Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
This communication is in response to the Amendment filed on 10/19/2021.
Claims 1-12 and 15-22 are pending.
Claims 1, 12 and 17 have been amended.
Claim 14 has been cancelled.
Claim 22 is newly added.

Response to Arguments
Claim Rejections – Obvious- 35 U.S.C. 103
Applicant Arguments
Claim 1 and 17
As to claim 1, applicant argues that claim 1 has been amended to recite that the virtual IP address indicated in the entry of the table comprising dynamic tunnel information was dynamically assigned to the second spoke network device. Claim 17 similarly has been amended to recite that the network device communicates a virtual IP address that was dynamically allocated to the network device to a hub network device for registration therewith and subsequent setup of tunnels. Thus, the public IP addresses of spoke network devices are not exposed for the purpose of dynamic spoke-to-spoke tunneling, and the virtual IP addresses dynamically allocated to the spoke are instead utilized. 
Applicant argues that Khalid is absent any suggestion that the IPv4 and IPv6 addresses are dynamically assigned virtual IP addresses, so these addresses thus should not be interpreted as anything more than conventional IP addresses. Khalid does not imply dynamic IP addresses allocation. In Khalid, tunnels between spokes can be dynamically established as a result of exchange and storage of IPv4 tunnel addresses and IPv6 address information between the spokes. However, neither the IPv4 tunnel 
Applicant argues that claim 1 recites determining whether a dynamical tunnel information that indicates the virtual IP address of the second spoke. Determining whether a dynamic tunnel to a spoke network device is available based on a virtual IP address assigned to the spoke is not equivalent to determining an IPv6 tunnel address to which to send an IPv4 data packet based on the IPv4 address of the destination spoke, as recited in Khalid. Khalid and Aggarwal is absent disclosing of virtual IP addresses dynamically allocated to spoke network devices that are leveraged to determine availability of spoke-to-spoke tunnels.
As to claim 17, applicant argues that the routing table in Aggarwal is merely a generic routing table that is known in the art rather than a table with virtual IP address information and corresponding to whether dynamic spoke-to-spoke tunnels to other network devices are active. Using the routing table to perform lookups of virtual IP addresses thus would not yield termination of whether a dynamic tunnel to a network device corresponding to the virtual IP address.
Claim 12
As described above in reference to claims 1 and 17, the IPv6 tunnel source addresses cannot be interpreted as dynamically allocated virtual IP addresses. There is no allocation or assignment of the IPv6 address to the spokes by any component in Khalid. Further Khalid does not disclose or imply the existence of a pool of virtual IP addresses or any other IP address from which tunnel source IP addresses are allocated to spokes. Claim 12 has been amended to recite that the virtual IP addresses of the peers were previously assigned to the peers from the maintained address pool of virtual IP addresses. Aggarwal does not imply that the routing table comprises virtual IP addresses that were allocated to network devices from an address pool of virtual IP addresses, nor can this be assumed from the conventional routing tables and their uses for routing packets at least for similar reasons given in reference to claim 1.
Examiner’s Response:
The applicant's arguments/remarks filed on 10/19/2021 regarding claims 1-12 and 15-22 have been fully considered but are moot in view of the new ground(s) of rejection. The arguments/remarks are 
Claim 1 and 17
Sullenberger teaches method and apparatus for establishing a dynamical multipoint encrypted virtual private network. As recited in the ABSTRACT, “Input is received specifying an association of a VPN endpoint address to a corresponding routable network address of a second device…applicable to a hub-and-spoke network architecture”, Sullenberger teaches hub and spoke network architecture with endpoint address to a corresponding network address of a second device. And then as recited in Col.2, lines 65-67, “allows the support of dynamic routing protocols and IP multicast over the VPN network”; and Col. 3, lines 4-5, “for such routers to be assigned an IP address dynamically, that is, each time they reboot or reload”, Sullenberger teaches dynamically allocating virtual IP address to the spoke.
Claim 12
As described above in reference to claims 1 and 17, Sullenberger teahes dynamically allocated virtual IP addresses. Further, as recited in Col. 5, lines 35-38, “tunnel addresses T1, T2, T3, T4, which are associated with routers S1, S2, S3, S4 of the virtual private network, are selected in an address range that places the addresses within the same subnet”, Sullenberger teaches the addresses are selected in an address range from same subnet, i.e. a maintained address pool of virtual IP addresses.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-7, 9-12, 14-19 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Khalid et al.(hereinafter referred to as Khalid) (U. S. Patent No. 7869446 B2) in view of Aggarwal et al. (hereinafter referred to as Aggarwal) (U. S. Patent. No. 7801030B1).
As to claim 1,  Khalid teaches a method comprising: based on detecting network traffic to be routed from a first spoke network device to a destination network corresponding to a second spoke network device, determining if a tunnel between the first spoke network device and the second spoke network device is active (See at least Col.2, lines 46-49, “data packets may be transmitted either between the hub site 120, and the spokes 130, 140, or between spoke A 130 and spoke B 140, over the IPv6 cloud 110, via the multipoint tunnels 112-115”; and Col.4, lines 15-20, “Upon receiving and decrypting the new binding information encoded within the extension header sent from spoke B 140, spoke A 130 will update its own binding information, thus creating a direct connection tunnel 115 between spoke A and spoke B 140 over the IPv6 cloud 110, without needing to send traffic via a hub site 120”) based, at least in part, on an entry corresponding to a virtual Internet Protocol (IP) address of the second spoke network device in a table comprising dynamic tunnel information (See at least Col.3, lines 24-27, “the extension header information may be used to update the binding table of the IPv4 addresses with the corresponding IPv6 addresses of the hub site 120 and the spoke A 130”; Col. 4, lines 9-11, “spoke B 140 may transmit a new null payload packet to spoke A 130 either directly using the new binding information, or via the hub site 120”; and Col. 4, “thus creating a direct connection tunnel 115 between spoke A 130 and spoke B 140 over the IPv6 cloud 110”. Here, spoke A updates its own binding table before sending the data packet destined for spoke B. The binding table comprising dynamic tunnel information ); based on determining that a tunnel between the first spoke network device and the second spoke network device is not active, directing flow of the network traffic to the second spoke network device via a hub network device (See at least Col.3, lines 28-34, “in the case where computer terminal 131 connected to spoke A 130 needs to send traffic to computer terminal 141 connected to spoke B140, the initial communication may be transmitted indirectly through the hub site 120”); the first spoke network device initiating establishment of a dynamic tunnel with the second spoke network device while the flow of the network traffic is directed to the second spoke network device via the hub network device (See at least Col.3,lines 24-27, “the extension header information may be used to update the binding table of the IPv4 addresses with the corresponding IPv6 addresses of the hub site 120 and the spoke A 130”; and Col. 4, lines 9-11, “spoke B 140 may transmit a new null payload packet to spoke A 130 either directly using the new binding information, or via the hub site 120”. Here, the network traffic is directed to the second spoke via the hub ). 
Although Khalid teaches the substantial features of the claimed invention, Khalid fails to expressly teach wherein based on the first spoke network device establishing the dynamic tunnel with the second spoke network device, redirecting flow of the network traffic to the second spoke network device over the dynamic tunnel, wherein the virtual IP address was dynamically assigned to the second spoke network device.
In analogous teaching, Aggarwal exemplifies this wherein Aggarwal teaches and based on the first spoke network device establishing the dynamic tunnel with the second spoke network device, redirecting flow of the network traffic to the second spoke network device over the dynamic tunnel (See at least Col.5, lines 22-25, “establishes a dynamic spoke-to-spoke tunnel. These spoke-to-spoke tunnels are established on demand whenever there is traffic between the spokes, and packets between spokes may thereafter bypass the hub”).
Thus, given the teaching of Aggarwal, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Aggarwal, technique for using OER for multi-homed spoke-to-spoke sites, into Khalid, optimized dynamic multipoint virtual private network over IPV6 network, for method and system to create and utilize a plurality of tunnels from one spoke node to another spoke node. One of the ordinary skill in the art would have been motivated because it would have been advantageous to have the method and system to dynamically re-designate any one of tunnels and load balance traffic to the peer spoke dynamically (See Aggarwal: ABSTRACT).
Although Khalid and Aggarwal teach the substantial features of the claimed invention, Khalid and Aggarwal fail to expressly teach wherein the virtual IP address was dynamically assigned to the second spoke network device
In analogous teaching, Sullenberger exemplifies this wherein Sullenberger teaches wherein the virtual IP address was dynamically assigned to the second spoke network device (See at least ABSTRACT, “Input is received specifying an association of a VPN endpoint address to a corresponding routable network address of a second device…applicable to a hub-and-spoke network architecture”; Col.2, lines 65-67, “allows the support of dynamic routing protocols and IP multicast over the VPN network”; and Col. 3, lines 4-5, “for such routers to be assigned an IP address dynamically, that is, each time they reboot or reload”).
Thus, given the teaching of Sullenberger, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Sullenberger, method and apparatus for establishing a dynamical virtual network, into Aggarwal, technique for using OER for multi-homed spoke-to-spoke sites, and Khalid, optimized dynamic multipoint virtual private network over IPV6 network, for method and system to create and utilize a plurality of tunnels from one spoke node to another spoke node. One of the ordinary skill in the art would have been motivated because it would have been advantageous to have the method and system to dynamically re-designate any one of tunnels and load balance traffic to the peer spoke dynamically (See Sullenberger: ABSTRACT).

As to claim 2, Khalid, Aggarwal and Sullenberger teach the method of claim 1. Khalid further teaches wherein further comprising: determining whether the dynamic tunnel has been inactive for a tunnel timeout period (See at least Col.5, lines 30-35, “When the binding is updated between spoke A 130 and spoke B 140,a direct multipoint tunnel is established between the two spokes A, B 130, 140 and the data routing protocols are optimized to no longer require rerouting through the hub site 120 between the two spokes A, B 130, 140”; and Co.5, line 66 – Col.6, line 5. “a direct connection between the spoke is established and starts its binding timer for the direct connection between spoke A 130 spoke 140 B… each spoke is configured to maintain its binding timer and the state for its binding”). Aggarwal further teaches wherein and terminating the dynamic tunnel based, at least in part, on See at least Col. 9, lines 19-22, “data can be directly transferred from spoke to spoke, bypassing the hub. Notably, this dynamic “spoke-to-spoke” tunnel may be torn down after a configurable period inactivity”; and Col.12, lines 57-61, “the client node at the spoke no longer requires a connection to the peer spoke network. ECT services 248 may terminate the primary and secondary spoke-to-spoke tunnels. Optionally, a configurable timer may be used to determine a period of unutilized connections”).
Thus, given the teaching of Aggarwal, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Aggarwal, technique for using OER for multi-homed spoke-to-spoke sites, into Khalid, optimized dynamic multipoint virtual private network over IPV6 network, and Sullenberger, method and apparatus for establishing a dynamical virtual network, for method and system to create and utilize a plurality of tunnels from one spoke node to another spoke node. One of the ordinary skill in the art would have been motivated because it would have been advantageous to have the method and system to dynamically re-designate any one of tunnels and load balance traffic to the peer spoke dynamically (See Aggarwal: ABSTRACT).

As to claim 3, Khalid, Aggarwal and Sullenberger teach the method of claim 1. Aggarwal further teaches wherein terminating the dynamic tunnel comprises disconnecting a virtual private network (VPN) connection between the first spoke network device and the second spoke network device (See at least ABSTRACT, “according to technique, a VPN client node, e.g., a “spoke”, creates at least one VPN tunnel with an enterprise network…the spoke may dynamically create a plurality of VPN tunnels with a peer spoke network, e.g., a “peer spoke”. The spoke designates one of the tunnels as a primary tunnel and the other tunnels as secondary tunnels”; and Col. 9, lines 19-22, “data can be directly transferred from spoke to spoke, bypassing the hub. Notably, this dynamic “spoke-to-spoke” tunnel may be torn down after a configurable period inactivity”).
Thus, given the teaching of Aggarwal, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed See Aggarwal: ABSTRACT).

As to claim 4, Khalid, Aggarwal and Sullenberger teach the method of claim 1. Aggarwal further teaches wherein terminating if a tunnel between the first spoke network device and the second spoke network device is active comprises determining if a flag is associated with the virtual IP address of the second spoke network device in the entry in the table, wherein the flag indicates that the tunnel is not active (See at least ABSTRACT, “according to technique, a VPN client node, e.g., a “spoke”, creates at least one VPN tunnel with an enterprise network…the spoke may dynamically create a plurality of VPN tunnels with a peer spoke network, e.g., a “peer spoke”. The spoke designates one of the tunnels as a primary tunnel and the other tunnels as secondary tunnels”; and Col. 9, lines 19-22, “data can be directly transferred from spoke to spoke, bypassing the hub. Notably, this dynamic “spoke-to-spoke” tunnel may be torn down after a configurable period inactivity”).
Thus, given the teaching of Aggarwal, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Aggarwal, technique for using OER for multi-homed spoke-to-spoke sites, into Khalid, optimized dynamic multipoint virtual private network over IPV6 network, and Sullenberger, method and apparatus for establishing a dynamical virtual network, for method and system to create and utilize a plurality of tunnels from one spoke node to another spoke node. One of the ordinary skill in the art would have been motivated because it would have been advantageous to have the method and system to dynamically re-designate any one of tunnels and load balance traffic to the peer spoke dynamically (See Aggarwal: ABSTRACT).

As to claim 5, Khalid, Aggarwal and Sullenberger teach the method of claim 1. Khalid further teaches wherein a first static tunnel exists between the first spoke network device and the hub network device and a second static tunnel exists between the second spoke network device and hub network device (See at least ABSTRACT, “registering a first spoke router with a hub router, forwarding an IPv4 data packet from the first spoke router to a second spoke router over an IPv6 multipoint tunnel via the hub router”); wherein directing flow of the network traffic to the second spoke network device via the hub network device comprises communicating at least a first packet through the first and second static tunnels (See at least Col. 2, lines 34-38, “may provide IPv6 enabled communication path for IPv6 multipoint tunnels 112 to the network entities such a, for example, routers in hub site 120, multipoint tunnels 113, 114 to the spokes 130, 140”; and Col.2, lines 46-49, “data packets may be transmitted either between the hub site 120, and the spokes130, 140”).

As to claim 6, Khalid, Aggarwal and Sullenberger teach the method of claim 1. Khalid further teaches wherein further comprising installing a first border gateway protocol (BGP) configuration to the first spoke network device and a second BGP configuration to the second spoke network device (See at least Col.2, lines 58-60, “a boarder gateway routing protocol (BGP) may be used to exchange IPv4 prefix reachability information between hub site 120 and each spoke site 130, 140”).

As to claim 7, Khalid, Aggarwal and Sullenberger teach the method of claim 1. Khalid further teaches wherein the first spoke network device is a BGP peer of the hub network device and wherein the second spoke network device is a BGP peer of the hub network device based, at least in part, on the first and second BGP configurations (See at least Col.2, lines 58-60, “a boarder gateway routing protocol (BGP) may be used to exchange IPv4 prefix reachability information between hub site 120 and each spoke site 130, 140”).

As to claim 9, Khalid, Aggarwal and Sullenberger teach the method of claim 1. Khalid further teaches wherein the dynamic tunnel comprises a VPN tunnel, where the VPN tunnel is See at least Col.3, lines 4-5, “The use of a group cryptography key in particular embodiments, allows for connection with immediate encryption and decryption”; Col.4, lines 15-20, “Upon receiving and decrypting the new binding information encoded within the extension header sent from spoke B 140, spoke A 130 will update its own binding information, thus creating a direct connection tunnel 115 between spoke A 130 and spoke B 140 over the IPv6 cloud 110, without needing to send traffic via a hub site 120”; and Col. 8, lines 60-64, “IPv6 capabilities may be leveraged to enhance the DMVPN architecture to provide functionalities in the IPv4 environment. Moreover, cryptography may be used to endure data security, integrity and confidentiality”).

As to claim 10, Khalid, Aggarwal and Sullenberger teach the method of claim 1. Aggarwal further teaches wherein each of the first spoke network device, second spoke network device, and hub network device comprise network devices with at least layer 3 network capabilities (See at least ABSTRACT, “according to technique, a VPN client node, e.g., a “spoke”, creates at least one VPN tunnel with an enterprise network…the spoke may dynamically create a plurality of VPN tunnels with a peer spoke network, e.g., a “peer spoke”. The spoke designates one of the tunnels as a primary tunnel and the other tunnels as secondary tunnels”; Col. 3, line 66- Col. 4, line 3, “the virtual circuit may tunnel data between its logical end points using known layer-2 and/or layer-3 tunneling protocols”; and Col. 9, lines 19-22, “data can be directly transferred from spoke to spoke, bypassing the hub. Notably, this dynamic “spoke-to-spoke” tunnel may be torn down after a configurable period inactivity”).
Thus, given the teaching of Aggarwal, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Aggarwal, technique for using OER for multi-homed spoke-to-spoke sites, into Khalid, optimized dynamic multipoint virtual private network over IPV6 network, and Sullenberger, method and apparatus for establishing a dynamical virtual network, for method and system to create and utilize a plurality of tunnels from one spoke node to another See Aggarwal: ABSTRACT).

As to claim 11, Khalid, Aggarwal and Sullenberger teach the method of claim 1. Khalid further teaches wherein further comprising: receiving a message from the hub network device indicating a route comprising the destination network (See at least Col. 3, lines 52-55, “Upon receiving the response extension header from the hub site 120, spoke A 130 may update its own binding table before sending the first data packet destined for spoke B 140”); wherein the second spoke network device advertises the route to the hub network device; installing the route in routing table of the first spoke network device; and indicating that a tunnel between the first spoke network device and the second spoke network device is not active (See at least Col.3, lines 28-34, “in the case where computer terminal 131 connected to spoke A 130 needs to send traffic to computer terminal 141 connected to spoke B140, the initial communication may be transmitted indirectly through the hub site 120”);

As to claim 12, Khalid teaches a non-transitory computer-readable medium having instruction stored thereon that are executable by a computing device (See at least Col. 4, lines 44-46, “coupled to one or more processors 240, which will execute a set of instructions 230 encoded onto a memory 220”) to: assign a first virtual Internet Protocol (IP) address to a first spoke network device based, at least in part, on receipt of a configuration request from the first spoke network device (See at least Col. 1, lines 46-50, “A method in particular embodiments includes establishing an Internet Protocol version Six (IPv6) multipoint tunnel with an IPv6 address as a tunnel source address and Internet Protocol version Four (IPv4) as a tunnel address, between a first spoke router and a hub router, transmitting a binding information associates with the first spoke router to the second spoke router”; and Col. 4, lines 50-52, “The network device may be configured for use as a router at spoke A 130, 140 on the DMVPN, or as a network device on the hub site 120”) and an indication of a public IP address of the first spoke network device (See at least Col. 1, lines 46-50, “A method in particular embodiments includes establishing an Internet Protocol version Six (IPv6) multipoint tunnel with an IPv6 address as a tunnel source address and Internet Protocol version Four (IPv4) as a tunnel address, between a first spoke router and a hub router”; and Fig. 3, “Receive Public Address and IPv4 Tunnel Address for Binding Update from Spoke B”);  push a border gateway protocol (BGP) configuration and the first virtual IP address to the first spoke network device (See at least Col. 3, lines 17-19, “encode spoke A’s 130 IPv4 tunnel address and spoke A’s 130 IPv6 address, which is used for reachability over the IPv6 network”; Col. 4, lines 28-32, “spoke A 130 may advertise the IPv4 prefix reachability via BGP to the hub site 120 , which in turn advertises to spoke B has knowledge of the IPv4 reachability of computer terminal 131 and computer terminal 132 through spoke A 130”), wherein the BGP configuration identifies peers of the first spoke network device(See at least Col. 2, lines 58-61, “border gateway routing protocol (BGP) may be used to exchange IPv4 prefix reachability information between hub site 120 and each spoke site 130, 140”); communicate, the first virtual IP address assigned to the first spoke network device to the peers of the first spoke network device (See at least Col. 2, lines 25-61, “Fig.1 is a block diagram of a Dynamic Multipoint Virtual Private Network running on IPv4 technology over IPv6 cloud (virtual network)”. “Each multipoint tunnel in particular embodiments may be defined to include an IPv4 address as the tunnel IP address, and an IPv6 address as the tunnel source IP address(virtual addresses)”. “the tunnel source IPv6 address may be used as the source IPv6 address of the Ipv6”. “a border gateway routing protocol (BGP) may be used to exchange IPv4 prefix reachability information between hub site 120 and each spoke site 130, 140(communicate to the hub and peer spoke devices)”); and communicate to the first spoke network device, virtual IP addresses of the peers of the first spoke network device (See at least Col. 2, lines 25-61, “Fig.1 is a block diagram of a Dynamic Multipoint Virtual Private Network running on IPv4 technology over IPv6 cloud (virtual network)”. “Each multipoint tunnel in particular embodiments may be defined to include an IPv4 address as the tunnel IP address, and an IPv6 address as the tunnel source IP address(virtual addresses)”. “the tunnel source IPv6 address may be used as the source IPv6 address of the Ipv6”. “a border gateway routing protocol (BGP) may be used to exchange IPv4 prefix reachability information between hub site 120 and each spoke site 130, 140(communicate to the hub and peer spoke devices)”).
Although Khalid teaches the substantial features of the claimed invention, Khalid fails to expressly teach wherein the virtual IP addresses of the peers of the first spoke network device were previously assigned to the peers; wherein virtual IP address is from a maintained address pool. 
In analogous teaching, Aggarwal exemplifies this wherein Aggarwal teaches wherein the virtual IP addresses of the peers of the first spoke network device were previously assigned to the peers (See at least Col. 2, lines 54-59, “When a packet is received at the intermediate network node, the packet’s destination address may be used to identify a routing table entry containing routing information associated with the received packet. Among other things, the packet’s routing information indicates that packet’s next-hop address”).
Thus, given the teaching of Aggarwal, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Aggarwal, technique for using OER for multi-homed spoke-to-spoke sites, into Khalid, optimized dynamic multipoint virtual private network over IPV6 network, for method and system to create and utilize a plurality of tunnels from one spoke node to another spoke node. One of the ordinary skill in the art would have been motivated because it would have been advantageous to have the method and system to dynamically re-designate any one of tunnels and load balance traffic to the peer spoke dynamically (See Aggarwal: ABSTRACT).
Although Khalid and Aggarwal teach the substantial features of the claimed invention, Khalid and Aggarwal fail to expressly teach wherein virtual IP address is from a maintained address pool. 
In analogous teaching, Sullenberger exemplifies this wherein Sullenberger teaches wherein virtual IP address is from a maintained address pool (See at least Col. 5, lines 35-38, “tunnel addresses T1, T2, T3, T4, which are associated with routers S1, S2, S3, S4 of the virtual private network, are selected in an address range that places the addresses within the same subnet”).
Thus, given the teaching of Sullenberger, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Sullenberger, method and apparatus for See Sullenberger: ABSTRACT).

As to claim 15, Khalid, Aggarwal and Sullenberger teach the non-transitory computer-readable medium of claim 12. Aggarwal further teaches wherein the BGP configuration comprises a placeholder local address and placeholder peer addresses for assignment to the first spoke network device (See at least Col. 3, lines 4-6, “The routing information exchanged by BGP peer routers typically includes destination address prefixes, i.e., the portions of destination addresses used by the routing protocol to renter routing decisions”; and Col. 7, lines 30-40, “Each spoke network may generally contain one or more client nodes… and one or more border routers…the principal spoke network for which the present invention is described is referred as  “peer spoke networks.” Routing operations at the (principal) spoke router may be managed by an optimized edge routing “Master” node, which may be connected to the spoke router by, e.g., point-to-point links or a local area network”).
Thus, given the teaching of Aggarwal, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Aggarwal, technique for using OER for multi-homed spoke-to-spoke sites, into Khalid, optimized dynamic multipoint virtual private network over IPV6 network, and Sullenberger, method and apparatus for establishing a dynamical virtual network, for method and system to create and utilize a plurality of tunnels from one spoke node to another spoke node. One of the ordinary skill in the art would have been motivated because it would have been advantageous to have the method and system to dynamically re-designate any one of tunnels and load balance traffic to the peer spoke dynamically (See Aggarwal: ABSTRACT).

As to claim 16, Khalid, Aggarwal and Sullenberger teach the non-transitory computer-readable medium of claim 12. Khalid further teaches wherein further comprising instructions to establish a secure communication connection with the first spoke network device (See at least Col. 3, lines 11-14, “with the group encryption key, before sending the packets including the new extension headers, encryption/decryption keys may be sent between the spoke and hub sites”), wherein the communication of the first virtual IP address assigned to the first spoke network device to the peers of the first spoke network device and the communication of the virtual IP addresses of the peers of the first spoke network device to the first spoke network device are over the secure communication connection (See at least Col. 2, lines 25-61, “Fig.1 is a block diagram of a Dynamic Multipoint Virtual Private Network running on IPv4 technology over IPv6 cloud (virtual network)”. “Each multipoint tunnel in particular embodiments may be defined to include an IPv4 address as the tunnel IP address, and an IPv6 address as the tunnel source IP address(virtual addresses)”. “the tunnel source IPv6 address may be used as the source IPv6 address of the Ipv6”. “a border gateway routing protocol (BGP) may be used to exchange IPv4 prefix reachability information between hub site 120 and each spoke site 130, 140(communicate to the hub and peer spoke devices)”

As to claim 17, Khalid teaches a network device comprising: a processor; and a computer-readable medium having instructions stored thereon that are executable by the processor to cause the network device to, communicate an address of the network device to a hub network device to register the network device with the hub network device (See at least ABSTRACT, “including registering a first spoke router with a hub router”; and Col. 5, lines 1-2, “to register spoke A 130 with the hub site 120 and establish a connection”).
Although Khalid teaches the substantial features of the claimed invention, Khalid fails to expressly teach wherein establish a static tunnel with the hub network device as a secondary communication channel with other network device that communication with the hub network devices; maintain a first table with entries for virtual Internet Protocol (IP) addresses corresponding to the other network devices advertised from the hub network device and corresponding indications of whether a dynamic tunnel to a respective one of the other network devices is active as a primary communication channel directly with the respective one of the other network devices; and based on receipt of a packet with a destination address which identifies one of the other network devices, determine with the first table whether corresponding one of the entries of the first table for a virtual IP address of the one of the other network devices indicates that a dynamic tunnel from the network device to the one of the other network devices is active.
In analogous teaching, Aggarwal exemplifies this wherein Aggarwal teaches wherein establish a static tunnel with the hub network device as a secondary communication channel with other network device that communication with the hub network devices (See at least Col. 5, lines 15-17, “spokes do not need static configuration for direct tunnels to any of the other spokes”);  maintain a first table with entries for virtual Internet Protocol (IP) addresses corresponding to the other network devices advertised from the hub network device (See at least ABSTRACT, “according to technique, a VPN client node, e.g., a “spoke”, creates at least one VPN tunnel with an enterprise network…the spoke may dynamically create a plurality of VPN tunnels with a peer spoke network, e.g., a “peer spoke”. The spoke designates one of the tunnels as a primary tunnel and the other tunnels as secondary tunnels”; Col. 2, lines 44-45, “an intermediate network node often stores its routing information in a routing table maintained and managed by a routing information base (RIB)”; and Col. 9, lines 19-22, “data can be directly transferred from spoke to spoke, bypassing the hub. Notably, this dynamic “spoke-to-spoke” tunnel may be torn down after a configurable period inactivity”) and corresponding indications of whether a dynamic tunnel to a respective one of the other network devices is active as a primary communication channel directly with the respective one of the other network devices (See at least ABSTRACT, “according to technique, a VPN client node, e.g., a “spoke”, creates at least one VPN tunnel with an enterprise network…the spoke may dynamically create a plurality of VPN tunnels with a peer spoke network, e.g., a “peer spoke”. The spoke designates one of the tunnels as a primary tunnel and the other tunnels as secondary tunnels”; Col. 2, lines 44-45, “an intermediate network node often stores its routing information in a routing table maintained and managed by a routing information base (RIB)”); and based on receipt of a packet with a destination address which identifies one of the other network devices (See at least Col.2, lines 54-57, “When a packet is received at the intermediate network node, the packet’s destination address may be used to identify a routing table entry containing routing information associated with the received packets”), and determine with the first table whether corresponding one of the entries of the first table for a virtual IP address of the one of the other network devices indicates that a dynamic tunnel from the network device to the one of the other network devices is active (See at least ABSTRACT, “according to technique, a VPN client node, e.g., a “spoke”, creates at least one VPN tunnel with an enterprise network…the spoke may dynamically create a plurality of VPN tunnels with a peer spoke network, e.g., a “peer spoke”. The spoke designates one of the tunnels as a primary tunnel and the other tunnels as secondary tunnels”; Col. 2, lines 44-45, “an intermediate network node often stores its routing information in a routing table maintained and managed by a routing information base (RIB)”)
Thus, given the teaching of Aggarwal, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Aggarwal, technique for using OER for multi-homed spoke-to-spoke sites, into Khalid, optimized dynamic multipoint virtual private network over IPV6 network, for method and system to create and utilize a plurality of tunnels from one spoke node to another spoke node. One of the ordinary skill in the art would have been motivated because it would have been advantageous to have the method and system to dynamically re-designate any one of tunnels and load balance traffic to the peer spoke dynamically (See Aggarwal: ABSTRACT).
Although Khalid and Aggarwal teach the substantial features of the claimed invention, Khalid and Aggarwal fail to expressly teach wherein the virtual Internet (IP) address was dynamically allocated to the  network device.
In analogous teaching, Sullenberger exemplifies this wherein Sullenberger teaches wherein the virtual Internet (IP) address was dynamically allocated to the  network device (See at least ABSTRACT, “Input is received specifying an association of a VPN endpoint address to a corresponding routable network address of a second device…applicable to a hub-and-spoke network architecture”; Col.2, lines 65-67, “allows the support of dynamic routing protocols and IP multicast over the VPN network”; and Col. 3, lines 4-5, “for such routers to be assigned an IP address dynamically, that is, each time they reboot or reload”).
Thus, given the teaching of Sullenberger, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Sullenberger, method and apparatus for establishing a dynamical virtual network, into Aggarwal, technique for using OER for multi-homed spoke-to-spoke sites, and Khalid, optimized dynamic multipoint virtual private network over IPV6 network, for method and system to create and utilize a plurality of tunnels from one spoke node to another spoke node. One of the ordinary skill in the art would have been motivated because it would have been advantageous to have the method and system to dynamically re-designate any one of tunnels and load balance traffic to the peer spoke dynamically (See Sullenberger: ABSTRACT).

As to claim 18, Khalid, Aggarwal and Sullenberger teach the network device of claim 17. Aggarwal further teaches wherein the computer-readable medium further comprises instructions executable by the processor to cause the network device to, based on a determination that corresponding one of the entries of the first table indicates that the dynamic tunnel is active, direct the packet to the one of the other network devices corresponding to the destination address via the dynamic tunnel instead of the static tunnel (See at least ABSTRACT, “according to technique, a VPN client node, e.g., a “spoke”, creates at least one VPN tunnel with an enterprise network…the spoke may dynamically create a plurality of VPN tunnels with a peer spoke network, e.g., a “peer spoke”. The spoke designates one of the tunnels as a primary tunnel and the other tunnels as secondary tunnels”; Col. 2, lines 44-45, “an intermediate network node often stores its routing information in a routing table maintained and managed by a routing information base (RIB)”; and Col. 9, lines 19-22, “data can be directly transferred from spoke to spoke, bypassing the hub.”).
Thus, given the teaching of Aggarwal, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Aggarwal, technique for using OER for multi-homed spoke-to-spoke sites, into Khalid, optimized dynamic multipoint virtual private network over IPV6 network, and Sullenberger, method and apparatus for establishing a dynamical virtual network, for method and system to create and utilize a plurality of tunnels from one spoke node to another spoke node. One of the ordinary skill in the art would have been motivated because it would have been advantageous to have the method and system to dynamically re-designate any one of tunnels and load balance traffic to the peer spoke dynamically (See Aggarwal: ABSTRACT).

As to claim 19, Khalid, Aggarwal and Sullenberger teach the network device of claim 17. Aggarwal further teaches wherein the computer-readable medium further comprises instructions executable by the processor to cause the network devices to: based on a determination that the corresponding one of the entries of the first table indicates that the dynamic tunnel is inactive, direct the packet to the one of the other network devices corresponding to the destination address via the static tunnel (See at least Col.3, lines 28-34, “in the case where computer terminal 131 connected to spoke A 130 needs to send traffic to computer terminal 141 connected to spoke B140, the initial communication may be transmitted indirectly through the hub site 120”); establish the dynamic tunnel with the one of the other network devices (See at least ABSTRACT, “Once the spoke-to-hub tunnel is established, the spoke may dynamically create a plurality of VPN tunnels with a peer spoke network”; and Col.4, lines 15-20, “Upon receiving and decrypting the new binding information encoded within the extension header sent from spoke B 140, spoke A 130 will update its own binding information, thus creating a direct connection tunnel 115 between spoke A 130 and spoke B 140 over the IPv6 cloud 110, without needing to send traffic via a hub site 120”); update the first table with an indication that the dynamic tunnel from the network device to the one of the other network (See at least Col. 6, lines 46-50, “These extension headers are used to update the binding information tables of both communicating terminals such as DMVPN Hub and Spoke routers and allow for optimal communication path between the communicating terminals”); and direct subsequent packets to the one of the other network devices via the dynamic tunnel instead of the static tunnel (See at least ABSTRACT, “the spoke may then dynamically re-designate any one of the secondary tunnels as the primary tunnel for a prefix based on the quality of the tunnels to the peer spoke”).
Thus, given the teaching of Aggarwal, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Aggarwal, technique for using OER for multi-homed spoke-to-spoke sites, into Khalid, optimized dynamic multipoint virtual private network over IPV6 network, and Sullenberger, method and apparatus for establishing a dynamical virtual network, for method and system to create and utilize a plurality of tunnels from one spoke node to another spoke node. One of the ordinary skill in the art would have been motivated because it would have been advantageous to have the method and system to dynamically re-designate any one of tunnels and load balance traffic to the peer spoke dynamically (See Aggarwal: ABSTRACT).

As to claim 21, Khalid, Aggarwal and Sullenberger teach the method of claim 1. Aggarwal further teaches wherein the network traffic comprises a plurality of packets, wherein directing flow of the network traffic to the second spoke network device via a hub network device comprises at least a first packet of the plurality of packets to the second spoke network device via the hub network device (See at least Col.3, lines 28-34, “in the case where computer terminal 131 connected to spoke A 130 needs to send traffic to computer terminal 141 connected to spoke B140, the initial communication may be transmitted indirectly through the hub site 120”); and wherein redirecting flow of the network traffic to the second spoke network device over the dynamic tunnel comprises directing a remainder of the plurality of packets to the second network device over the dynamic tunnel (See at least Col.5, lines 22-25, “establishes a dynamic spoke-to-spoke tunnel. These spoke-to-spoke tunnels are established on demand whenever there is traffic between the spokes, and packets between spokes may thereafter bypass the hub”).
Thus, given the teaching of Aggarwal, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Aggarwal, technique for using OER for multi-homed spoke-to-spoke sites, into Khalid, optimized dynamic multipoint virtual private network over IPV6 network, and Sullenberger, method and apparatus for establishing a dynamical virtual network, for method and system to create and utilize a plurality of tunnels from one spoke node to another spoke node. One of the ordinary skill in the art would have been motivated because it would have been advantageous to have the method and system to dynamically re-designate any one of tunnels and load balance traffic to the peer spoke dynamically (See Aggarwal: ABSTRACT).

As to claim 22, Khalid, Aggarwal and Sullenberger teach the method of claim 1. Sullenberger further teaches wherein the virtual IP address was dynamically assigned to the second spoke network device (See at least ABSTRACT, “Input is received specifying an association of a VPN endpoint address to a corresponding routable network address of a second device…applicable to a hub-and-spoke network architecture”; Col.2, lines 65-67, “allows the support of dynamic routing protocols and IP multicast over the VPN network”; and Col. 3, lines 4-5, “for such routers to be assigned an IP address dynamically, that is, each time they reboot or reload”) from an address pool of virtual IP addresses, and wherein the first spoke network device also has a dynamically assigned virtual IP address (See at least ABSTRACT, “Input is received specifying an association of a VPN endpoint address to a corresponding routable network address of a second device…applicable to a hub-and-spoke network architecture”; Col.2, lines 65-67, “allows the support of dynamic routing protocols and IP multicast over the VPN network”; and Col. 3, lines 4-5, “for such routers to be assigned an IP address dynamically, that is, each time they reboot or reload”) from the address pool (See at least Col. 5, lines 35-38, “tunnel addresses T1, T2, T3, T4, which are associated with routers S1, S2, S3, S4 of the virtual private network, are selected in an address range that places the addresses within the same subnet”).
Thus, given the teaching of Sullenberger, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching of Sullenberger, method and apparatus for establishing a dynamical virtual network, into Aggarwal, technique for using OER for multi-homed spoke-to-spoke sites, and Khalid, optimized dynamic multipoint virtual private network over IPV6 network, for method and system to create and utilize a plurality of tunnels from one spoke node to another spoke node. One of the ordinary skill in the art would have been motivated because it would have been advantageous to have the method and system to dynamically re-designate any one of tunnels and load balance traffic to the peer spoke dynamically (See Sullenberger: ABSTRACT).

Claims 8 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Khalid, in view of  Aggarwal, and in view of Sullenberger,  and further in view of Saeed et al. (hereinafter referred to as Saeed) (U. S. Patent No. 7975030 B2).
As to claim 8, Khalid, Aggarwal and sullenberger teach the method of claim 1. Aggarwal further teaches wherein the first spoke network device establishing the dynamic tunnel with second spoke network device comprises establishing the dynamic tunnel (See at least Col.5, lines 22-25, “establishes a dynamic spoke-to-spoke tunnel. These spoke-to-spoke tunnels are established on demand whenever there is traffic between the spokes, and packets between spokes may thereafter bypass the hub”).
However, Khalid, Aggarwal and Sullenberger fail to expressly teach wherein using an Internet Key Exchange Protocol.
In analogous teaching, Saeed exemplifies this wherein Saeed teaches wherein using an Internet Key Exchange Protocol (See at least Col.4, lines 3-4, “the IKE, or Internet Key Exchange protocol is utilized to facilitate this exchange.”)
Thus, given the teaching of Saeed, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching Saeed, remote configuration of devices using a secure connection, into Sullenberger, method and apparatus for establishing a dynamical virtual network,  and Aggarwal, technique for using OER for multi-homed spoke-to-spoke sites, and Khalid, optimized dynamic multipoint virtual private network over IPV6 network, for method and system to implement configuration of remote devices. One of the ordinary skill in the art would have been motivated because it would have been advantageous to have the method and system to secure network connection (See Saeed: ABSTRACT).

As to claim 20, Khalid, Aggarwal and Sullenberger teach the network device of claim 19. Aggarwal further teaches wherein the instructions executable by the processor to cause the network device to establish the dynamic tunnel with the one of the other network devices comprise instructions executable by the processor to cause the network device to establish the dynamic tunnel with the one of the other network devices (See at least Col.5, lines 22-25, “establishes a dynamic spoke-to-spoke tunnel. These spoke-to-spoke tunnels are established on demand whenever there is traffic between the spokes, and packets between spokes may thereafter bypass the hub”).
However, Khalid, Aggarwal and Sullenberger fail to expressly teach wherein using an Internet Key Exchange Protocol.
In analogous teaching, Saeed exemplifies this wherein Saeed teaches wherein using an Internet Key Exchange Protocol (See at least Col.4, lines 3-4, “the IKE, or Internet Key Exchange protocol is utilized to facilitate this exchange.”)
Thus, given the teaching of Saeed, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to combine the teaching Saeed, remote configuration of devices using a secure connection, into Sullenberger, method and apparatus for establishing a dynamical virtual network,  and Aggarwal, technique for using OER for multi-homed spoke-to-spoke sites, and Khalid, See Saeed: ABSTRACT).

Conclusion
Applicant’s amendment necessitated the new ground(s) of rejection presented in this office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN FAN whose telephone number is (571)272-3345. The examiner can normally be reached on Monday-Thursday, 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Umar Cheema can be reached on (571)270-3037.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.





John Fan
/J.F. /Examiner, Art Unit 2454     
01/24/2022


/UMAR CHEEMA/Supervisory Patent Examiner, Art Unit 2454