DETAILED ACTION
This Office Action is in response to the Application Ser. No. 17/241,963 filed on April 27, 2021. The preliminary amendment filed September 1, 2021, has been entered. Claims 1 and 7 are currently amended. New claims 8-20 are added. Claims 1-20 are pending and are examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Priority
Acknowledgment is made of applicant’s claim for domestic priority as a divisional application under 35 U.S.C. 121 based on Non-Provisional Application Ser. No. 16/141,502 filed on September 25, 2018.

Drawings
The drawings were received on April 27, 2021.  These drawings are accepted.

Claim Objections
Claims 1, 2, 8, 9 and 16 are objected to because of the following informalities:
regarding Claim 1, a colon should be added in line 5 after the phrase “cause the computing system to”, and the commas in lines 9 and 12 should be replaced with semicolons, respectively;
regarding Claim 2, the phrase “overlapping IP (Internet Protocol) addresses” recited in line 4 should be “overlapping Internet Protocol (IP) addresses”;
regarding Claim 8, the comma in line 8 should be replaced with a semicolon and a period should be added at the end of line 12, respectively;
  regarding Claim 9, the phrase “overlapping IP (Internet Protocol) addresses” recited in lines 3-4 should be “overlapping Internet Protocol (IP) addresses”; and
regarding Claim 16, the phrase “overlapping IP (Internet Protocol) addresses” recited in line 4 should be “overlapping Internet Protocol (IP) addresses”.
Appropriate correction is required.

Claim Rejections - 35 USC § 112(b)
The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.



Claims 6, 7, 13, 14 and 20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Claim 6 recites the limitation “in which networking policy is tied to discrete computing workloads that are processed by the network switch for a virtual machine, in which the network switch is a virtual switch that includes programmatically managed extensible capabilities, and which connects to the plurality of network containers and to underlying physical network infrastructure, the extensible capabilities at least including a virtual filtering platform that performs the processing using one or more match action tables” in lines 1-6. The relationship between “a virtual machine” recited in line 2 of Claim 6 and “a virtual machine” introduced in line 6 of Claim 1 is unclear, rendering the claim indefinite.
For examination purposes, the term “a virtual machine” recited in line 2 of Claim 6 is interpreted as “the virtual machine”.

Insofar as they recite similar claim elements, Claims 13 and 20 are rejected for substantially the same reasons presented above with respect to Claim 6.

Claim 7 recites the limitation “in which the processing comprises evaluating a state of data packets comprising the workload to enforce networking policies per network container rather than per virtual machine, in which the networking policies are expressed using one or more rules for one of access control, metering, routing, tunneling, filtering, address translation, encryption, decryption, encapsulation, de-encapsulation, or quality of service” in lines 1-6. The relationship between “data packets comprising the workload” recited in line 2 of Claim 7 and “data packets in the computing workloads” recited in lines 15-16 of Claim 1 is unclear, rendering the claim indefinite. Specifically, it is unclear whether a distinction should be drawn between the terms or whether they are being used interchangeably to refer to the same element.
For examination purposes, the term “a state of data packets comprising the workload” recite in line 2 of Claim 7 is interpreted as “a state of the data packets in the computing workloads”.

Insofar as it recites similar claim elements, Claim 14 is rejected for substantially the same reasons presented above with respect to Claim 7.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 1-3, 5-10, 12-17, 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Garg et al., Pub. No. US 2015/0082301 A1, hereby “Garg”, in view of the paper authored by Firestone, titled “VFP: A Virtual Switch Platform for Host SDN in the Public Cloud”.

Regarding Claim 1, Garg discloses “A computing system (Garg fig. 3 and paragraph 38: host computing device 302), comprising:
one or more processors (Garg figs. 3 and 7 and paragraphs 38 and 57-60: processing system 704 comprising hardware elements 710, e.g., one or more processors); and
at least one hardware-based non-transitory computer-readable memory having computer-executable instructions stored thereon (Garg figs. 3 and 7 and paragraphs 38 and 57-60: computer-readable media 706 comprising memory/storage 712, e.g., at least one hardware-based non-transitory computer-readable memory) which, when executed by the one or more processors, cause the computing system to
implement a virtual machine on which a plurality of network containers is instantiated, each of the network containers encapsulating networking policies applicable to computing workloads hosted on the virtual machine, in which the computing workloads are mapped to respective network containers (Garg fig. 3 and paragraphs 39, 41 and 43-45: virtual machine 304 comprises a plurality of routing compartments 212, i.e., network containers, wherein “the routing compartments enable configuration and management or various network communication related policies, rules, and controls on an individual per compartment and/or per tenant basis. Thus, different compartments of the multi-tenant virtual machine may implement different policies, rules and controls for handling and routing network traffic.”),
associate each of the plurality of network containers with a single network interface controller (NIC) on the virtual machine, the NIC being configured to interface with a network switch (Garg fig. 3 and paragraph 40: each of the routing compartments 212 is associated with the same vNIC 312, i.e., a single NIC on virtual machine 304, that interfaces with vSwitch 318, i.e., a network switch)”.
	However, while Garg discloses that the virtual switch is extensible to enable a multi-tenant network stack (Garg paragraph 30), and further discloses that different compartments of the multi-tenant virtual machine may implement different policies, rules and controls for handling and routing network traffic (Garg paragraph 45), Garg does not explicitly disclose “at the network switch, process the computing workloads for each network container to enforce the networking policies using independent datapaths on the virtual machine, the processing including matching data packets in the computing workloads to one or more rules that express the networking policies.”
	In the same field of endeavor, Firestone discloses a virtual filtering platform (VFP) operating on top of a Hyper-V Extensible Switch that is connected to a plurality of virtual NICs via a plurality of ports, wherein network traffic to and from each port is processed using an independent datapath comprising match action tables that implement the network policy for the associated port (Firestone fig. 1 and § “3.2 VFP Design”, “4. Filtering Model” and “5. Programming Model”: “VFP’s policy is implemented on a per-port basis – each port has match action tables which can sit on the inbound or outbound path of the port, acting as filters.”).
It would have been obvious to one of ordinary skill in the art at the time of the effective filing to modify the system of Garg to associate each routing compartment with a particular port on the vSwitch and to enforce network policy or rules of the routing compartments on the vSwitch using match action tables associated with the respective ports as taught by Firestone because doing so constitutes applying a known technique (implementing networking policy on a per-port basis within an extensible vSwitch) to known devices and/or methods (an extensible vSwitch) ready for improvement to yield predictable and desirable results (enforcement of the policies, rules and controls for handling and routing traffic on a per compartment and/or per tenant basis). See KSR International Co. v. Teleflex Inc., 82 USPQ2d 1385 (U.S. 2007).

Regarding Claim 2, the combination of Garg and Firestone discloses all of the limitations of Claim 1.
Additionally, Garg discloses “in which each network container is associated with a different virtual network so that the virtual machine can belong to multiple virtual networks using the single NIC, and wherein the network containers may utilize overlapping IP (Internet Protocol) addresses (Garg figs. 2 and 3 and paragraphs 23, 29-30, 36-42: each routing compartment 212 is associated with a virtual network that is supported by the single instance of multiple-tenant virtual machine 304 - while the utilization of overlapping IP addresses is not required by the claim, it is understood by one of ordinary skill in the art that the VSIDs or VLAN IDs used to identify network traffic associated with a particular routing compartments or tenant would enable one or more routing compartments to utilize the same IP address).”

Regarding Claim 3, the combination of Garg and Firestone discloses all of the limitations of Claim 1.
Additionally, Garg discloses “in which the network containers are associated with a plurality of tenants of the virtual machine to thereby implement multi-tenancy on the virtual machine, wherein each of the independent datapaths is associated with a respective different tenant (Garg figs. 2 and 3 and paragraphs 23, 29-30, 36-41: “The routing compartments 212, interfaces 308, and mapping information implemented via the framing layer 210 establish a mechanism to handle I/O within the context of a particular virtual network/routing domain and in isolation from traffic associated with other tenants/domains served by the multitenant virtual machine 304”).

Regarding Claim 5, the combination of Garg and Firestone discloses all of the limitations of Claim 1.
Additionally, Garg discloses “in which at least one of the network containers is utilized for a current virtual network, and at least one of the network containers is utilized as a pre-provisioned virtual network (Garg fig. 3 and paragraphs 39-43: routing compartment A 212(1), i.e., a network container utilized for a current virtual network, and default routing compartment 212(n), i.e., a network container utilized for a pre-provisioned virtual network).”

Regarding Claim 6, the combination of Garg and Firestone discloses all of the limitations of Claim 1.
Additionally, Garg discloses “in which networking policy is tied to discrete computing workloads that are processed by the network switch for a virtual machine, in which the network switch is a virtual switch that includes programmatically managed extensible capabilities, and which connects to the plurality of network containers and to underlying physical network infrastructure... (Garg figs. 2 and 3 and paragraphs 29-30, 39-41 and 44-45: vSwitch 318, which connects routing compartments 212 to the underlying physical network, is extensible and routes network traffic associated with a particular routing compartment 212 in isolation from traffic associated with other routing compartments, allowing enforcement policies, rules and controls on a per compartment and/or per tenant basis based on the isolation identifiers associated with the network traffic).”
However, while Garg discloses that the virtual switch is extensible to enable a multi-tenant network stack (Garg paragraph 30), and further discloses that different compartments of the multi-tenant virtual machine may implement different policies, rules and controls for handling and routing network traffic (Garg paragraph 45), Garg does not explicitly disclose “in which networking policy is tied to discrete computing workloads that are processed by the network switch for a virtual machine, in which the network switch is a virtual switch that includes programmatically managed extensible capabilities, and which connects to the plurality of network containers and to underlying physical network infrastructure, the extensible capabilities at least including a virtual filtering platform that performs the processing using one or more match action tables(  (emphasis added).”
	In the same field of endeavor, Firestone discloses a virtual filtering platform (VFP) operating on top of a Hyper-V Extensible Switch filters network traffic to and from VNICs connected via a plurality of ports, wherein network policy is implemented on a per-port basis as layers of match action tables that filter and modify packets associated with the respective port (Firestone fig. 1 and § “3.2 VFP Design”, “4. Filtering Model” and “5. Programming Model”: “VFP’s policy is implemented on a per-port basis – each port has match action tables which can sit on the inbound or outbound path of the port, acting as filters.”).
It would have been obvious to one of ordinary skill in the art at the time of the effective filing to modify the system of Garg to associate each routing compartment with a particular port on the vSwitch and to enforce network policy or rules of the routing compartments on the vSwitch using match action tables associated with the respective ports as taught by Firestone for the reasons set forth in the rejection of Claim 1.

Regarding Claim 7, the combination of Garg and Firestone discloses all of the limitations of Claim 1.
Additionally, Garg discloses “in which the processing comprises evaluating a state of data packets comprising the workload to enforce networking policies per network container rather than per virtual machine in which the networking policies are expressed using one or more rules for one of access control, metering, routing, tunneling, filtering, address translation, encryption, decryption, encapsulation, de-encapsulation, or quality of service. (Garg figs. 2 and 3 and paragraphs 29-30, 39-41 and 44-45: vSwitch 318 is extensible and uses isolation identifiers, such as VLAN IDs, to route network traffic associated with a particular routing compartment 212 in isolation from traffic associated with other routing compartments, allowing enforcement policies, rules and controls on a per compartment and/or per tenant basis, wherein the policies, rules and controls may comprise bandwidth control policies, QoS features, security policies, traffic isolation policies and network monitoring policies)”.

Insofar as it recites similar claim elements, Claim 8 is rejected for substantially the same reasons presented above with respect to Claim 1.
Additionally, Garg discloses “A method... (Garg paragraphs 3 and 36: a method for providing network services to multiple tenants using a single virtual machine)”.

Insofar as it recites similar claim elements, Claim 9 is rejected for substantially the same reasons presented above with respect to Claim 2.

Insofar as it recites similar claim elements, Claim 10 is rejected for substantially the same reasons presented above with respect to Claim 3.

Insofar as it recites similar claim elements, Claim 12 is rejected for substantially the same reasons presented above with respect to Claim 5.

Insofar as it recites similar claim elements, Claim 13 is rejected for substantially the same reasons presented above with respect to Claim 6.

Insofar as it recites similar claim elements, Claim 14 is rejected for substantially the same reasons presented above with respect to Claim 7.

Insofar as it recites similar claim elements, Claim 15 is rejected for substantially the same reasons presented above with respect to Claim 1.
Additionally, Garg discloses “One or more hardware-based non-transitory computer readable memory devices storing computer-executable instructions... (Garg paragraphs 3, 36, 63-64 and 67: a computer-readable storage media comprising instructions implementing a method for providing network services to multiple tenants using a single virtual machine)”.

Insofar as it recites similar claim elements, Claim 16 is rejected for substantially the same reasons presented above with respect to Claim 2.

Insofar as it recites similar claim elements, Claim 17 is rejected for substantially the same reasons presented above with respect to Claim 3.

Insofar as it recites similar claim elements, Claim 19 is rejected for substantially the same reasons presented above with respect to Claim 5.

Insofar as it recites similar claim elements, Claim 20 is rejected for substantially the same reasons presented above with respect to Claim 6.


Allowable Subject Matter
Claims 4, 11 and 18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
A shortened statutory period for reply to this action is set to expire THREE MONTHS from the mailing date of this action. An extension of time may be obtained under 37 CFR 1.136(a). However, in no event, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this action.
 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM C MCBETH whose telephone number is (571)270-0495.  The examiner can normally be reached on Monday - Friday, 8:00AM - 4:30PM ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vivek Srivastava can be reached on 571-272-7304.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/WILLIAM C MCBETH/Examiner, Art Unit 2449                                                                                                                                                                                                        
/VIVEK SRIVASTAVA/Supervisory Patent Examiner, Art Unit 2449