Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 10th November 2020, 1st July 2021 and 1st October 2021 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
---------- ---------- ----------
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1 – 4, 9, 13 – 21, 23 and 25 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Renner, III et al (US 2021/0266259 A1, “Renner”).
1. Renner shows for an agent executing on a Kubernetes node in a cluster (figs. 1 and 2: Sender “Kubernetes” Control Plane), a method comprising:  	instructing a forwarding element that also executes on the node to process a flow tracing packet ([0050]: the ToR may further identify that a TCP ACK flag is set. The ToR may also identify the Sun IDX header and query the flow tracking mechanism in memory);  	receiving, from the forwarding element, a message indicating a set of flow entries matched by the flow tracing packet as the forwarding element processes the flow tracing packet ([0055]: on a customized hardware ASIC replacing kernel-based packet processing with a customized hardware network interface card, which can reduce CPU load incurred from existing Linux packet processing interrupt-based means, arbitrary header matching and resulting actions yielding fully controllable steering of packets throughout the cluster);  	for each flow entry of at least a subset of the flow entries matched by the flow tracing packet, generating mapping data that maps elements of the flow entry to Kubernetes concepts implemented in the cluster ([0039]: the ToR may then map the intended target service via http2 headers resulting in destination service ip address with the optimal Kubernetes pod and associated Sun IDX, which can subsequently yield the pod's IP address and node location for egress port specification); and  	reporting data regarding the set of flow entries along with the generated mapping data ([0023]: on the return path, the table can provide a source virtual IP address for mapping the return).
2. Renner shows the method of claim 1 further comprising  	receiving a message from a controller in the cluster specifying parameters for the flow tracing packet prior to instructing the forwarding element ([0037]: upon receiving this packet, the ToR can decapsulate the packet and determine that the given packet is of type HTTP2, and has a source TCP port that falls within the ephemeral port range, a destination port of 80, has the SYN flag set, and does not have a matching flow entry in memory).
3. Renner shows the method of claim 1 further comprising  	installing a plurality of new flow entries in the forwarding element on the node prior to instructing the forwarding element, wherein the forwarding element uses at least a subset of the new flow entries to process the flow tracing packet ([0023]: ToR 22A may install an entry at an index location of a forwarding table).
4. Renner shows the method of claim 3, wherein the new flow entries comprise copies of existing flow entries with at least one of  	(i) one or more additional match fields ([0055]: arbitrary header matching and resulting actions yielding fully controllable steering of packets throughout the cluster) and  	(ii) one or more additional actions ([0055]: arbitrary header matching and resulting actions yielding fully controllable steering of packets throughout the cluster).
9. Renner shows the method of claim 1, wherein the cluster comprises a plurality of nodes, wherein agents execute on each node in the cluster ([0058]: this latency reduction can become even more pronounced as the inefficiencies of the legacy software-based network functions are compounded by the processes stacking in the kernel as cluster and resource utilization increases).
13. Renner shows the method of claim 1, wherein each respective flow entry comprises  	(i) a respective set of match conditions ([0055]: on a customized hardware ASIC (for example) replacing kernel-based packet processing with a customized hardware network interface card, which can reduce CPU load incurred from existing Linux packet processing interrupt-based means, arbitrary header matching and resulting actions yielding fully controllable steering of packets throughout the cluster) and  	(ii) a respective set of actions to be performed when a data message matches the respective set of match conditions ([0055]: on a customized hardware ASIC (for example) replacing kernel-based packet processing with a customized hardware network interface card, which can reduce CPU load incurred from existing Linux packet processing interrupt-based means, arbitrary header matching and resulting actions yielding fully controllable steering of packets throughout the cluster).
14. Renner shows the method of claim 13, wherein generating mapping data for a particular flow entry comprises mapping at least one of the match conditions for the particular flow to a particular Kubernetes network policy ([0037]-[0039]: the ToR can decapsulate the packet and determine that the given packet is of type HTTP2, for example, and has a source TCP port that falls within the ephemeral port range, a destination port of 80, has the SYN flag set, and does not have a matching flow entry in memory… the ToR may then map the intended target service via http2 headers resulting in destination service ip address with the optimal Kubernetes pod and associated Sun IDX, which can subsequently yield the pod's IP address and node location for egress port specification).
15. Renner shows the method of claim 13, wherein generating mapping data for a particular flow entry comprises mapping at least one of the match conditions for the particular flow to a particular pod and specifying a name for the particular pod ([0039]: the ToR may then map the intended target service via http2 headers resulting in destination service ip address with the optimal Kubernetes pod and associated Sun IDX, which can subsequently yield the pod's IP address and node location for egress port specification).
16. Renner shows the method of claim 13, wherein generating mapping data for a particular flow entry comprises mapping at least one of the match conditions for the particular flow to a particular service and specifying a name for the particular service ([0050]: the ToR may also identify the Sun IDX header and query the flow tracking mechanism in memory and this query can return results containing the original client IP address, virtual IP address of the externally exposed service, and that the last packet seen for this flow did not have the TCP FIN and ACK flag set).
17. Renner shows the method of claim 13, wherein the flow entries are organized into a plurality of tables, wherein generating the mapping data comprises:  	identifying that a particular flow entry is in a particular table that corresponds to a particular Kubernetes network policy ([0033]: an HTTP Ingress can be instantiated by a request from the Kubernetes API server wherein such request may cause the Kubernetes label selection routine to run against svc selector labels as viable backends and completes the next table lookup values for ingress steering); and  	specifying a particular rule of the particular Kubernetes network policy to which the particular flow entry corresponds ([0046]: because this communication was sourced from outside of the Kubernetes cluster, no routing entry will be present in the pod’s routing table).
18. Renner shows the method of claim 1, wherein instructing the forwarding element to process the flow tracing packet comprises instructing the forwarding element to simulate processing of a packet with characteristics of the flow tracing packet ([0050]: the ToR may also identify the Sun IDX header and query the flow tracking mechanism in memory).
19. Renner shows the method of claim 1, wherein:  	generating the mapping data comprises generating a set of packet processing stages passed by the flow tracing packet ([0011]: the top of rack router may identify the one or more subsequent data packets having one or more flow specific characteristics associated with the first data packet, and apply the original source/destination information of the first data packet to the one or more subsequent packets without utilizing the forwarding table); and  	reporting data regarding the set of flow entries along with the generated mapping data comprises reporting the set of packet processing stages ([0023]: on the return path, the table can provide a source virtual IP address for mapping the return).
20. Renner shows the method of claim 19, wherein the set of packet processing stages comprises at least one of  	input processing (n/a),  	spoofguard processing (n/a),  	load balancing (n/a),  	ingress network policy processing ([0042]: once the packet is received by the CNI vSwitch on the destination server, the vSwitch can create in-memory registers for a hash of the ingress port, the client IP address, source and destination TCP port),  	egress network policy processing ([0039]: the ToR may then map the intended target service via http2 headers resulting in destination service ip address with the optimal Kubernetes pod and associated Sun IDX, which can subsequently yield the pod's IP address and node location for egress port specification),  	layer 3 (L3) forwarding (n/a),  	layer 2 (L2) forwarding (n/a),  	tunneling (n/a), and  	output processing (n/a).
---------- ---------- ----------
21. Renner shows a non-transitory machine-readable medium storing an agent for execution on a Kubernetes node in a cluster by at least one processing unit (figs. 1 and 2: Sender “Kubernetes” Control Plane), the agent comprising sets of instructions for:  	instructing a forwarding element that also executes on the node to process a flow tracing packet ([0050]: the ToR may further identify that a TCP ACK flag is set. The ToR may also identify the Sun IDX header and query the flow tracking mechanism in memory);  	receiving, from the forwarding element, a message indicating a set of flow entries matched by the flow tracing packet as the forwarding element processes the flow tracing packet ([0055]: on a customized hardware ASIC replacing kernel-based packet processing with a customized hardware network interface card, which can reduce CPU load incurred from existing Linux packet processing interrupt-based means, arbitrary header matching and resulting actions yielding fully controllable steering of packets throughout the cluster);  	for each flow entry of at least a subset of the flow entries matched by the flow tracing packet, generating mapping data that maps elements of the flow entry to Kubernetes concepts implemented in the cluster ([0023]: ToR 22A may install an entry at an index location of a forwarding table; [0039]: the ToR may then map the intended target service via http2 headers resulting in destination service ip address with the optimal Kubernetes pod and associated Sun IDX, which can subsequently yield the pod's IP address and node location for egress port specification); and  	reporting data regarding the set of flow entries along with the generated mapping data ([0023]: on the return path, the table can provide a source virtual IP address for mapping the return).
23. Renner shows the non-transitory machine-readable medium of claim 21, wherein:  	the node is a first node, the agent is a first agent, the forwarding element is a first forwarding element, and the message received from the first forwarding element is a first message ([0008]: upon receipt of the first packet, the system may be configured to use the top of rack router to write an index location that includes an endpoint address readable by the extensible network control plane within the plurality of nodes on a forwarding table and the first data packet, and the first data packet may be routed directly to the endpoint address);  	the first forwarding element, after processing the flow tracing packet, sends the flow tracing packet to a second forwarding element executing on a second node ([0009]: the top of rack router may identify one or more subsequent data packets having one or more flow specific characteristics associated with the first data packet, and write the index location to the one or more subsequent packets without utilizing the forwarding table); and  	the second forwarding element sends a second message to a second agent executing on the second node ([0009]: the system may then forward the one or more subsequent packets to the endpoint address and the flow characteristics may include a hash value common to headers of the data packets of the flow),  	the second message indicating a second set of flow entries matched by the flow tracing packet as the second forwarding element processes the flow tracing packet ([0009]: a hash value of a header of the first data packet may be logged in a register, and the registered hash values may be used to identify the one or more subsequent data packets of the flow; [0010]: the top of rack router may use the forwarding table to identify the first data packet and replace the index location information with original source information, and the first data packet may be forwarded out of the virtual network environment).
25. Renner shows the non-transitory machine-readable medium of claim 21, wherein:  	the set of instructions for generating the mapping data comprises a set of instructions for generating a set of packet processing stages passed by the flow tracing packet;  	the set of instructions for reporting data regarding the set of flow entries along with the generated mapping data comprises a set of instructions for reporting the set of packet processing stages; and  	the set of packet processing stages comprises at least one of  	input processing (n/a),  	spoofguard processing (n/a),  	load balancing (n/a),  	ingress network policy processing ([0042]: once the packet is received by the CNI vSwitch on the destination server, the vSwitch can create in-memory registers for a hash of the ingress port, the client IP address, source and destination TCP port),  	egress network policy processing ([0039]: the ToR may then map the intended target service via http2 headers resulting in destination service ip address with the optimal Kubernetes pod and associated Sun IDX, which can subsequently yield the pod's IP address and node location for egress port specification),  	layer 3 (L3) forwarding (n/a),  	layer 2 (L2) forwarding (n/a),  	tunneling (n/a), and  	output processing (n/a).
---------- ---------- ----------
Allowable Subject Matter
Claims 5 – 8, 10 – 12, 22 and 24 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
---------- ---------- ----------
Conclusion
The prior art made of record is considered pertinent to applicant’s disclosure.
1. Banyai et al, US 2020/0136943 A1: a data management platform that includes a compute server and a storage server wherein the storage server manages a plurality of storage devices that are communicatively coupled to the storage server.
2. Chitalia et al, US 2021/0051100 A1: techniques that include collecting underlay flow data within a network and associating underlay flow data with a source and a destination virtual network to enable insights into network operation and performance.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Xavier Szewai Wong whose telephone number is 571.270.1780. The examiner can normally be reached on 11:30 am - 8:30 pm Mon to Fri.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Rutkowski can be reached on 571.270.1215. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/XAVIER S WONG/Primary Examiner, Art Unit 2415                                                                                                                                                                                                        13th May 2022