Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is the initial office action has been issued in response to patent application, 16/717224, filed on 17 December 2019.  Claims 1-18, as originally filed, are currently pending and have been considered below.  

Information Disclosure Statement 
The information disclosure statement filed 07/13/2020 complies with the provisions of 37 CFR 1.97, 1.98 and MPEP § 609 and the information referred to therein has been considered as to the merits.  


Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.   A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).

Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).




Claims 1, 3-10, 12-15 are provisionally rejected under 35 U.S.C. 101 as claiming the same invention as that of claims 1-8, 16-20,  of co-pending application 16/916112.  

Claims 1, 3-10, 12-15:
Claims 1, 3-10, 12-15 have similar limitations as in claims 1-8, 16-20, of co-pending application 16/916112.  Although the conflicting claims are not identical; they are not patentably distinct from each other because both applications claim A method/A non-transitory computer-readable storage medium embodying a set of instructions, which when executed by one or more processors of an SDWAN controller associated with a private network, causes the one or more processors to perform a method.    Claims 1, 3-10, 12-15 are rejected under the reasons as set forth above.  


This is a provisional obviousness-type double patenting rejection because the conflicting claims have not in fact been patented.


Claims 1, 3-10, 12-15 in the instant application correspond to claims 1-8, 16-20, of co-pending application 16/916112.  Since claims 1, 3-10, 12-15 are A method/A non-transitory computer-readable storage medium embodying a set of instructions, which when executed by one or more processors of an SDWAN controller associated with a private network, causes the one or more processors to perform a method: And claims 1-8, 16-20,  of co-pending application 16/916112 are A method/A non-transitory computer-readable storage medium embodying a set of instructions, which when executed by a processing resource of a Software-Defined Wide Area Network (SDWAN) controller, causes the processing resource to, it would have been obvious to modify claims 1-8, 16-20,  of co-pending application 16/916112 to get Claims 1, 3-10, 12-15 in the instant application.



Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –




Claims 1-18 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Sundararajan et al. (US2021/0067442 A1, file date 09/04/2019).

Claims 1 and 10:
With respect to claims 1 and 10, Sundararajan et al. discloses a method/non-transitory computer-readable storage medium embodying a set of instructions (Network environment 500, Figures 5A, 5B) (Network environment 500 of interconnected SDWANs, Figure 6), which when executed by one or more processors of an SDWAN controller (e.g. an SDWAN controller for either or both the first SDWAN 602 and the second SDWAN 604, 0082) associated with a private network, causes the one or more processors to perform a method comprising:
receiving, by a Software-Defined Wide Area Network (SDWAN) controller associated with a private network (The path can be pushed, e.g. the choice of the path can be pushed, to an applicable controller, e.g. an SDWAN controller for either or both the first SDWAN 602 and the second SDWAN 604, 0082) (Figure 6, private interconnect), configuration information for each network device of a plurality of network devices of the private network (configurations can be implemented at a logical and/or hardware level based on endpoint or resource attributes, such as endpoint types and/or application groups or profiles, through a software-defined networking (SDN) framework, such configurations can define attributes and objects for classifying and processing traffic based on Endpoint Groups, Security Groups, 0055-0056), 
wherein the configuration information for a particular network device of the plurality of network devices includes a group setting and a role setting, wherein the group setting indicates a group of a plurality of groups with which the particular network device is associated (To classify traffic and implement policies, VMWARE NSX can implement security groups, which can be used to group the specific VMs (e.g., web VMs, application VMs, database VMs), 0059) (Endpoints 522 can be associated with respective Logical Groups 518. Logical Groups 518 can be logical entities containing endpoints (physical and/or logical or virtual) grouped together according to one or more attributes, 0066) (Figure 5B) (a traffic class can be defined based on one or a combination of a user group, an application group, a VPN group, a source, and a destination associated with traffic, 0083) and the role setting specifies a role of the particular network device within the group as either a hub or an edge (Leafs 504 can be, for example, provider edge devices, and/or any other type of routing or switching device, 0049-0050) (Spines 502 and Leaves 504, Figure 5A, 5B) (automatic on-boarding of edge network devices 142 (e.g., switches, routers, etc.) in an overlay network, 0030) (the SDWAN controller can program a policy onto applicable edge routers in the first and second SDWANs 602 and 604 for controlling traffic transmission through the segment routing domain 608 based on traffic class, 0084); 
based on the received configuration information, for each group of the plurality of groups, determining, by the SDWAN controller, Internet Protocol (IP) security (IPsec) (the edge network devices 142 can also securely connect to edge network devices in other sites via IPSec tunnels, 0038) (When the edge network devices 142 use a private color, they may attempt to build IPSec tunnels to other edge network devices using native, private, underlay IP addresses, If the edge network devices 142 use private colors and need NAT to communicate to other private colors, the carrier setting in the configuration can dictate whether the edge network devices 142 use private or public IP addresses, 0039) (an IPSec tunnel 306A established between TLOC 308A and 308C over the WAN transport network 160A and an IPSec tunnel 306B established between TLOC 308B and TLOC 308D over the WAN transport network 160B, 0045, Figure 3) (the network orchestrator appliance(s) 104, network management appliance(s) 122, network controller appliance(s) 132, or edge network device(s) 142 can also include one or more service-side VPNs 406, 0048); and 
directing, by the SDWAN controller, the plurality of network devices to set up IPsec tunnels (On the edge network devices 142, color can be used help to identify or distinguish an individual WAN transport tunnel, the carrier setting in the configuration can dictate whether the edge network devices 142 use private or public IP addresses, 0039), in accordance with the determined IPsec configuration information by pushing the determined IPsec configuration information to each of the plurality of network devices (The path can be pushed, e.g. the choice of the path can be pushed, to an applicable controller, e.g. an SDWAN controller for either or both the first SDWAN 602 and the second SDWAN 604. the segment routing controller can push the BSID and other applicable attributes of the path, e.g. a list of segments in the path, to the SDWAN controller. In turn, the SDWAN controller can configure the first SDWAN 602 and the second SDWAN 604 to transmit traffic through the segment routing domain 608 using the path established by the segment routing controller, the SDWAN controller can configure edge routers in the first SDWAN 602 and the second SDWAN 604 with policies to facilitate transmission of traffic through the path established by the segment routing controller through the segment routing domain 608, 0082). 

Claims 2, 11:
With respect to claims 2, 11, Sundararajan et al. discloses wherein each group of the plurality of groups comprises a cluster of a subset of the plurality of network devices, which are located in a particular geographical location (Endpoints 522 can have an address (e.g., an identity), a location (e.g., host, network segment, VRF instance, domain, etc.), one or more attributes (e.g., name, type, version, patch level, OS name, OS type, etc.), a tag (e.g., security tag), a profile, etc., Endpoints 522 can be associated with respective Logical Groups 518. Logical Groups 518 can be logical entities containing endpoints (physical and/or logical or virtual) grouped together according to one or more attributes, 0065-0066).


Claims 3, 12:
With respect to claims 3, 12, Sundararajan et al. discloses wherein the plurality of network devices are network security devices (on-boarding of edge network devices 142 (e.g., switches, routers, etc.), 0030, Figure 1) and wherein the SDWAN controller is implemented within a management appliance that manages the plurality of network devices (the network controller appliance 132 can receive routes from the edge network devices 142, process and apply any policies to them, and advertise routes to other edge network devices 142 in the overlay 0040) (Network controller appliance(s) 132, Figure 2) (an applicable controller, e.g. an SDWAN controller for either or both the first SDWAN 602 and the second SDWAN 604, 0082).

Claims 4, 13:
With respect to claims 4, 13, Sundararajan et al. discloses wherein when a network device of the plurality of network devices is powered on, the network device receives a dynamically assigned IP address from a cloud (a hierarchy of SDWANs can be created to form a network by building regional SD-WAN networks/clouds, 0005, 0072) (Network Environment 500 can include a data center, which can support and/or host a cloud environment., 0049) to establish a network connection with the SDWAN controller (On the edge network devices 142, color can be used help to identify or distinguish an individual WAN transport tunnel, When the edge network devices 142 use a private color, they may attempt to build IPSec tunnels to other edge network devices using native, private, underlay IP addresses. The public colors may be used by the edge network devices 142 to build tunnels to post-NAT IP addresses.  the carrier setting in the configuration can dictate whether the edge network devices 142 use private or public IP addresses, 0039).

Claims 5, 14:
With respect to claims 5, 14, Sundararajan et al. discloses wherein the SDWAN controller determines IPsec configuration information based on a WAN port IP address received from the network device on establishment of the network connection with the SDWAN controller (On the edge network devices 142, color can be used help to identify or distinguish an individual WAN transport tunnel, When the edge network devices 142 use a private color, they may attempt to build IPSec tunnels to other edge network devices using native, private, underlay IP addresses. The public colors may be used by the edge network devices 142 to build tunnels to post-NAT IP addresses.  the carrier setting in the configuration can dictate whether the edge network devices 142 use private or public IP addresses, 0039).

Claims 6, 15:
With respect to claims 6, 15, Sundararajan et al. discloses wherein the IP address is assigned using Dynamic Host Configuration Protocol (DHCP) (a dynamic routing protocol can be configured inside the transport VPN 402 to get appropriate next-hop information so that the control plane 130 may be established and IPSec tunnels 306 (not shown) can connect to remote sites, 0046).


Claims 7, 16:
With respect to claims 7, 16, Sundararajan et al. discloses wherein the plurality of network devices builds up a VPN in response to the directions received from the controller (a dynamic routing protocol can be configured inside the transport VPN 402 to get appropriate next-hop information so that the control plane 130 may be established and IPSec tunnels 306 (not shown) can connect to remote sites, 0046).

Claims 8, 17:
With respect to claims 8, 17, Sundararajan et al. discloses wherein the IPsec tunnels are established using any or a combination of Multiprotocol Label Switching (MPLS) links and Internet links (maintain the edge network devices 142 and links (e.g., Internet transport network 160, MPLS network 162, 4G/LTE network 164) in an underlay and overlay network, 0031) (“color” can be used to identify an individual WAN transport network, and different WAN transport networks may be assigned different colors (e.g., mpls), 0037) (The transport VPN 402 can include one or more physical or virtual network interfaces (e.g., network interfaces 410A and 410B) that respectively connect to WAN transport networks (e.g., the MPLS network 162 and the Internet transport network 160), 0046). 

Claims 9, 18:
With respect to claims 9, 18, Sundararajan et al. discloses wherein the plurality of network devices are implemented as consumer premises equipment (CPE) (The endpoints 206 can include general purpose computing devices (e.g., servers, workstations, desktop computers, etc.), mobile computing devices (e.g., laptops, tablets, mobile phones, etc.), wearable devices (e.g., watches, glasses or other head-mounted displays (HMDs), ear devices, etc.), and so forth, 0035).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure, (PTO Form 892).

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Helai Salehi whose telephone number is 571-270-7468.  The examiner can normally be reached on Monday - Friday from 9 am to 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeff Pwu, can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HELAI SALEHI/           Examiner, Art Unit 2433                

/JEFFREY C PWU/           Supervisory Patent Examiner, Art Unit 2433