DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the amendment dated on December 09, 2021.
Claims 31, 33-42 and 44-50 are allowed.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below.  Should the changes and/or additions be unacceptable to Applicant, an amendment may filed as provided by 37 CFR 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Mr. Guanyao Cheng of registration number 58,555, on December 16, 2021.  During the telephone conference, Mr. Cheng has agreed and authorized the examiner to further amend Claims 31, 33-42 and 44-50 on amendment dated on December 09, 2021.
Claims
Replacing Claims 31, 33-42 and 44-50 on the amendment dated on December 09, 2021.

Claims 1-30 (Canceled).

	receiving, by a first computing device in a plain-text portion of a first enclave behind a first inline network encryptor (INE), a data packet from a second computing device in a plain-text portion of a second enclave behind a second INE via a partitioned wide-area network (WAN);
	detecting, by the first computing device and based at least in part on contents of a header of the data packet, a network event affecting a status of the partitioned WAN;
receiving, by the first computing device in the plain-text portion of the first enclave from each of a plurality of computing devices in a respective plain-text portion of a plurality of enclaves via the partitioned WAN, status information indicative of local views of the plurality of computing devices of direct tunnels that provide point-to-point connectivity between peer enclaves over a direct WAN route, wherein a respective local view of a respective computing device of the plurality of computing devices include a list of remote enclaves from which the respective computing device has received one or more data packets over the direct tunnels within a previous period of time;
determining, by the first computing device, a global view across the partitioned WAN of the direct tunnels between the peer enclaves based at least in part on the status information received from the plurality of computing devices; and
performing, by the first computing device and based on the network event and the global view, an operation to correct the status of the partitioned WAN.

Claim 32 (Canceled).

31, further comprising:
	determining, by the first computing device, a degradation in quality of one or more of the direct tunnels between one or more of the peer enclaves based at least in part on one or more of the status information associated with the one or more of the direct tunnels; and
	in response to determining the degradation in quality of the one or more of the direct tunnels between the one or more of the peer enclaves, performing, by the first computing device, partial failover to reroute at least a portion of a data flow away from the one or more of the direct tunnels.

Claim 34 (Previously Presented):	The method of claim 31, wherein the contents of the header comprise a first timestamp, wherein the data packet comprises a first data packet, and wherein the method further comprises:
	receiving, by the first computing device, a first data flow from the second computing device via the partitioned WAN, wherein the first data flow includes the first data packet;
	receiving, by the first computing device, a second data flow from a fourth computing device in a plain-text portion of a fourth enclave via the partitioned WAN, wherein the second data flow includes a third data packet, wherein contents of a header of the third data packet comprise a second timestamp; and
	responsive to determining that a first bandwidth of the first data flow combined with a second bandwidth of the second data flow exceeds a maximum bandwidth for the first enclave:

	wherein performing the operation to correct the status of the partitioned WAN comprises responsive to determining that the network event affecting the status of the partitioned WAN is the bottleneck:
	determining, by the first computing device, a first priority of the first data flow;
	determining, by the first computing device, a second priority of the second data flow;
	comparing, by the first computing device, the first priority and the second priority;
	responsive to determining that the first priority is greater than the second priority, squelching, by the first computing device, the second data flow from the fourth computing device; and
	responsive to determining that the second priority is greater than the first priority, squelching, by the first computing device, the first data flow from the second computing device.

Claim 35 (Previously Presented):	The method of claim 34, further comprising:
	responsive to determining that the first priority is equal to the second priority:
	determining, by the first computing device, a first time indicated by the first timestamp;

	comparing, by the first computing device, the first time and the second time;
	responsive to determining that the first time is earlier than the second time, squelching, by the first computing device, the second data flow from the fourth computing device; and
	responsive to determining that the second time is earlier than the first time, squelching, by the first computing device, the first data flow from the second computing device.

Claim 36 (Previously Presented):	The method of claim 34, wherein squelching the first data flow comprises:
	sending, by the first computing device, a fourth data packet to the second computing device, wherein the fourth data packet includes an indication for the second computing device to cease sending the first data flow to the first computing device; and
	responsive to determining that the fourth computing device has completed sending the second data flow to the first computing device, sending, by the first computing device, a fifth data packet to the second computing device, wherein the fifth data packet includes an indication for the second computing device to resume sending the first data flow to the first computing device.


	receiving, by the first computing device, a bulk data transfer from the second computing device;
	receiving, by the first computing device, a data flow from the second computing device, wherein the data packet is associated with the data flow, and wherein the timestamp indicates a time at which the data packet was sent by the second computing device;
	determining, by the first computing device and based at least in part on the timestamp of the data packet, a delay for the data flow;
	responsive to determining that the delay for the data flow is above a threshold delay:
	determining, by the first computing device, that the network event affecting the status of the partitioned WAN is a performance latency;
	sending, by the first computing device, a third data packet to the second computing device, wherein the third data packet comprises an indication for the second computing device to re-route the data flow through a fourth computing device in a plain-text portion of a fourth enclave; and
	receiving, by the first computing device, the data flow from the fourth computing device.

	receiving, by the first computing device, a data flow from the second computing device, wherein the data flow includes the first data packet;
	determining, by the first computing device, a first delay for the data flow;
	responsive to determining that the first delay exceeds a threshold delay, determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device, that the first computing device is connected to a fourth computing device in a plain-text portion of a fourth enclave;
	sending, by the first computing device, a third data packet to the second computing device, wherein the third data packet comprises an indication for the second computing device to send the data flow to the first computing device via the fourth computing device;
	receiving, by the first computing device, the data flow from the fourth computing device;
	determining, by the first computing device, a second delay for the data flow;
	responsive to determining that the second delay does not exceed the threshold delay, continuing, by the first computing device, to receive the data flow from the fourth computing device; and
	responsive to determining that the second delay exceeds the threshold delay:

	initiating, by the first computing device, a filtering process to resolve the packet flooding attack.

Claim 39 (Previously Presented):	The method of claim 31, wherein the contents of the header comprise  a connection state, wherein the method further comprises:
	determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device, a multi-hop route between the first enclave and the second enclave, wherein the multi-hop route comprises a sequence of one or more connected enclaves that connect the first enclave to the second enclave;
	sending, by the first computing device, a deadline-critical data flow directly to the second computing device; and
	simultaneously sending, by the first computing device, the deadline-critical data flow to the second computing device via the multi-hop route.

Claim 40 (Previously Presented):	The method of claim 31, wherein the contents of the header comprise  a priority of  an associated data flow to the second enclave, wherein the associated data flow is part of a multicast stream originating in the first enclave, wherein the method further comprises:

	determining, by the first computing device, a total bandwidth usage for the multicast stream, wherein the total bandwidth usage comprises a sum of the respective bandwidth usage for each of the respective data flows;
	responsive to determining that the total bandwidth usage for the multicast stream is greater than an available outgoing bandwidth for the first enclave:	
	squelching, by the first computing device and based at least in part on the respective priority of the respective associated data flow to each of the one or more additional enclaves and the second enclave, respective data flows with  a lowest respective priorities until the total bandwidth usage for the multicast stream is less than or equal to an available outgoing bandwidth; and
	upon the first computing device completing a transmission of a respective data flow, reactivating, by the first computing device, the previously squelched data flow with  a highest respective priority.

Claim 41 (Previously Presented):	The method of claim 31, further comprising:

wherein performing, by the first computing device and based on the network event, the operation to correct the status of the partitioned WAN comprises:
determining, by the first computing device, that the second computing device is connected to the third computing device in a plain-text portion of a third enclave, wherein the third enclave communicates with the first enclave and the second enclave via the partitioned WAN;
sending, by the first computing device, a second data packet to the second computing device, wherein the second data packet comprises an indication for the second computing device to receive the expected data flow from the third computing device and to send the expected data flow to the first computing device; and
receiving, by the first computing device and from the second computing device, the expected data flow that was received by the second computing device from the third computing device.

Claim 42 (Currently Amended):	A first computing device positioned in a plain-text portion of a first enclave behind a first inline network encryptor (INE), the first computing device comprising:

	one or more hardware processors configured to:
	receive a data packet from a second computing device in a plain-text portion of a second enclave behind a second INE via the partitioned WAN;
	detecting, based at least in part on contents of a header of the data packet, a network event affecting a status of the partitioned WAN;
receive, from each of a plurality of computing devices in a respective plain-text portion of a plurality of enclaves via the partitioned WAN, status information indicative of local views of the plurality of computing devices of direct tunnels that provide point-to-point connectivity between peer enclaves over a direct WAN route, wherein a respective local view of a respective computing device of the plurality of computing devices include a list of remote enclaves from which the respective computing device has received one or more data packets over the direct tunnels within a previous period of time;
determine a global view across the partitioned WAN of the direct tunnels between the peer enclaves based at least in part on the status information received from the plurality of computing devices; and
perform, based on the network event and the global view, an operation to correct the status of the partitioned WAN.



Claim 44 (Currently Amended):	The first computing device of claim [[43]] 42, wherein the one or more processors are further configured to:
	determine a degradation in quality of one or more of the direct tunnels between one or more of the peer enclaves based at least in part on one or more of the status information associated with the one or more of the direct tunnels; and
	in response to determining the degradation in quality of the one or more of the direct tunnels between the one or more of the peer enclaves, perform partial failover to reroute at least a portion of a data flow away from the one or more of the direct tunnels.

Claim 45 (Previously Presented):	The first computing device of claim 42, wherein the contents of the header comprise a first timestamp, wherein the data packet comprises a first data packet, and wherein the one or more processors are further configured to:
	receive a first data flow from the second computing device via the partitioned WAN, wherein the first data flow includes the first data packet;
	receive a second data flow from a fourth computing device in a plain-text portion of a fourth enclave via the partitioned WAN, wherein the second data flow includes a third data packet, wherein contents of a header of the third data packet comprise a second timestamp;
	responsive to determining that a first bandwidth of the first data flow combined with a second bandwidth of the second data flow exceeds a maximum bandwidth for the first enclave:

	responsive to determining that the network event affecting the status of the partitioned WAN is the bottleneck:
	determine a first priority of the first data flow;
	determine a second priority of the second data flow;
	compare the first priority and the second priority;
	responsive to determining that the first priority is greater than the second priority, squelch the second data flow from the fourth computing device; and
	responsive to determining that the second priority is greater than the first priority, squelch the first data flow from the second computing device.

Claim 46 (Previously Presented):	The first computing device of claim 45, the one or more processors are further configured to:
	responsive to determining that the first priority is equal to the second priority:
	determine a first time indicated by the first timestamp;
	determine a second time indicated by the second timestamp located in the contents of the header of the third data packet;
	compare the first time and the second time;
	responsive to determining that the first time is earlier than the second time, squelch the second data flow from the fourth computing device; and


Claim 47 (Previously Presented):	The first computing device of claim 46, wherein the one or more processors being configured to squelch the first data flow comprises the one or more processors being configured to:
	send a fourth data packet to the second computing device, wherein the third fourth data packet includes an indication for the second computing device to cease sending the first data flow to the first computing device; and
	responsive to determining that the fourth computing device has completed sending the second data flow to the first computing device, send a fifth data packet to the second computing device, wherein the fifth data packet includes an indication for the second computing device to resume sending the first data flow to the first computing device.


	receive a data flow from the second computing device, wherein the data flow includes the first data packet;
	determine a first delay for the data flow;
	responsive to determining that the first delay exceeds a threshold delay, determine, based at least in part on the connection state in the data packet received from the second computing device, that the first computing device is connected to a fourth computing device in a plain-text portion of a fourth enclave;
	send a third data packet to the second computing device, wherein the third data packet comprises an indication for the second computing device to send the data flow to the first computing device via the fourth computing device;
	receive the data flow from the fourth computing device;
	determine a second delay for the data flow;
	responsive to determining that the second delay does not exceed the threshold delay, continue to receive the data flow from the fourth computing device; and
	responsive to determining that the second delay exceeds the threshold delay:
	determine that the network event affecting the status of the partitioned WAN is a packet flooding attack on the first enclave; and
	initiate a filtering process to resolve the packet flooding attack.


	receive an additional data packet from each of one or more additional enclaves, wherein respective contents of a respective header of the respective additional data packet comprise a respective priority of a respective associated data flow to the respective enclave of the one or more additional enclaves, wherein each respective associated data flow is part of the multicast stream originating in the first enclave, and wherein each associated data flow has a same bandwidth usage;
	determine a total bandwidth usage for the multicast stream, wherein the total bandwidth usage comprises a sum of the respective bandwidth usage for each of the respective data flows;
	responsive to determining that the total bandwidth usage for the multicast stream is greater than an available outgoing bandwidth for the first enclave:
	squelch, based at least in part on the respective priority of the respective associated data flow to each of the one or more additional enclaves and the second enclave, respective data flows with  a lowest respective priorities until the total bandwidth usage for the multicast stream is less than or equal to an available outgoing bandwidth; and
	upon the first computing device completing a transmission of a respective data flow, reactivate the previously squelched data flow with  a highest respective priority.

Claim 50 (Previously Presented):	A non-transitory computer-readable storage medium storing instructions that, when executed, cause one or more processors of a first computing device positioned in a plain-text portion of a first enclave behind a first inline network encryptor (INE) to:
	receive a data packet from a second computing device in a plain-text portion of a second enclave behind a second INE via a partitioned wide-area network (WAN);
	detecting, based at least in part on contents of a header of the data packet, a network event affecting a status of the partitioned WAN, wherein  a connection state indicates connection states between the second enclave and each of the other enclaves in  a plurality of enclaves;
receive, from each of a plurality of computing devices in a respective plain-text portion of a plurality of enclaves via the partitioned WAN, status information indicative of local views of the plurality of computing devices of direct tunnels that provide point-to-point connectivity between peer enclaves over a direct WAN route, wherein a respective local view of a respective computing device of the plurality of computing devices include a list of remote enclaves from which the respective computing device has received one or more data packets over the direct tunnels within a previous period of time;
	determine a global view across the partitioned WAN of the direct tunnels between the peer enclaves based at least in part on the status information received from the plurality of computing devices; and
	perform, based on the network event affecting the status of the partitioned WAN and the global view, an operation to correct the status of the partitioned WAN.
Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance.
Independent Claim 1 is allowable based on the amendment presented on December 09, 2021, and the examiner’s amendment dated on December 16, 2021.
Specifically, the independent Claim 31 now recites limitations as follows:

“A method comprising: receiving, by a first computing device in a plain-text portion of a first enclave behind a first inline network encryptor (INE), a data packet from a second computing device in a plain- text portion of a second enclave behind a second INE via a partitioned wide-area network (WAN); detecting, by the first computing device and based at least in part on contents of a header of the data packet, a network event affecting a status of the partitioned WAN; receiving, by the first computing device in the plain-text portion of the first enclave from each of a plurality of computing devices in a respective plain-text portion of a plurality of enclaves via the partitioned WAN, status information indicative of local views of the plurality of computing devices of direct tunnels that provide point-to-point connectivity between peer enclaves over a direct WAN route, wherein a respective local view of a respective computing device of the plurality of computing devices include a list of remote enclaves from which the respective computing device has received one or more data packets over the direct tunnels within a previous period of time; determining, by the first computing device, a global view across the partitioned WAN of the direct tunnels between the peer enclaves based at least in part on the status information received from the plurality of computing devices; and performing, by the first computing device and based on the network event and the global view, an operation to correct the status of the partitioned WAN”.

The cited reference Brewer, JR. et al. (US PGPUB. # US 2010/0091650), discloses, a first computing device receives a data packet. The first computing device is behind a network encryptor. (Fig. 1 (30, 32). Brewer discloses, a communication network 16 may include a router 30 (indicated as "RTR" in FIG. 1) coupled for serving installations in third communication network 16 (not shown in detail in FIG. 1). Router 30 may be coupled with second communication network 14 via an interface unit 32. Interface unit 32 may be configured for performing a plurality of functions including, by way of example and not by way of limitation, altering encoding of information received in a communication composed in a third encoding scheme at a third locus 33 to express the received communication in the second encoding scheme for presentation at a fourth locus 35. Interface unit 32 may also operate to alter encoding of information received in a communication composed in the second encoding scheme at fourth locus 35 to express the received communication in the third encoding scheme for presentation at third locus 33. Such a coding-decoding capability may permit interface unit 32 to establish, by way of example and not by way of limitation, that ciphered (i.e., encrypted) text may be presented at fourth locus 35 for handling by second communication network 14, and plain text may be presented at (¶18). The data packet is received from a second computing device in a plain text portion and the second computing device is behind a second network encryptor. (Fig. 1(20, 23). First communication network 12 may include a router 20 (indicated as "RTR" in FIG. 1) coupled for serving installations in first communication network 12 (not shown in detail in FIG. 1). Router 20 may be coupled with second communication network 14 via an interface unit 22. Interface unit 22 may be configured for performing a plurality of functions including, by way of example and not by way of limitation, altering encoding of information received in a communication composed in a first encoding scheme at a first locus 23 to express the received communication in a second encoding scheme for presentation at a second locus 25. Interface unit 22 may also operate to alter encoding of information received in a communication composed in the second encoding scheme at second locus 25 to express the received communication in the first encoding scheme for presentation at first locus 23. Such a coding-decoding capability may permit interface unit 22 to establish, by way of example and not by way of limitation, that ciphered (i.e., encrypted) text may be presented at second locus 25 for handling by (¶17).
The reference by Milescu et al. (US PGPUB. # US 2018/0248714) discloses, a CTM logic 150 is configured to capture flow data from multipath proxy logic 140. The flow data may be associated with a network traffic flow. The network traffic flow may be received and/or transmitted via communication interface 134 and network interface(s) 135a and/or 135b. The flow data may be associated with each connection and/or each subflow associated with a connection. Flow data may include, but is not limited to, information included in a packet header (e.g., source address, destination address, source port, destination port, time information (e.g., a timestamp, a time to live), sequence information), traffic class (i.e., traffic type), send and receive buffer states and/or congestion information. Flow data may further include multipath flow data. Multipath flow data may include, but is not limited to, subflow sequence number, a data (i.e., global) sequence number that may be used to reassemble data from one or more subflows into one flow, a checksum, etc. The CTM logic 150 is configured to identify a network traffic flow and/or a subflow based, at least in part, on the captured flow data. For example, a network traffic flow and/or a subflow may be identified based, at least in part, on header data including, for example, source and/or destination address and/or a port identifier. (¶32). Flow data may be captured at operation 204. For example, flow data may be captured from multipath proxy logic 140 by (Fig. 2(208), ¶39). The CTM logic 150 may then be configured to select a traffic management policy related to the identified network traffic flow. The traffic management policy may be selected from policy store 152. The traffic policy may be selected based, at least in part, on a selected subflow identifier and/or the determined throughput and/or RTT. The CTM logic 150 may then be configured to trigger implementation of the selected traffic policy. For example, the implementation may be triggered by constraining an allowable throughput (i.e., allowable bandwidth) on one or more subflows associated with a selected connection. In another example, the implementation may be triggered by restricting a flow and/or subflow to packets associated with a selected traffic class. (¶34). Thus by moving the 
The reference by Klincewicz et al. (US PGPB. # US 2016/0099865) discloses, the example system 100 of FIG. 1 also includes an example centralized rerouting controller 120 to implement one or more example tunnel traffic rerouting solutions according to the teachings of this disclosure. In the illustrated example, the centralized rerouting controller 120 monitors the state of the network 105 by receiving state information reported from the routers 110A-F in the network. To facilitate such monitoring, the system 100 is in communication with the routers 110A-F via respective example communication links 125A-F. The example communication links 115A-J may be implemented by any type(s), number(s) and/or combination(s) wireless communication links, wired communication links, optical communication links, etc. Additionally or alternatively, the communication links 125A-F may be implemented by one or more physical links, logical links, virtual links, etc., in one or more wireless communication networks, wired communication networks, optical communication networks, etc. As used herein, the phrase “in communication,” including variances thereof, encompasses direct communication and/or indirect communication through one or more intermediary components and does not require direct physical (e.g., wired) communication and/or constant communication, but rather additionally includes selective communication at periodic or aperiodic intervals, as well (Fig. 1(110A, 110B, 110C, 110D, 110E, 110F), ¶32). The centralized tunnel rerouting procedure performed by the centralized rerouting controller 120 includes performing an initialization procedure in which different possible values of a maximum tunnel size is specified. Then, the centralized rerouting controller 120 performs several iterations of the centralized tunnel rerouting procedure to determine different sets of target tunnels and associated paths using different values of the maximum tunnel size. During a given processing iteration, the value of the maximum tunnel size specifies the largest tunnel size to be considered by the centralized rerouting controller 120 when determining a tunnel between a pair of endpoint routers. Depending on the particular maximum tunnel size being considered during a given processing iteration, the centralized rerouting controller 120 may establish one or several tunnels between a pair of routers to support the volume of traffic expected for a particular class of service (e.g., as determined from the network state information reported by the routers 110A-F). In some examples, different sets of tunnels are used to carry different classes of service between a pair of routers. Thus, during a first iteration of an example tunnel determination process performed by the centralized rerouting controller 120, the centralized rerouting controller 120 determines an overall set of target tunnels based on (1) a first maximum tunnel size to be considered (e.g., which may be the largest of the specified maximum tunnel sizes) and (2) the traffic load between router pairs in the network for the different (¶35). 
Halme et al. (US PGPUB. # US 2002/0097724) discloses, a network element cluster having a plurality of nodes distribution decisions are determined (255) on the basis of certain field(s) of data packets according to predetermined criteria, and data packets are distributed (251) to nodes of the network element cluster according to the distribution decisions. Data packets are processed (252) said nodes of the network element cluster, and the processing involves selecting (253) at least partly arbitrary value(s) for at least one of the field(s) of at least one data packet. Such value(s) are selected (256) for at least one of said certain field(s) of a third data packet, that distribution decisions determined according to the predetermined criteria for a plurality of first data packets and a plurality of second data packets are the same, said pluralities of first and second data packets belonging to a first set of data packets and said third data packet being related to said first set of data packets. (Abstract).
Mathews et al. (US PAT. # US 7,111,072) discloses, a flexible, scalable hardware and software platform that allows a service provider to easily provide internet services, virtual private network services, firewall services, etc., to a plurality of customers. One aspect provides a method and system for delivering security services. This includes connecting a plurality of processors in a ring configuration within a first processing system, establishing a secure connection between the processors in the ring (Abstract).
Labonte et al. (US PGPUB. # US 2016/0301618) discloses, a method for managing port bandwidth in network devices. The method includes determining a first and a second ingress bandwidth of a first and a second network chip, respectively, determining an egress bandwidth of an egress port of a third network chip, determining a first and a second weight for the first and the second network chip, respectively, where the first and the second weight are determined based on a bandwidth including the first and second ingress bandwidth, processing a first data packet, received by a first ingress port administrated by the first network chip, based on the first weight and the egress bandwidth, and processing a second data packet, received by a second ingress port administrated by the second network chip, based on the second weight, and the egress bandwidth, where the destination of the first and the second data packet is the egress port. (Abstract).
Shake et al. (US PGPUB. # US 2008/0279181) discloses, a packet transfer method in a network apparatus that transfers packets is disclosed. In the packet transfer method, a sending side apparatus generates two copies of a send packet, provides a sequence number identifying the same sending sequence to each of the copied packets, provides an identifier corresponding to a send/receive pair to each of the copied packets to send the packets, and a receiving side apparatus receives each of the packets with two receiving units; recognizes the identifiers each corresponding to a send/receive pair; identifies packets having the same information and the sequence based on the sequence number when the identifiers are the same; selects one of the packets of the same sequence so as to send the packet downstream, and discards another packet, wherein, when only one of the packets of the same sequence arrives, the arriving packet is sent downstream. (Abstract).
Hoy et al. (US PGPUB. # US 2017/0171158) discloses, a method, apparatus and computer program product manage a plurality of VPN tunnels between a first cloud and a second cloud in a hybrid cloud environment is described. A method in a first VPN agent manages a first VPN tunnel in a plurality of VPN tunnels between a first cloud and a second cloud in a hybrid cloud environment. The VPN agent receives a request from a VPN manager. The request includes a first set of requirements for the first VPN tunnel in the plurality of VPN tunnels. The VPN agent creates the first VPN tunnel according to the first set of (Abstract).
However, each of the cited references or reference from the updated search, at least, fails to teach or suggest the limitations regarding “…..wherein a respective local view of a respective computing device of the plurality of computing devices include a list of remote enclaves from which the respective computing device has received one or more data packets over the direct tunnels within a previous period of time; determining, by the first computing device, a global view across the partitioned WAN of the direct tunnels between the peer enclaves based at least in part on the status information received from the plurality of computing devices…”, in combination with the rest of the limitations recited in the independent claim(s).

None of the previous cited prior art references or reference(s) from the updated search yield any specific references that would reasonably, either singularly or in combination with previous cited reference, result a reasonable and proper rejection for each of the cited feature limitations of the independent claim 31 under 35 U.S.C. 102 or 35 U.S.C. 103 with proper motivation.
Claims 42 is a device claim of above method claim 31 and Claim 50 is a non-transitory computer-readable storage medium claim of above method claim 31, and therefore, they are also allowed.
Claims 33-41 depend on the allowed claim 31, and therefore, they are also allowed.
Claims 44-49 depend on the allowed claim 42, and therefore, they are also allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/DARSHAN I DHRUV/Primary Examiner, Art Unit 2498