DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendments
Claim(s) 1,2,8,9,15 and 16.
Claim(s) 1-20 are pending.
Response to Arguments
Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-2,5-9,12,14-16 and 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kakadia et al. (US 2011/0314119 A1), in view Agarwal et al.  (US 2012/0281706 A1).

Regarding claim 1, Kakadia discloses a method (Kakadia, [0010], discloses methods for massively scalable multilayered load balancing architecture based on integrated control and data plane) comprising:
receiving, at a router of a first network (router 225) of a multi-cloud fabric comprising two or more networks (fig. 2, network of server pool 1 and server pool k) a first data packet from a source end-point group within the first network (Kakadia [0013] discloses when the DNS server receives, from a client (source end-point), a first request for a service, the DNS server identifies a single IP address for the service and provides the client with the single IP address for the service, which is subsequently forwarded together with a second request from the client to a first router connected therewith to request the service;  [0036] When router 225 receives the advertisement information from other routers in the network advertising a service (represented by the fixed VIP address) desired by the client 220, router 225 receives the request and selects a target router (from multiple routers all of which advertise the desired service) to which the service request is to be forwarded. Although a single client is indicated above the process is the same for multiple clients in a client network);
forwarding the first data packet by the router to a service end-point group (Kakadia [0011] discloses a request for service is forwarded to the target router (service end-point group) so that a local server load balancer (SLB) connected with the target router is to identify a target server from the associated server pool to provide the requested service whereby to achieve a second level load balancing; [0036] discloses when router 225 receives the advertisement information from other routers in the network advertising a service (represented by the fixed VIP address) desired by the client 220, router 225 selects a target router (from multiple routers all of which advertise the desired service) to which the service request is to be forwarded…. router 225 may select router 240 as the target router to which the service request is forwarded because server pool 260-k may have a good health condition (e.g., being less loaded) that is more suitable to provide the desired service to client 220 with a better response time);
forwarding the first data packet by the service end-point group to a destination end-point group within a second network (Kakadia [0011] discloses a request for service is forwarded to the target router (service end-point group) so that a local server load balancer (SLB) (destination end-point group) connected with the target router is to identify a target server from the associated server pool to provide the requested service whereby to achieve a second level load balancing; [0036] discloses router 225 may select router 240 as the target router to which the service request is forwarded because server pool 260-k may have a good health condition (e.g., being less loaded) that is more suitable to provide the desired service to client 220 with a better response time….Once the target router is selected, router 225 forwards the service request to the target router, which then forwards the request to the NGSLB connected to it); and
identifying a virtual routing and forwarding instance (VRF) (Kakadia [0007] discloses a client 115 uses an NS record to find the corresponding DNS server (e.g., 110-a) and requests an A record, which resolves a name of the desired service to a virtual IP address. Thus, the GSLB layer 110 resolves a service canonical name to a virtual IP (VIP) address, which corresponds to, in the illustrated scheme, a particular local server load balancer SLB; [0033] also discloses an architecture in which DNS servers, each service corresponds to a fixed virtual IP (VIP) address. This is so even when there are several server pools associated with different NGSLBs. Therefore request/packets are virtually routed/forwarded to service providers using fixed virtual addresses); and
Kakadia did not explicitly disclose receiving, at the service end-point group, a second data packet from the destination end-point group, wherein the second data packet includes one of (i) an identity of the service end-point group or (ii) an address of the source end-point group; forwarding the second data packet by the service end-point group to the router; based on the one of (i) the identity of the service end-point group or (ii) the address of the source end-point group within the second data packet being located within an access list, identifying a virtual routing and forwarding instance (VRF) for the source end-point group for forwarding the second data packet to the source end-point group; and based at least in part on identifying the VRF, forwarding the second data packet by the router to the source end-point group using the VRF.
Agarwal discloses receiving, at the service end-point group (appliance 200) a second data packet (second request) from the destination end-point group (second client device) (Agarwal, fig. 1B, [0010] a first intermediary device 200 receives the second request from the second client device 102b);
wherein the second data packet includes one of (i) an identity of the service end-point group or (ii) an address of the source end-point group (Agarwal [0009-0010] the virtual server received a request from a client on the private network to access the service identified by an internet protocol address or “identity of the service end-point group” of the private network. The first intermediary device transmits via the network bridge responsive to the virtual server, the request to one of the servers of the second set of servers in the cloud network);
forwarding the second data packet by the service end-point group [200] to the router (appliance 200’) (Agarwal, fig. 1B, [0010 & 0110] a first intermediary device 200 transmits via the network bridge responsive to the virtual server, the second request via appliance 200’ to one of the servers of the first set of servers in the private network);
based on the one of (i) the identity of the service end-point group or (ii) the address of the source end-point group within the second data packet being located within an access list (Client 102a … Client 102n) (Agarwal [0014] the second intermediary device receives a response to the request from a server on the cloud network and forwarding the response to the first intermediary device, the response identifying the IP address of the client on the private network (Response identifies the IP address of the specific client among the list of client 102a … client 102n, thus identifying the server (request end-point group) serving the group of clients/ client 102a … client 102n to which the requesting client belongs; [0020] a corresponding virtualized packet processing engine of the second intermediary device receives a response to the request, the response identifying the IP address of the device on the private network. The response will be forwarded to the first intermediary on the source network which will forward the response to the client identified in the response);
identifying a virtual routing and forwarding instance (VRF) for the source end-point group for forwarding the second data packet to the source end-point group (Agarwal [0013] discloses the first intermediary device executes the virtual server to manage the service by load balancing the service across the private network and the cloud network. The first intermediary device executes the virtual server to manage the service by content switching traffic (Virtual routing and forwarding) to the service across the private network and the cloud network. The virtual server identifies that the request matches a listening policy comprising a predetermined virtual local area network (VLAN) identifier); and 
based at least in part on identifying the VRF (Agarwal [0013] discloses the first intermediary device executes the virtual server to manage the service by load balancing the service across the private network and the cloud network. The first intermediary device executes the virtual server to manage the service by content switching traffic (Virtual routing and forwarding) to the service across the private network and the cloud network. The virtual server identifies that the request matches a listening policy comprising a predetermined virtual local area network (VLAN) identifier; [0014] the second intermediary device receives a response to the request from a server on the cloud network and forwarding the response to the first intermediary device, the response identifying the IP address of the client on the private network. The virtual server communicates the response to the client (VRF instance) on the private network); and 
 forwarding the second data packet by the router [200’] to the source end-point group (server 106) using the VRF (Agarwal [0013] discloses the first intermediary device executes the virtual server to manage the service by load balancing the service across the private network and the cloud network. The first intermediary device executes the virtual server to manage the service by content switching traffic (Virtual routing and forwarding) to the service across the private network and the cloud network. The virtual server identifies that the request matches a listening policy comprising a predetermined virtual local area network (VLAN) identifier. The virtual server serving as a router by content switching traffic (Virtual routing and forwarding) to the service across the private network (source end group) and the cloud network (Service end group). Fig. 1B discloses an implementation of virtual routing and forwarding instance where clients on a source/first network send service request through a first network to a first appliance on the source network. The request is forwarded by the first appliance on the source network to a second appliance on a destination/service network through a second network and the second appliance on the destination/service network forwards the request to a server in the destination/service network that is identified in the request. In a similar fashion, responses from the destination/service network traverse through the appliance on the destination/service network to the appliance on the source/client network and routed to the client identified in the response).
One of ordinary skill would have been motivated to combine the teachings of Kakadia, and Agarwal these teachings are from the same field of study in reference to the techniques for routing packets to a destination address.
Therefore, before the effective filing date of the invention, it would have been obvious to a person of ordinary skill in the art to incorporate the strategies by Agarwal into the system by Kakadia thereby provide a cloud bridge to bring network transparency between the otherwise disparate, Agarwal [Abstract].

Regarding claim 2, Kakadia modified by Agarwal disclose the method of claim 1, wherein identifying the VRF and forwarding the second data packet by the router to the source end-point group comprises:
upon receipt at the router of the first data packet from the source end-point group, creating an access list matching the address of the source end-point group and the address of the destination end-point group (Kakadia [0013] discloses for each request (received from a client) one of the advertising routers (one from an access list of routers capable of fulfilling the request) is selected, by the first router, as a target router based, at least in part, on the metrics to achieve a first level load balancing (matching the requesting client to the target router), so that the second request is forwarded to the target router and the server pool associated with the target router is to provide the service; [0050] discloses the persistent session detector 530 determines whether any service request belongs to a persistent session and if it is, stores such information in a persistent session list 535 (creating an access list matching the address of the source end-point group and the address of the destination end-point group). [0052] the server selection mechanism 540 updates, at 680, the persistent session list 535 (access list) so that the next packet of the same service will be handled in a manner consistent with what is required for a persistent session);
based on the access list matching the address of the source end-point group and the address of the destination end-point group, creating a route map identifying the VRF (Kakadia [0040] discloses when a recipient router, such as router 325, receives information from another router advertising a service, it incorporates the received information in a routing table (stores mapping of source end-point group and destination end-point addresses including next hops from source to destination)  in a way so that the recipient router can make a routing decision based on the information incorporate therein. FIG. 3(b) shows an exemplary routing table 370 of router 325 based on which router 325 can select a target router advertising a particular service, based on information incorporated in the table, to route a service request. For example, routing table 370 includes information such as the VIP address of the service advertised (375), the next hop where the advertising router can be reached (380), the network distance to reach the advertising router (385), and health metrics (390), etc.); [0041] From routing table 370, there are two entries related to desired service 1.1.1.1, one is from advertising router 335 with the next hop at 192.168.1.1 and advertising router 340 with the next hop at 172.1.1.1, where the former has a network distance of 1 (hop) and the latter has a network distance of 2 (hops) (number of hops/mapping  of Virtual Internet addresses (VIPs) from a source end-point group to a destination end-point group based on access list matching the source end-point group and the address of the destination end-point group) from router 325),
upon receipt at the router of the second data packet (response) from the service end-point group (server on the cloud network), based at least in part on the address of the source end-point group (IP address of client, thus address of server serving the group of clients identifying the client requesting a service), matching, by the router, the address of the source end-point group in the access list (Agarwal [0014] the second intermediary device receives a response to the request from a server on the cloud network and forwarding the response to the first intermediary device, the response identifying the IP address of the client on the private network (Response identifies the IP address of the requesting client, thus, matching addresses to identify the server (request end-point group) serving the group of clients to which the requesting client belongs). The virtual server communicates the response to the client on the private network);
based at least in part on the matching the address of the source end-point group in the access list, identifying the VRF (Agarwal [0014] the second intermediary device receives a response to the request from a server on the cloud network and forwarding the response to the first intermediary device, the response identifying the IP address of the client on the private network (Response identifies the IP address of the specific client among the list of client 102a … client 102n, thus identifying the server (request end-point group) serving the group of clients/ client 102a … client 102n to which the requesting client belongs; [0020] a corresponding virtualized packet processing engine of the second intermediary device receives a response to the request, the response identifying the IP address of the device on the private network); and
based at least in part on identifying the VRF, forwarding the second data packet by the router to the source end-point group using the VRF (Agarwal [0014] discloses the second intermediary device receives a response to the request from a server on the cloud network and forwarding the response to the first intermediary device, the response identifying the IP address of the client on the private network. The virtual server communicates the response to the client (VRF instance) on the private network. Fig. 1B discloses an implementation of virtual routing and forwarding instance where clients on a source/first network send service request through a first network to a first appliance on the source network. The request is forwarded by the first appliance on the source network to a second appliance on a destination/service network through a second network and the second appliance on the destination/service network forwards the request to a server in the destination/service network that is identified in the request. In a similar fashion, responses from the destination/service network traverse through the appliance on the destination/service network to the appliance on the source/client network and routed to the client identified in the response).
The motivation to combine is similar that of claim 1.

Regarding claim 5, Kakadia modified by Agarwal disclose the method of claim 2, wherein forwarding the second data packet by the router to the source end-point group using the VRF comprises (Agarwal [0014] discloses the second intermediary device receives a response to the request from a server on the cloud network and forwarding the response to the first intermediary device, the response identifying the IP address of the client on the private network. The virtual server communicates the response to the client (VRF instance) on the private network. Thus, the virtual server receives from the first intermediary device/router and forward the response to the client. Fig. 1B discloses an implementation of virtual routing and forwarding instance where clients on a source/first network send service request through a first network to a first appliance on the source network. The request is forwarded by the first appliance on the source network to a second appliance on a destination/service network through a second network and the second appliance on the destination/service network forwards the request to a server in the destination/service network that is identified in the request. In a similar fashion, responses from the destination/service network traverse through the appliance on the destination/service network to the appliance on the source/client network and routed to the client identified in the response):
creating a tunnel interface between the first network and the second network (Agarwal, [0012] discloses the first and second intermediary devices establish the secure IP layer tunnel by establishing IPsec communications over a layer 2 tunnel. In some embodiments, the first and second intermediary devices establish the network bridge to extend a virtual local area network (VLAN) of the private network to the cloud network; fig. 6A, [0244] a cloud bridge 605 which is an element of the Open Cloud Framework of the present solution for building the cloud-extended datacenter. The cloud bridge may comprise a tunnel between the datacenter network via a WAN to the cloud network);
forwarding, from the router via the tunnel interface, the second data packet to the second network (Agarwal [0012] discloses the first and second intermediary devices establish the secure IP layer tunnel by establishing IPsec communications over a layer 2 tunnel. In some embodiments, the first and second intermediary devices establish the network bridge to extend a virtual local area network (VLAN) of the private network to the cloud network; [0014] the second intermediary device receives a response to the request from a server on the cloud network and forwarding the response to the first intermediary device, the response identifying the IP address of the client on the private network. The virtual server/router communicates the response to the client (VRF instance) on the private network. Thus, the response is by the client through the tunnel that is created between the two networks) and
forwarding the second data packet within the second network to the source endpoint group using the VRF (Agarwal [0012] discloses the first and second intermediary devices establish the secure IP layer tunnel by establishing IPsec communications over a layer 2 tunnel. In some embodiments, the first and second intermediary devices establish the network bridge to extend a virtual local area network (VLAN) of the private network to the cloud network; [0014] the second intermediary device receives a response to the request from a server on the cloud network and forwarding the response to the first intermediary device, the response identifying the IP address of the client on the private network. The virtual server (at the VLAN) communicates the response to the client (VRF instance) on the private network. Thus, the virtual server receives from the first intermediary device/router and forward the response to the client. Fig. 1B discloses an implementation of virtual routing and forwarding instance where clients on a source/first network send service request through a first network to a first appliance on the source network. The request is forwarded by the first appliance on the source network to a second appliance on a destination/service network through a second network and the second appliance on the destination/service network forwards the request to a server in the destination/service network that is identified in the request. In a similar fashion, responses from the destination/service network traverse through the appliance on the destination/service network to the appliance on the source/client network and routed to the client identified in the response).
The motivation to combine is similar to that of claim 1.

Regarding claim 6, Kakadia modified by Agarwal disclose the method of claim 5, disclose wherein the first network is a cloud network and the second network is an on-premises network. 
Agarwal discloses wherein the first network is a cloud network and the second network is an on-premises network (Agarwal [0005] discloses providing a cloud bridge to bring network transparency between the otherwise disparate networks of the datacenter and cloud service provider. The present solution creates a cloud bridge between the datacenter network and the cloud provider network such. For example, appliances may be deployed in the datacenter and on the edge of the cloud. These appliances may be configured or designed and constructed to communicate with each other and recognize and understand the local IP and/or public IP network information of the on-premise datacenter of the enterprise and the cloud datacenter. These appliances may manage the flow of network traffic between the on-premise and cloud datacenters in a manner to appear and act seamlessly and transparently as a single network spanning both the on-premise and cloud data centers).
The motivation to combine is similar to that of claim 1.

Regarding claim 7, Kakadia modified by Agarwal disclose the method of claim 1, wherein the service end-point group is a first service end-point group and the method further comprises:
providing a second service end-point group (Kakadia, fig. 2, discloses routers 235 and 240 (First and second service endpoint group) may both advertise the service desired by the client 220 by sending advertisement of the same VIP representing the desired service provided by the server pools associated with NGSLB 250-a and 250-k that are connected to the routers 235 and 240 (First and second service endpoint group), respectively. In sending such advertisement, routers 235 and 240 (First and second service endpoint group) also provide different metrics characterizing the connected NGSLBs. For example, such metrics include information indicating the health condition of the associated server pools 260-a and 260-k. The metrics may also include other conventional types of information such as the network distance represented by, e.g., the number of hops needed to reach the routers);
wherein identifying the VRF comprises identifying the VRF based on whether the router receives the second data packet from the first service end-point group or the second service end-point group (Agarwal [0014] the second intermediary device receives a response to the request from a server on the cloud network and forwarding the response to the first intermediary device, the response identifying the IP address of the client on the private network (Response identifies the IP address of the requesting client, thus identifying the server (request end-point group) serving the group of clients to which the requesting client belongs. Fig. 1B discloses an implementation of virtual routing and forwarding instance where clients on a source/first network send service request through a first network to a first appliance on the source network. The request is forwarded by the first appliance on the source network to a second appliance on a destination/service network through a second network and the second appliance on the destination/service network forwards the request to a server in the destination/service network that is identified in the request. In a similar fashion, responses from the destination/service network traverse through the appliance on the destination/service network to the appliance on the source/client network and routed to the client identified in the response).
The motivation to combine is similar to that of claim 1. 
Regarding claims 8-9 and 12 - 14, see similar rejections of claims 1-2 and 5 - 7, respectively, where the system is taught by the method.
Regarding claims 15-16 and 19-20, see similar rejections of claims 1-2, 5 and 7, respectively, where the medium is taught by the method.

Claim 3-4,10-11 and 17-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kakadia et al. (US 2011/0314119 A1), in view Agarwal et al.  (US 2012/0281706 A1), further in view of Hooda et al. (US 2018/0159957 A1).

Regarding claim 3, Kakadia and Agarwal disclose the method of claim 2, wherein forwarding the second data packet by the router to the source end-point group using the VRF comprises:
Kakadia and Agarwal did not explicitly disclose automatically forwarding the second data packet by the router to the source endpoint group based on virtual extensible local access network (VxLAN) encapsulation.
Hooda discloses automatically forwarding the second data packet by the router to the source endpoint group based on virtual extensible local access network (VxLAN) encapsulation (Hooda [0040] discloses it has been proposed to advertise the route with a new EVPN BGP extended community attribute called "Router's MAC Extended Community" carrying the router MAC of a router that hosts the underlay tunnel endpoint specified in the Next Hop field. The router MAC is then used as the inner destination MAC of a VXLAN encapsulated packet; [0042] Multitenancy is an important feature for IP fabric. Tenant traffic is either switched or routed over the IP fabric, encapsulated with VXLAN segment IDs…. The IP packets of a tenant may be forwarded over the IP fabric based on lookups in its VRF. Each VRF is associated with a layer 3 ("L3") segment ID, which is used to encapsulate traffic routed over the fabric).
One of ordinary skill would have been motivated to combine the teachings of Kakadia, Agarwal and Hooda because these teachings are from the same field of study in reference to the techniques for routing packets to a destination address.
Therefore, before the effective filing date of the invention, it would have been obvious to a person of ordinary skill in the art to incorporate the strategies by Hooda into the system by Kakadia and Agarwal, thereby applying a client-specific policy on the packet based, at least in part, on the context information; and forwarding the packet to a next hop in the network, Hooda, [Abstract].

Regarding claim 4, Kakadia, Agarwal and Hooda disclose the method of claim 3, but did not explicitly disclose wherein the first network is a cloud network and the second network is an on-premises network.
Agarwal discloses wherein the first network is a cloud network and the second network is an on-premises network (Agarwal [0005] discloses providing a cloud bridge to bring network transparency between the otherwise disparate networks of the datacenter and cloud service provider. The present solution creates a cloud bridge between the datacenter network and the cloud provider network such. For example, appliances may be deployed in the datacenter and on the edge of the cloud. These appliances may be configured or designed and constructed to communicate with each other and recognize and understand the local IP and/or public IP network information of the on-premise datacenter of the enterprise and the cloud datacenter. These appliances may manage the flow of network traffic between the on-premise and cloud datacenters in a manner to appear and act seamlessly and transparently as a single network spanning both the on-premise and cloud data centers).
The motivation to combine is similar to that of claim 3.

Regarding claim 10, see similar rejections of claims 3, where the system is taught by the method.
Regarding claim 11, see similar rejections of claim 4, where the system is taught by the method.
Regarding claim 17, see similar rejections of claim 3, where the medium is taught by the method.
Regarding claim 18, see similar rejections of claim 4, where the medium is taught by the method.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following publications show the state of the art related to virtual routing and forwarding for paths through multi-cloud fabrics that utilize shared services.
Kim et al. (US 2013/0142201 A1).
Sinha et al. (US 2017/0324660 A1).
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DIXON F DABIPI whose telephone number is (571)270-3673. The examiner can normally be reached 8:30 -5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Christopher L Parry can be reached on 571-272-8328. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/D.F.D/Examiner, Art Unit 2451                                                                                                                                                                                                        
/Chris Parry/Supervisory Patent Examiner, Art Unit 2451