Continued Examination under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 12/13/2021 has been entered.

DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/13/2021 has been considered by the examiner.

Response to arguments regarding Claim Objections
The amendment to claims 1 and 4 were received on 12/13/2021. These amendments are acceptable, and as a result, the respective claim objections made in the Final Rejection mailed on 09/14/2021 have been withdrawn.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

The application has been amended as follows:

Listing of Claims:
(Currently Amended) A method for managing a network device fabric, comprising a plurality of network devices, the method comprising:
obtaining, from a service device, a first service device policy set;
obtaining a service device unreachability semantic, which represents a fallback protocol to follow should the service device become unreachable after at least one network device rule corresponding to the first service device policy set is deployed;
examining the first service device policy set to identify a first set of qualifiers and a first traffic flow action for each policy in the first service device policy set, wherein service device policies in the first set of service device policies are ordered from most specific to least specific;
selecting a most specific service device policy of the service device policies that has not been processed to obtain a selected service device policy;
processing the selected service device policy, comprising:
deriving, from the selected service device policy, a network device rule from the corresponding first set of qualifiers and the first traffic flow action for the selected service device policy, wherein deriving the network device rule comprises:
identifying a source group and a destination group using the corresponding first set of qualifiers for the selected service device policy, and
deriving the network device rule using the source group, the destination group, and the unreachability semantic;
deploying the network device rule, wherein the deploying comprises:

determining whether each of the network devices confirms deployment of the network device rule; 
revoking, based on the determining, deployment of the network device rule at each of the network devices if any of the network devices reports failure to deploy the network device rule; and
in response to the revoking, not processing any more of the service device polices in the first set of service device policies that have not been processed,
wherein the network device rule is directed to an offload network device rule subclass, a fail-close network device rule subclass, or a redirect network device rule subclass. 

(Cancelled).

(Previously Presented) The method of claim 1, wherein the first set of qualifiers comprises an application-protocol qualifier (APQ), an intercept source qualifier (ISQ) reflecting an ANY state and an intercept destination qualifier (IDQ) reflecting the ANY state.

(Cancelled) 

(Previously Presented) The method of claim 1, wherein deploying the network device rule further comprises:
identifying a network device set that forms the network device fabric.

(Previously Presented) The method of claim 1, wherein determining whether the network device confirms deployment of the network device rule comprises:
receiving a rule commit report from the network device.

(Previously Presented) The method of claim 1, further comprising:

examining the second service device policy set to identify a second set of qualifiers and a second traffic flow action for each policy in the second service device policy set;
deriving, from each policy in the second service device policy set, a corresponding second network device rule from the corresponding second set of qualifiers and the second traffic flow action;
deploying the policies in the second service device policy set in an order from most specific to least specific.

(Previously Presented) The method of claim 7, wherein the deploying of the policies in the second service device policy set comprises:
transmitting a command to each of the network devices of the network device fabric to deploy the corresponding second network device rule;
determining whether each of the network devices confirms deployment of the corresponding second network device rule; and
revoking deployment of the corresponding second network device rule at each of the network devices if any of the network devices reports failure to deploy the corresponding second network device rule,
wherein once deployment of the policy in the second service device policy set has been revoked, remaining undeployed policies in the second service device policy set that are less specific than a revoked policy are not deployed.

(Previously Presented) The method of claim 1, further comprising:
prior to deriving the network device rule:
obtaining, from the service device, a second service device policy set;
establishing a processing prioritization based on a first specificity of the first service device policy set and a second specificity of the second service device policy set; and
based on the processing prioritization:
offloading enforcement of the second service device policy set.
(Previously Presented) The method of claim 9, wherein establishing the processing prioritization based on the first and second specificities, comprises:
examining the second service device policy set to identify at least a second set of qualifiers;
measuring the first specificity based at least on a first cardinality of the first set of qualifiers;
measuring the second specificity based at least on a second cardinality of the second set of qualifiers;
making a determination, based on the second specificity exceeding the first specificity, that the second service device policy is more specific than the first service device policy; and
establishing the processing prioritization based on the determination.

(Previously Presented) The method of claim 1, further comprising:
obtaining, from the service device, a second service device policy set;
examining the second service device policy set to identify a second set of qualifiers and a second traffic flow action;
performing a lookup on a group assignment table using the second set of qualifiers, to identify a set of groups;
deriving, from the second service device policy set, a second network device rule comprising the set of groups; and
deploying policies in the second service device policy set in an order from most specific to least specific.

(Original) The method of claim 11, wherein the second set of qualifiers comprises an intercept source qualifier (ISQ) reflecting a LISTED state and an intercept destination qualifier (IDQ) reflecting an ANY state, wherein the set of groups comprises at least one source group.

(Original) The method of claim 11, wherein the second set of qualifiers comprises an intercept source qualifier (ISQ) reflecting an ANY state and an intercept destination qualifier (IDQ) reflecting a LISTED state, wherein the set of groups comprises at least one destination group.

(Original) The method of claim 11, wherein the second set of qualifiers comprises an intercept source qualifier (ISQ) reflecting a LISTED state and an intercept destination qualifier (IDQ) reflecting the LISTED state, wherein the set of groups comprises at least one source group and at least one destination group.

(Cancelled)

(Previously Presented) The method of claim 11, further comprising:
making a determination that the deployment of the policies in the second service device policy set had succeeded; and
deriving, from the second service device policy set and based on the determination, a third network device rule comprising the set of groups and the second traffic flow action.

(Cancelled)

(Cancelled)

(Currently Amended) A system, comprising:
a network device fabric comprising a plurality of interconnected network devices;
a service device directly-connected to a network device of a plurality of network devices of the network device fabric; and
a control plane service (CPS) operatively connected to the network device fabric, and programmed to:
obtain, from a service device, a service device policy set;
obtain a service device unreachability semantic, which represents a fallback protocol to follow should the service device become unreachable after at least one network device rule corresponding to the service device policy set is deployed;
examine the service device policy set to identify a set of qualifiers and a traffic flow action for each policy in a service device policy set, wherein service device 
select a most specific service device policy of the service device policies that has not been processed to obtain a selected service device policy;
process the selected service device policy, comprising:
derive, from the selected service device policy, a network device rule from the corresponding set of qualifiers and the traffic flow action for the selected service device policy, wherein deriving the network device rule comprises:
identifying a source group and a destination group using the corresponding first set of qualifiers for the selected service device policy, and
deriving the network device rule using the source group, the destination group, and the unreachability semantic;
deploy the network device rule, wherein the deploying comprises:
transmitting a command to each of the network devices of the network device fabric to deploy the network device rule;
determining whether each of the network devices confirms deployment of the network device rule; 
revoking, based on the determining, deployment of the network device rule at each of the network devices if any of the network devices reports failure to deploy the network device rule; and
in response to the revoking, not processing any more of the service device polices in the set of service device policies that have not been processed,
wherein the network device rule is directed to an offload network device rule subclass, a fail-close network device rule subclass, or a redirect network device rule subclass.

(Currently Amended) A non-transitory computer readable medium (CRM) comprising computer readable program code, which when executed by a computer processor, enables the computer processor to:
obtain, from a service device, a service device policy set;
obtain a service device unreachability semantic, which represents a fallback protocol to follow should the service device become unreachable after at least one network device rule corresponding to the service device policy set is deployed;
examine the service device policy set to identify a set of qualifiers and a traffic flow action for each policy in a service device policy set, wherein service device policies in the first set of service device policies are ordered from most specific to least specific;
select a most specific service device policy of the service device policies that has not been processed to obtain a selected service device policy;
process the selected service device policy, comprising:
derive, from the selected service device policy, a network device rule from the corresponding set of qualifiers and the traffic flow action for the selected service device policy, wherein deriving the network device rule comprises:
identifying a source group and a destination group using the corresponding first set of qualifiers for the selected service device policy, and
deriving the network device rule using the source group, the destination group, and the unreachability semantic;
deploy the network device rule, wherein the deploying comprises:
transmitting a command to each of the network devices of the network device fabric to deploy the network device rule; 
determining whether each of the network devices confirms deployment of the network device rule; 
revoking, based on the determining, deployment of the network device rule at each of the network devices if any of the network devices reports failure to deploy the network device rule; and
,
wherein the network device rule is directed to an offload network device rule subclass, a fail-close network device rule subclass, or a redirect network device rule subclass.

(Previously Presented) The method of claim 1, wherein the network device rule is directed to a compressed list of metadata descriptive of or pertinent to one or more types of network traffic flows.

Allowable Subject Matter
Claims 1, 3, 5-14, 16, 19-20 and 21 respectively are allowed and renumbered as claims 1, 2, 3-12, 13, 15, 16 and 14 respectively.

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: The prior arts of record singly or in combination does not teach the totality of the independent claims when read in light of the specification. In particular, the prior arts of record do not teach a method for managing a network device fabric, comprising a plurality of network devices (or a system, comprising a network device fabric, in case of claim 19; or a non-transitory computer readable medium comprising computer readable program code to perform the corresponding method steps, in case of claim 20), the method comprising:
obtaining, from a service device, a first service device policy set;
obtaining a service device unreachability semantic, which represents a fallback protocol to follow should the service device become unreachable after at least one network device rule corresponding to the first service device policy set is deployed;
examining the first service device policy set to identify a first set of qualifiers and a first traffic flow action for each policy in the first service device policy set, wherein service device policies in the first set of service device policies are ordered from most specific to least specific;

processing the selected service device policy, comprising:
deriving, from the selected service device policy, a network device rule from the corresponding first set of qualifiers and the first traffic flow action for the selected service device policy, wherein deriving the network device rule comprises:
identifying a source group and a destination group using the corresponding first set of qualifiers for the selected service device policy, and
deriving the network device rule using the source group, the destination group, and the unreachability semantic;
deploying the network device rule, wherein the deploying comprises:
transmitting a command to each of the network devices of the network device fabric to deploy the network device rule;
determining whether each of the network devices confirms deployment of the network device rule; 
revoking, based on the determining, deployment of the network device rule at each of the network devices if any of the network devices reports failure to deploy the network device rule; and
in response to the revoking, not processing any more of the service device polices in the first set of service device policies that have not been processed,
wherein the network device rule is directed to an offload network device rule subclass, a fail-close network device rule subclass, or a redirect network device rule subclass.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANDARVA KHANAL whose telephone number is (571)272-8107. The examiner can normally be reached MON-FRI, 0800-1700.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kamal B Divecha can be reached on 571-272-5863. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SANDARVA KHANAL/Examiner, Art Unit 2453                                                                                                                                                                                                        
/Hitesh Patel/Primary Examiner, Art Unit 2419                                                                                                                                                                                                        
1/13/22