DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is response to the application filed on 09/30/2020. Claims 1-21 are are pending and herein considered. 
Oath/Declaration
The receipt of oath/declaration is acknowledged.
Specification
The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification.
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 07/13/2021, and 07/19/2021, are in compliance with the provisions of 37 CRR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 103
 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.
 The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

 This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-30 are rejected are rejected under 35 U.S.C. 103 as being unpatentable over Gupta et al. (EP3690649A1) in view of Hughes et al. (U.S 2019/0274070).
For claim 1:  
Gupta discloses a system for creating a multi-region virtual overlay network for a software-defined wide area network (see Gupta, at least abstract, paragraph [0013]- [0015], Figs 1A, 1B; A software defined networking SDN controller that facilitates cloud-based services of a service provider network that sets up the SD-WAN is configured to determine whether a tunnel between end points is to be created or deleted and wide area network (WAN)) configured in a hub-and-spoke topology), the system comprising: 
a plurality of network appliances, each appliance of the plurality of network appliances having a plurality of network interfaces for transmitting and receiving data over at least two communication networks (see Gupta, at least Figs 1A, 1B; Spoke device 10A-C, Hub Device 6A, B); and 
an orchestrator device in communication with each of the plurality of network appliances (see Gupta, at least Figs 1A, 1B, [0015]; service provider network 5 includes software-defined networking (SDN) controller 8, orchestration engine 13, and includes services complex 9. However, service provider network 5 including SDN controller 8 is one non-limiting example. In some examples, SDN controller 8 may be a distributed controller), wherein the orchestrator device is configured to: 
process information regarding configuration of each network appliance of the plurality of network appliances; assign each network appliance to one region from a plurality of regions in the virtual overlay network, creating at least two regional subnetworks on the virtual overlay network; assign each appliance within a regional subnetwork to a role for its region, creating a network topology for the region (see Gupta, at least paragraph [0015]; SDN controller 8 may represent a SD-WAN controller that configures hub devices 6 and spoke devices 10 to form one or more overlay tunnels through service provider network 5 and/or public network 4 to enable communications between pairs of tunnel endpoints using an overlay tunnel); 
create a first plurality of virtual tunnels on the virtual overlay network for each region, each of the first plurality of tunnels connecting each appliance within a region to at least one other appliance in the same region, in accordance with the network topology for the region; and create a second plurality of virtual tunnels on the virtual overlay network to connect at least one appliance within each region to at least one appliance in each other region, for inter-region connectivity (see Gupta, at least Figure 1A, 1B, 2 and  paragraph [0015] [0017];[0021]; [0025]; [0061]; SDN controller 8 may represent a SD-WAN controller that configures hub devices 6 and spoke devices 10 to form one or more overlay tunnels through service provider network 5 and/or public network 4 to enable communications between pairs of tunnel endpoints using an overlay tunnel and SDN controller 8, based on policy metrics, determines whether one or more hub devices 6 should be bypassed so that a direct tunnel and SDN controller 8 facilitates communication through SD-WAN (e.g., network 2). As described in more detail below, SON controller 8 may be configured to determine in a policy driven manner whether to dynamically create (e.g., configure) tunnels between spoke devices and the dynamic creation of tunnel is orchestrated by SDN controller 8).
Gupta does not explicitly disclose assign each network appliance to one region from a plurality of regions in the virtual overlay network. 
Hughes, from the same or similar fields of endeavor, discloses methods for the creation, maintenance and management of virtual overlay networks across multiple communication networks managed by service providers and configuration can then be examined to determine which network segment the interface port and application is assigned (see Hughes, at least figure 8, paragraph [0041]; [0044]-[0045]; [0009]; [0032]-[0036]; [0058]-[0062]; [0068]; [0076]-[0080]; [0087]-[0088])
Therefore, it would have been obvious statement before the effective filing date of the claimed invention to have a system comprises a method as taught by Hughes. The motivation for doing this is to provide a system networks in order to provide intelligence for the data transfer.
For claim 2: 
In addition to rejection in claim 2, Gupta-Hughes further disclose wherein the assigned role for each appliance within a regional subnetwork is either a hub or a spoke (see Gupta, at least Figure 1A, abstract; software-defined wide area network (SD-WAN) having a hub-and-spoke topology), and the created network topology for the region is a hub and spoke network topology (see Gupta, at least paragraph [0004]-[0009]; in the hub-and-spoke topology, where each of a plurality of spoke devices are configured with an overlay tunnel to a corresponding one of a plurality of hub devices).
For claim 3:  
In addition to rejection in claim 3, Gupta-Hughes further disclose wherein the created network topology for the region is a full mesh topology (see Gupta, at least paragraph [0031]; a software-defined wide area network (SD-WAN) solution in a full mesh topology).
For claim 4:  
In addition to rejection in claim 4, Gupta-Hughes further disclose wherein the second plurality of virtual tunnels is created in accordance with a full mesh network topology (see Gupta, at least paragraph [0031]-[0032]; in a full mesh topology, each one of spoke devices would have a tunnel to all other spoke devices without needing to go through respective hub devices. Overlay tunnel could be IPSec, GRE, MPLS over GRE, IPSec over MPLS over GRE, MPLS over MPLS).
For claim 5:  
In addition to rejection in claim 5, Gupta-Hughes further disclose wherein inter-region connectivity is further created by connecting an appliance with an assigned role of a hub within each region to an appliance with an assigned role of a hub within each other region (see Gupta, at least paragraph [0015]- [0021]; [0031]- [0032]; Figure 1A, 1B, 2).
For claim 6: 
In addition to rejection in claim 6, Gupta-Hughes further disclose wherein each of the plurality of network appliances includes at least one LAN interface and at least one WAN interface as part of the plurality of network interfaces (see Gupta, at least paragraph [0003]; devices are grouped into a number of site networks implemented as local area networks (LAN), which in turn may be geographically distributed over a wide area and interconnected by a wide area network (WAN); or see Hughes, [0044]-[0045]; [0065]; [0068]; Each LAN and WAN interface is labeled with a particular type of traffic, and each label is associated with a separate overlay network to carry that type of traffic). The motivation for doing this is to provide a system networks in order to provide intelligence for the data transfer.
For claim 7: 
In addition to rejection in claim 7, Gupta-Hughes further disclose wherein at least one of the plurality of network appliances is located in a cloud network (see Hughes, at least paragraph [0035]; [0042]; each appliance can be in communication with other appliances, whether they are in a branch location, central location, private cloud network). The motivation for doing this is to provide a system networks in order to provide intelligence for the data transfer.
For claim 8: 
In addition to rejection in claim 8, Gupta-Hughes further disclose wherein at least one of the plurality of network appliances is located in a data center (see Gupta, at least paragraph [0015]; [0018]-[0019]; SDN controller 8 may be a distributed controller that executes at least in part at spoke site networks 12 (e.g., may have agents executing at spoke set networks 12) or within customer data centers).
For claim 9:  
In addition to rejection in claim 9, Gupta-Hughes further disclose wherein the at least two communication networks connected to the each of the plurality of network appliances comprise at least two of: Internet infrastructure, MPLS infrastructure, and LTE wireless connection infrastructure (see Gupta, at least paragraph [0046]; tunnels 14 are SD-WAN secure paths such as IPSec paths that may be configured through dedicated MPLS, broadband internet, wireless 4G/LTE, or see Hughes, figure 12C, 13).
For claim 10:  
In addition to rejection in claim 10, Gupta-Hughes further disclose wherein the orchestrator device is further configured to determine network performance metrics of at least one the first plurality of virtual tunnels and the second plurality of virtual tunnels, the network performance metrics representing application-oriented performance (see Hughes, at least figure 15A, paragraph [0093]; [0193]; application oriented). The motivation for doing this is to provide a system networks in order to provide intelligence for the data transfer.
For claim 11:  
In addition to rejection in claim 11, Gupta-Hughes further disclose wherein the orchestrator device is further configured to determine network performance metrics of underlay tunnels utilized by at least one of the first plurality of virtual tunnels and the second plurality of virtual tunnels, the network performance metrics representing network-oriented performance (see Hughes, at least figure 15A; underlay metric (network oriented)). The motivation for doing this is to provide a system networks in order to provide intelligence for the data transfer.
For claim 12: 
In addition to rejection in claim 12, Gupta-Hughes further disclose wherein the orchestrator device is further configured to select one or more underlay tunnels to transfer network data over the virtual overlay network, the one or more underlay tunnels selected based at least in part on network performance metrics (see Gupta, at least paragraph [0050]; [0054]; [0080]; the policy may define that SDN controller 8 is to create a path for data traffic between two spoke devices 10 from 9 am to 5 pm on Monday through Friday. All other traffic, such as web browsing, may go through hub devices 6. On Saturdays, backup data traffic may pass through the path (e.g., shortcut tunnel through underlay between two spoke devices 10 that bypasses one or more hub devices 6 that were being used for communication between the two spoke devices 10) and other data may pass through hub devices), also see Hughes, at least paragraph [0096]; application performance metrics). The motivation for doing this is to provide a system networks in order to provide intelligence for the data transfer.
For claim 13:  
In addition to rejection in claim 13, Gupta-Hughes further disclose wherein at least one underlay tunnel utilized by either the first plurality of virtual tunnels or the second plurality of virtual tunnels is an IPsec tunnel (see Gupta, at least paragraph [0027]; [0107]; [0071]; [0075]; IPsec tunnel) or (see Hughes, at least paragraph [0041]; the system 100 includes one or more secure tunnels between the first appliance 150 and the second appliance 180. The secure tunnel may be utilized with encryption (e.g., IPsec). The motivation for doing this is to provide a system networks in order to provide intelligence for the data transfer.
For claim 14:  
In addition to rejection in claim 14, Gupta-Hughes further disclose wherein information regarding configuration of each network interface further comprises information regarding a type of data traffic received at each network interface (see Gupta, at least paragraph [0014]; type of data traffic received at each network interface), also see Hughes, at least paragraph [0065]-0066]; Each LAN and WAN interface is labeled with a particular type of traffic, and each label is associated with a separate overlay network to carry that type of traffic). The motivation for doing this is to provide a system networks in order to provide intelligence for the data transfer.
For claim 15:  
In addition to rejection in claim 15, Gupta-Hughes further disclose wherein the orchestrator device is further configured to receive business intent information for one region of the multi-region virtual overlay network, and transmit corresponding configuration information to each appliance located within the one region (see Hughes, at least paragraph [0058]; allow for centrally assigned business intent policies to be implemented throughout an organization's entire network, to secure and control all WAN traffic for the organization). The motivation for doing this is to provide a system networks in order to provide intelligence for the data transfer.
For claim 16: 
In addition to rejection in claim 16, Gupta-Hughes further disclose wherein the first plurality of virtual tunnels and the second plurality of virtual tunnels are created substantially instantaneously (see Gupta, at least paragraph [0057]; techniques may allow for heterogeneous types of end-devices by allowing for a mix of devices to be deployed as end-devices. Each type of end-device may have a different number of tunnels that it can support simultaneously. For instance, each of spoke devices 10 may have different numbers of SD-WAN secure paths to other spoke devices 10 that bypass hub devices 6).
For claim 17:  
For claim 17, claim is directed to a system which has similar scope as claim 1. Therefore, claim 17 remains un-patentable for the same reasons.
For claim 18:  
In addition to rejection in claim 9, Gupta-Hughes further disclose wherein each appliance within a regional subnetwork assigned a role of a spoke is configured to transmit routing information via a subnet sharing protocol to each appliance assigned a role of a hub in a same region (see Hughes, at least paragraph [0085]; [0090]; [0099]-[0100]). The motivation for doing this is to provide a system networks in order to provide intelligence for the data transfer.
For claim 19:  
In addition to rejection in claim 19, Gupta-Hughes further disclose wherein each appliance within a regional subnetwork assigned a role of a hub is configured to transmit routing information via a subnet sharing protocol to each appliance assigned a role of a spoke in a same region (see Hughes, at least paragraph [0120]-[0121]). The motivation for doing this is to provide a system networks in order to provide intelligence for the data transfer.
For claim 20:  
In addition to rejection in claim 20, Gupta-Hughes further disclose herein each appliance within a regional subnetwork assigned a role of a hub is configured to transmit routing information via a subnet sharing protocol to each appliance assigned a role of a hub in each other region (see Hughes, at least paragraph [0067]; [0093]). The motivation for doing this is to provide a system networks in order to provide intelligence for the data transfer.
For claim 21: 
For claim 21, claim is directed to a method which has similar scope as claim 1. Therefore, claim 21 remains un-patentable for the same reasons.
Conclusion
The prior arts made or record and not relied upon are considered pertinent to applicant's disclosures. Sundararajan et al. (U.S 2021/0112034), discloses network security appliances (e.g., firewalls, IDPs, VPN gateways, etc.) drop traffic whose sequence number is outside of a specified range of previous traffic. Chandramohan et al. (U.S 2021/0058284), discloses physical or virtual Cisco® SD-WAN appliances can operate as the network management appliance(s).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LAN-HUONG TRUONG whose telephone number is (571) 270-5829. The examiner can normally be reached on Monday-Friday 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ricky Ngo can be reached on 571-272-3139.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/LAN-HUONG TRUONG/Primary Examiner, Art Unit 2464  
05/07/2022