to, information for identifying a logical path included in the outer header, such as source and destination IP addresses and a Tunneling Endpoint Identifier (TEID). The U-plane S-GW 740-2 forwards a packet to the IPsec function 7712. The IPsec function 7712 encrypts the packet. The IPsec function 7712 determines which of the IPsec GWs 780-1 and 780-2 the packet is forwarded to, based on the destination IP address of the packet. If the destination IP address is IP address (A), which is the address of the virtual S-GW 740]
 	Before the effective filing date it would have been obvious to one of ordinary skill in the art to combine the teachings of TUMULURU and AKIYOSHI because communication system in which a logical path is configured in a network to perform communication, comprising: second gateways, which are deployed for a plurality of first gateways.

20. TUMULURU and AKIYOSHI disclose the computer system of claim 15, TUMULURU fail to show wherein the instructions for generating the second encapsulated packet cause the processor to: generate the second encapsulated packet by encapsulating the decapsulated packet with a second outer header, wherein the second outer header is addressed from the computer system to a second virtualized computing instance located in the first virtual network.
 	In an analogous art AKIYOSHI show wherein the instructions for generating the second encapsulated packet cause the processor to: generate the second encapsulated packet by encapsulating the decapsulated packet with a second outer header, wherein the second outer header is addressed from the computer system to a second virtualized computing instance located in the first virtual network[par 0078, The encapsulation function section 102 performs encapsulation based on a data packet input from the packet forward section 12 and metadata including identification information for identifying the logical path 50 and sends the resultant as a packet belonging to the logical path 50. Note that it is also possible to mark the header of a packet with QoS (Quality of Service) information at the time of encapsulation. The decapsulation function section 103, when receiving a packet belonging to the logical path 50, decapsulates the received packet and then outputs the decapsulated data packet to the packet forward section 12 and also outputs the identification information of the logical path 50 included in the outer header to the packet forward section 12 as metadata].
 	Before the effective filing date it would have been obvious to one of ordinary skill in the art to combine the teachings of TUMULURU and AKIYOSHI because communication system in which a logical path is configured in a network to perform communication, comprising: second gateways, which are deployed for a plurality of first gateways

21. TUMULURU and AKIYOSHI provide the computer system of claim 15, TUMULURU fail to show wherein the instructions further cause the processor to: prior to receiving the first encapsulated packet, configure the service insertion rule in a route table associated with a subnet interface.
 	In an analogous art AKIYOSHI show wherein the instructions further cause the processor to: prior to receiving the first encapsulated packet, configure the service insertion rule in a route table associated with a subnet interface[par 0104, 0105, A flow entry includes Match Fields, which prescribe matching rules to be matched against information (e.g., destination IP address, VLAN ID, and the like) included in a header of a packet received by the Switch, a field (Counters) indicating statistical information on each packet flow, and an action field (Action), which prescribes packet processing methods that match the matching rules. If an entry that matches the header information in the received packet is retrieved, the OpenFlow Switch 391 processes the received packet in accordance with a processing method prescribed in the action field of the retrieved entry].
 	Before the effective filing date it would have been obvious to one of ordinary skill in the art to combine the teachings of TUMULURU and AKIYOSHI because communication system in which a logical path is configured in a network to perform communication, comprising: second gateways, which are deployed for a plurality of first gateways.

5. 	Claims 2, 9, 16is/are rejected under 35 U.S.C. 103 as being unpatentable over TUMULURU et al. (U.S. Pub No.2018/0069924 A1) in view of AKIYOSHI (U.S. Pub No. 2016/0157274 A1) in further view of Johnson et al. (U.S. Pub No. 2019/0392070 A1).


2. TUMULURU and AKIYOSHI disclose the method of claim 1, TUMULURU and AKIYOSHI fail to show wherein identifying the service path comprises: matching the destination address in the decapsulated packet to a first classless inter-domain routing (CIDR) block specified by the service insertion rule, wherein the first virtual network is associated with the first CIDR block and the second virtual network is associated with a second CIDR block.
 	In an analogous art Johnson show wherein identifying the service path comprises: matching the destination address in the decapsulated packet to a first classless inter-domain routing (CIDR) block specified by the service insertion rule, par 0110, address. These types have many representations, one of which is the concrete type Cidr. Therefore both IPv4_ address and IPv6 address have mappings to Cidr types with appropriate constraints (if available on the Cidr type). The symbol type IP_ address also has a mapping to the concrete type Cidr, and all of the Cidr types have mappings to the carrier tyoe Postgres -cidr. However there are many possible representations of IP_ address, one of which is jp_ address, which is a composite struct type consisting of a bool and an array of 16 bytes. The symbol types bool and byte have further mappings].
 	Before the effective filing date it would have been obvious to one of ordinary skill in the art to combine the teachings of TUMULURU, AKIYOSHI and Johnson because this provides an integrated cloud environment the dynamic cloud capabilities are applied to applications-i.e., virtual network functions (VNFs)-thus applying the benefits of the cloud environment to virtual network elements.


9. TUMULURU and AKIYOSHI reveal the non-transitory computer-readable storage medium of claim 8, TUMULURU and AKIYOSHI fail to show wherein identifying the service path comprises: matching the destination address in the decapsulated packet to a first classless inter-domain routing (CIDR) block specified by the service insertion rule, wherein the first virtual network is associated with the first CIDR block and the second virtual network is associated with a second CIDR block.
par 0110, address. These types have many representations, one of which is the concrete type Cidr. Therefore both IPv4_ address and IPv6 address have mappings to Cidr types with appropriate constraints (if available on the Cidr type). The symbol type IP_ address also has a mapping to the concrete type Cidr, and all of the Cidr types have mappings to the carrier tyoe Postgres -cidr. However there are many possible representations of IP_ address, one of which is jp_ address, which is a composite struct type consisting of a bool and an array of 16 bytes. The symbol types bool and byte have further mappings].
 	Before the effective filing date it would have been obvious to one of ordinary skill in the art to combine the teachings of TUMULURU, AKIYOSHI and Johnson because this provides an integrated cloud environment the dynamic cloud capabilities are applied to applications-i.e., virtual network functions (VNFs)-thus applying the benefits of the cloud environment to virtual network elements.

16. TUMULURU and AKIYOSHI provides the computer system of claim 15, TUMULURU and AKIYOSHI fail to show wherein the instructions for identifying the service path cause the processor to: match the destination address in the decapsulated packet to a first classless inter-domain routing (CIDR) block specified by the service 
 	In an analogous art Johnson show wherein the instructions for identifying the service path cause the processor to: match the destination address in the decapsulated packet to a first classless inter-domain routing (CIDR) block specified by the service insertion rule, wherein the first virtual network is associated with the first CIDR block and the second virtual network is associated with a second CIDR block [par 0110, address. These types have many representations, one of which is the concrete type Cidr.Therefore both IPv4_ address and IPv6 address have mappings to Cidr types with appropriate constraints (if available on the Cidr type). The symbol type IP_ address also has a mapping to the concrete type Cidr, and all of the Cidr types have mappings to the carrier type Postgres -cidr. However there are many possible representations of IP_ address, one of which is ip_ address, which is a composite struct type consisting of a bool and an array of 16 bytes. The symbol types bool and byte have further mappings].
 	Before the effective filing date it would have been obvious to one of ordinary skill in the art to combine the teachings of TUMULURU, AKIYOSHI and Johnson because this provides an integrated cloud environment the dynamic cloud capabilities are applied to applications-i.e., virtual network functions (VNFs)-thus applying the benefits of the cloud environment to virtual network elements. 


Response to Arguments




Thus, it is clear that the logical path in Akiyoshi cannot teach or suggest the elements of “cause the service path to process the...packet according to one or more services [emphasis added]” as recited in claim 1. In addition, claim 1 also requires the service path to be “specified by a service insertion rule,” which is also not disclosed in Akiyoshi.

The examiner respectfully disagrees according to Akiyoshi paragraph 0052, it is shown the header of the packet header of a packet to identify a service associated with the packet and, based on the type of this service, identifies the type of the logical path.


Second, even assuming Akiyoshis logical path could correspond to the recited “service path,” Akiyoshi still cannot teach or suggest “sending, by the network device, the decapsulated packet to the service path [emphasis added]” as recited in claim 1.

The examiner respectfully disagrees in paragraph 0091, the data packet and outputs the decapsulated data packet to the packet forward section 12 and also outputs metadata including the identification information of the logical path 50 to the packet forward section. The packet forward section 12 checks the logical path identification 



Third, claim 1 also requires that “wherein the service path and the network device are both located in the second virtual network.” Akiyosh’s communication apparatus 10 including the packet forward section 12 and the logical path module 11 cannot teach or suggest these elements recited in claim 1.

The examiner respectfully disagrees Tumulru shows in paragraph 0026 shows that a gateway may provide a VPN with another endpoint within the network, which show another endpoint within the a virtual network. The rationale to modify or combine the prior art does not have to be expressly stated in the prior art; the rationale may be expressly or impliedly contained in the prior art or it may be reasoned from knowledge generally available to one of ordinary skill in the art, established scientific principles, or legal precedent established by prior case law. Please review MPEP 2144 (I.).


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON A HARLEY whose telephone number is (571)270-5435. The examiner can normally be reached 7:30-300 6:30-8:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Asad M Nawaz can be reached on (571) 272-3988. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and 





/JASON A HARLEY/Examiner, Art Unit 2468                                                                                                                                                                                                        
				/SYED ALI/                                           Primary Examiner, Art Unit 2468