DETAILED ACTION
Claims 1-21 have been canceled. Claims 22-40 have been examined. Claims 22-40 have been rejected.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 22-28, 30-38, and 40 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 5, 6, and 8 of U.S. Patent No. 10,778,579. Although the claims at issue are not identical, they are not patentably distinct from each other because:

17/020,713
US 10,778,579
22. (New) A method for providing a service for data messages exchanged between machines in a virtual private cloud (VPC) in a public cloud, the method comprising: establishing first and second VPCs for first and second tenants in the public cloud; configuring a first router for the first VPC and a second router for the second VPC respectively to connect a set of machines in each VPC; configuring each VPC's router to direct, through at least one logical interface (LIF) of the router, a subset of data messages exchanged between the VPC's machines to a shared network of the public cloud; and configuring the shared network to forward the data messages received from each VPC- router LIF to a common set of service machines that are deployed in a service VPC for use by multiple tenant VPCs, the set of service machines performing a set of one or more services on a particular received data message and providing the particular data message back to the shared network to forward the particular data message to the VPC router that provided the particular data message for the VPC router to forward the particular data message to a destination machine in the VPC.
1. A method for providing a service for data messages exchanged between machines in each of a plurality of virtual private clouds (VPCs) in a public cloud, the method comprising: for each of at least two VPCs using one set of one or more service machines: establishing a logical overlay network on top of an underlay network of the public cloud, the logical overlay network comprising a logical router for connecting at least two logical subnets of the logical overlay network, at least two logical switches each connecting a different set of machines in the VPC that are part of one subnet of the logical overlay network; configuring at least one logical interface (LIF) of the logical router to direct, to a forwarding element of the underlay network, a subset of data messages with logical destination addresses that are stored in headers of the data messages with a set of other network addresses defined in a logical address space of the logical overlay network, and that identify the destination machines in the VPC; and configuring the underlay-network forwarding element to forward data messages received from the LIF to the set of service machines when the data messages are from the VPC and have destination addresses that fall within at least a subset of addresses in the logical address space, the service machine set residing outside of the logical overlay network (i) to perform a set of one or more services on the data messages and (ii) to provide processed data messages to a gateway to forward the data messages back to the logical overlay network for forwarding the data messages to destination machines that are addressed by the processed data messages.
23. (New) The method of claim 22, wherein configuring the shared network comprises configuring at least one downlink gateway of the public cloud to forward the subset of data messages forwarded by at least one VPC router to the set of service machines.
1. A method for providing a service for data messages exchanged between machines in each of a plurality of virtual private clouds (VPCs) in a public cloud, the method comprising: for each of at least two VPCs using one set of one or more service machines: establishing a logical overlay network on top of an underlay network of the public cloud, the logical overlay network comprising a logical router for connecting at least two logical subnets of the logical overlay network, at least two logical switches each connecting a different set of machines in the VPC that are part of one subnet of the logical overlay network; configuring at least one logical interface (LIF) of the logical router to direct, to a forwarding element of the underlay network, a subset of data messages with logical destination addresses that are stored in headers of the data messages with a set of other network addresses defined in a logical address space of the logical overlay network, and that identify the destination machines in the VPC; and configuring the underlay-network forwarding element to forward data messages received from the LIF to the set of service machines when the data messages are from the VPC and have destination addresses that fall within at least a subset of addresses in the logical address space, the service machine set residing outside of the logical overlay network (i) to perform a set of one or more services on the data messages and (ii) to provide processed data messages to a gateway to forward the data messages back to the logical overlay network for forwarding the data messages to destination machines that are addressed by the processed data messages.
24. (New) The method of claim 23, wherein the downlink gateway forwards to the set of service machines the subset of data messages that it receives from each of at least two configured routers for each of at least two VPCs.
1. A method for providing a service for data messages exchanged between machines in each of a plurality of virtual private clouds (VPCs) in a public cloud, the method comprising: for each of at least two VPCs using one set of one or more service machines: establishing a logical overlay network on top of an underlay network of the public cloud, the logical overlay network comprising a logical router for connecting at least two logical subnets of the logical overlay network, at least two logical switches each connecting a different set of machines in the VPC that are part of one subnet of the logical overlay network; configuring at least one logical interface (LIF) of the logical router to direct, to a forwarding element of the underlay network, a subset of data messages with logical destination addresses that are stored in headers of the data messages with a set of other network addresses defined in a logical address space of the logical overlay network, and that identify the destination machines in the VPC; and configuring the underlay-network forwarding element to forward data messages received from the LIF to the set of service machines when the data messages are from the VPC and have destination addresses that fall within at least a subset of addresses in the logical address space, the service machine set residing outside of the logical overlay network (i) to perform a set of one or more services on the data messages and (ii) to provide processed data messages to a gateway to forward the data messages back to the logical overlay network for forwarding the data messages to destination machines that are addressed by the processed data messages.
25. (New) The method of claim 22, wherein the set of service machines processes each data message forwarded by the shared network from each VPC router.
1. A method for providing a service for data messages exchanged between machines in each of a plurality of virtual private clouds (VPCs) in a public cloud, the method comprising: for each of at least two VPCs using one set of one or more service machines: establishing a logical overlay network on top of an underlay network of the public cloud, the logical overlay network comprising a logical router for connecting at least two logical subnets of the logical overlay network, at least two logical switches each connecting a different set of machines in the VPC that are part of one subnet of the logical overlay network; configuring at least one logical interface (LIF) of the logical router to direct, to a forwarding element of the underlay network, a subset of data messages with logical destination addresses that are stored in headers of the data messages with a set of other network addresses defined in a logical address space of the logical overlay network, and that identify the destination machines in the VPC; and configuring the underlay-network forwarding element to forward data messages received from the LIF to the set of service machines when the data messages are from the VPC and have destination addresses that fall within at least a subset of addresses in the logical address space, the service machine set residing outside of the logical overlay network (i) to perform a set of one or more services on the data messages and (ii) to provide processed data messages to a gateway to forward the data messages back to the logical overlay network for forwarding the data messages to destination machines that are addressed by the processed data messages.
26. (New) The method of claim 22 further configuring a VPC gateway of each VPC to forward data messages processed by the set of service machines to the VPC's configured router.
1. A method for providing a service for data messages exchanged between machines in each of a plurality of virtual private clouds (VPCs) in a public cloud, the method comprising: for each of at least two VPCs using one set of one or more service machines: establishing a logical overlay network on top of an underlay network of the public cloud, the logical overlay network comprising a logical router for connecting at least two logical subnets of the logical overlay network, at least two logical switches each connecting a different set of machines in the VPC that are part of one subnet of the logical overlay network; configuring at least one logical interface (LIF) of the logical router to direct, to a forwarding element of the underlay network, a subset of data messages with logical destination addresses that are stored in headers of the data messages with a set of other network addresses defined in a logical address space of the logical overlay network, and that identify the destination machines in the VPC; and configuring the underlay-network forwarding element to forward data messages received from the LIF to the set of service machines when the data messages are from the VPC and have destination addresses that fall within at least a subset of addresses in the logical address space, the service machine set residing outside of the logical overlay network (i) to perform a set of one or more services on the data messages and (ii) to provide processed data messages to a gateway to forward the data messages back to the logical overlay network for forwarding the data messages to destination machines that are addressed by the processed data messages.
27. (New) The method of claim 26, wherein configuring the shared network comprises configuring at least one uplink gateway of the public cloud to forward data messages of at least one VPC that are processed by the set of service machines to the VPC's configured router.
1. A method for providing a service for data messages exchanged between machines in each of a plurality of virtual private clouds (VPCs) in a public cloud, the method comprising: for each of at least two VPCs using one set of one or more service machines: establishing a logical overlay network on top of an underlay network of the public cloud, the logical overlay network comprising a logical router for connecting at least two logical subnets of the logical overlay network, at least two logical switches each connecting a different set of machines in the VPC that are part of one subnet of the logical overlay network; configuring at least one logical interface (LIF) of the logical router to direct, to a forwarding element of the underlay network, a subset of data messages with logical destination addresses that are stored in headers of the data messages with a set of other network addresses defined in a logical address space of the logical overlay network, and that identify the destination machines in the VPC; and configuring the underlay-network forwarding element to forward data messages received from the LIF to the set of service machines when the data messages are from the VPC and have destination addresses that fall within at least a subset of addresses in the logical address space, the service machine set residing outside of the logical overlay network (i) to perform a set of one or more services on the data messages and (ii) to provide processed data messages to a gateway to forward the data messages back to the logical overlay network for forwarding the data messages to destination machines that are addressed by the processed data messages.
5. The method of claim 3 further comprising configuring at least one uplink interface of the service machine set to provide the processed data messages to the underlay network when the data messages have destination addresses that fall within at least the subset of addresses in the logical address space.
28. (New) The method of claim 27, wherein the uplink gateway of the public cloud is configured to forward data messages of at least two VPCs that are processed by the set of service machines to at least two configured routers of the two VPCs.
1. A method for providing a service for data messages exchanged between machines in each of a plurality of virtual private clouds (VPCs) in a public cloud, the method comprising: for each of at least two VPCs using one set of one or more service machines: establishing a logical overlay network on top of an underlay network of the public cloud, the logical overlay network comprising a logical router for connecting at least two logical subnets of the logical overlay network, at least two logical switches each connecting a different set of machines in the VPC that are part of one subnet of the logical overlay network; configuring at least one logical interface (LIF) of the logical router to direct, to a forwarding element of the underlay network, a subset of data messages with logical destination addresses that are stored in headers of the data messages with a set of other network addresses defined in a logical address space of the logical overlay network, and that identify the destination machines in the VPC; and configuring the underlay-network forwarding element to forward data messages received from the LIF to the set of service machines when the data messages are from the VPC and have destination addresses that fall within at least a subset of addresses in the logical address space, the service machine set residing outside of the logical overlay network (i) to perform a set of one or more services on the data messages and (ii) to provide processed data messages to a gateway to forward the data messages back to the logical overlay network for forwarding the data messages to destination machines that are addressed by the processed data messages.
6. The method of claim 1, wherein the gateway is an underlay network gateway, the method further comprising configuring an underlay network gateway to provide the data message from the service machine uplink interface to a tenant gateway to forward processed data messages to the logical overlay network.
30. (New) The method of claim 29, wherein the network for each tenant's VPC is a logical network defined over the shared network of the public cloud.
1. A method for providing a service for data messages exchanged between machines in each of a plurality of virtual private clouds (VPCs) in a public cloud, the method comprising: for each of at least two VPCs using one set of one or more service machines: establishing a logical overlay network on top of an underlay network of the public cloud, the logical overlay network comprising a logical router for connecting at least two logical subnets of the logical overlay network, at least two logical switches each connecting a different set of machines in the VPC that are part of one subnet of the logical overlay network; configuring at least one logical interface (LIF) of the logical router to direct, to a forwarding element of the underlay network, a subset of data messages with logical destination addresses that are stored in headers of the data messages with a set of other network addresses defined in a logical address space of the logical overlay network, and that identify the destination machines in the VPC; and configuring the underlay-network forwarding element to forward data messages received from the LIF to the set of service machines when the data messages are from the VPC and have destination addresses that fall within at least a subset of addresses in the logical address space, the service machine set residing outside of the logical overlay network (i) to perform a set of one or more services on the data messages and (ii) to provide processed data messages to a gateway to forward the data messages back to the logical overlay network for forwarding the data messages to destination machines that are addressed by the processed data messages.
31. (New) The method of claim 30, wherein the logical network for each VPC includes at least one logical router and at least one logical switch.
1. A method for providing a service for data messages exchanged between machines in each of a plurality of virtual private clouds (VPCs) in a public cloud, the method comprising: for each of at least two VPCs using one set of one or more service machines: establishing a logical overlay network on top of an underlay network of the public cloud, the logical overlay network comprising a logical router for connecting at least two logical subnets of the logical overlay network, at least two logical switches each connecting a different set of machines in the VPC that are part of one subnet of the logical overlay network; configuring at least one logical interface (LIF) of the logical router to direct, to a forwarding element of the underlay network, a subset of data messages with logical destination addresses that are stored in headers of the data messages with a set of other network addresses defined in a logical address space of the logical overlay network, and that identify the destination machines in the VPC; and configuring the underlay-network forwarding element to forward data messages received from the LIF to the set of service machines when the data messages are from the VPC and have destination addresses that fall within at least a subset of addresses in the logical address space, the service machine set residing outside of the logical overlay network (i) to perform a set of one or more services on the data messages and (ii) to provide processed data messages to a gateway to forward the data messages back to the logical overlay network for forwarding the data messages to destination machines that are addressed by the processed data messages.
32. (New) A non-transitory machine readable medium storing a program for providing a service for data messages exchanged between machines in a virtual private cloud (VPC) in a public cloud, the program for execution by at least one processing unit of a computer, the program comprising sets of instructions for: establishing first and second VPCs for first and second tenants in the public cloud; configuring a first router for the first VPC and a second router for the second VPC respectively to connect a set of machines in each VPC; configuring each VPC's router to direct, through at least one logical interface (LIF) of the router, a subset of data messages exchanged between the VPC's machines to a shared network of the public cloud; and configuring the shared network to forward the data messages received from each VPC- router LIF to a common set of service machines that are deployed in a service VPC for use by multiple tenant VPCs, the set of service machines performing a set of one or more services on a particular received data message and providing the particular data message back to the shared network to forward the particular data message to the VPC router that provided the particular data message for the VPC router to forward the particular data message to a destination machine in the VPC.
8. A non-transitory machine readable medium storing a program for providing a service for data messages exchanged between machines in each of a plurality of virtual private clouds (VPCs) in a public cloud, the program for execution by at least one processing unit of a computer, the program comprising sets of instructions for: for each of at least two VPCs using one set of one or more service machines: establishing a logical overlay network on top of an underlay network of the public cloud, the logical overlay network comprising a logical router for connecting at least two logical subnets of the logical overlay network, at least two logical switches each connecting a different set of machines in the VPC that are part of one subnet of the logical overlay network; configuring at least one logical interface (LIF) of the logical router to direct, to a forwarding element of the underlay network, a subset of data messages with logical destination addresses that are stored in headers of the data messages with a set of other network addresses defined in a logical address space of the logical overlay network, and that identify the destination machines in the VPC; and configuring the underlay-network forwarding element to forward data messages received from the LIF to the set of service machines when the data messages are from the VPC and have destination addresses that fall within at least a subset of addresses in the logical address space, the service machine set residing outside of the logical overlay network (i) to perform a set of one or more services on the data messages and (ii) to provide processed data messages to a gateway to forward the data messages back to the logical overlay network for forwarding the data messages to destination machines that are addressed by the processed data messages.
33. (New) The non-transitory machine readable medium of claim 32, wherein the set of instructions for configuring the shared network comprises a set of instructions for configuring at least one downlink gateway of the public cloud to forward the subset of data messages forwarded by at least one VPC router to the set of service machines.
8. A non-transitory machine readable medium storing a program for providing a service for data messages exchanged between machines in each of a plurality of virtual private clouds (VPCs) in a public cloud, the program for execution by at least one processing unit of a computer, the program comprising sets of instructions for: for each of at least two VPCs using one set of one or more service machines: establishing a logical overlay network on top of an underlay network of the public cloud, the logical overlay network comprising a logical router for connecting at least two logical subnets of the logical overlay network, at least two logical switches each connecting a different set of machines in the VPC that are part of one subnet of the logical overlay network; configuring at least one logical interface (LIF) of the logical router to direct, to a forwarding element of the underlay network, a subset of data messages with logical destination addresses that are stored in headers of the data messages with a set of other network addresses defined in a logical address space of the logical overlay network, and that identify the destination machines in the VPC; and configuring the underlay-network forwarding element to forward data messages received from the LIF to the set of service machines when the data messages are from the VPC and have destination addresses that fall within at least a subset of addresses in the logical address space, the service machine set residing outside of the logical overlay network (i) to perform a set of one or more services on the data messages and (ii) to provide processed data messages to a gateway to forward the data messages back to the logical overlay network for forwarding the data messages to destination machines that are addressed by the processed data messages.
34. (New) The non-transitory machine readable medium of claim 33, wherein the downlink gateway forwards to the set of service machines the subset of data messages that it receives from each of at least two configured routers for each of at least two VPCs.
8. A non-transitory machine readable medium storing a program for providing a service for data messages exchanged between machines in each of a plurality of virtual private clouds (VPCs) in a public cloud, the program for execution by at least one processing unit of a computer, the program comprising sets of instructions for: for each of at least two VPCs using one set of one or more service machines: establishing a logical overlay network on top of an underlay network of the public cloud, the logical overlay network comprising a logical router for connecting at least two logical subnets of the logical overlay network, at least two logical switches each connecting a different set of machines in the VPC that are part of one subnet of the logical overlay network; configuring at least one logical interface (LIF) of the logical router to direct, to a forwarding element of the underlay network, a subset of data messages with logical destination addresses that are stored in headers of the data messages with a set of other network addresses defined in a logical address space of the logical overlay network, and that identify the destination machines in the VPC; and configuring the underlay-network forwarding element to forward data messages received from the LIF to the set of service machines when the data messages are from the VPC and have destination addresses that fall within at least a subset of addresses in the logical address space, the service machine set residing outside of the logical overlay network (i) to perform a set of one or more services on the data messages and (ii) to provide processed data messages to a gateway to forward the data messages back to the logical overlay network for forwarding the data messages to destination machines that are addressed by the processed data messages.
35. (New) The non-transitory machine readable medium of claim 32, wherein the set of service machines processes each data message forwarded by the shared network from each VPC router.
8. A non-transitory machine readable medium storing a program for providing a service for data messages exchanged between machines in each of a plurality of virtual private clouds (VPCs) in a public cloud, the program for execution by at least one processing unit of a computer, the program comprising sets of instructions for: for each of at least two VPCs using one set of one or more service machines: establishing a logical overlay network on top of an underlay network of the public cloud, the logical overlay network comprising a logical router for connecting at least two logical subnets of the logical overlay network, at least two logical switches each connecting a different set of machines in the VPC that are part of one subnet of the logical overlay network; configuring at least one logical interface (LIF) of the logical router to direct, to a forwarding element of the underlay network, a subset of data messages with logical destination addresses that are stored in headers of the data messages with a set of other network addresses defined in a logical address space of the logical overlay network, and that identify the destination machines in the VPC; and configuring the underlay-network forwarding element to forward data messages received from the LIF to the set of service machines when the data messages are from the VPC and have destination addresses that fall within at least a subset of addresses in the logical address space, the service machine set residing outside of the logical overlay network (i) to perform a set of one or more services on the data messages and (ii) to provide processed data messages to a gateway to forward the data messages back to the logical overlay network for forwarding the data messages to destination machines that are addressed by the processed data messages.
36. (New) The non-transitory machine readable medium of claim 32, wherein the program further comprises a set of instructions for configuring a VPC gateway of each VPC to forward data messages processed by the set of service machines to the VPC's configured router.
8. A non-transitory machine readable medium storing a program for providing a service for data messages exchanged between machines in each of a plurality of virtual private clouds (VPCs) in a public cloud, the program for execution by at least one processing unit of a computer, the program comprising sets of instructions for: for each of at least two VPCs using one set of one or more service machines: establishing a logical overlay network on top of an underlay network of the public cloud, the logical overlay network comprising a logical router for connecting at least two logical subnets of the logical overlay network, at least two logical switches each connecting a different set of machines in the VPC that are part of one subnet of the logical overlay network; configuring at least one logical interface (LIF) of the logical router to direct, to a forwarding element of the underlay network, a subset of data messages with logical destination addresses that are stored in headers of the data messages with a set of other network addresses defined in a logical address space of the logical overlay network, and that identify the destination machines in the VPC; and configuring the underlay-network forwarding element to forward data messages received from the LIF to the set of service machines when the data messages are from the VPC and have destination addresses that fall within at least a subset of addresses in the logical address space, the service machine set residing outside of the logical overlay network (i) to perform a set of one or more services on the data messages and (ii) to provide processed data messages to a gateway to forward the data messages back to the logical overlay network for forwarding the data messages to destination machines that are addressed by the processed data messages.
37. (New) The non-transitory machine readable medium of claim 36, wherein configuring the shared network comprises configuring at least one uplink gateway of the public cloud to forward data messages of at least one VPC that are processed by the set of service machines to the VPC's configured router.
8. A non-transitory machine readable medium storing a program for providing a service for data messages exchanged between machines in each of a plurality of virtual private clouds (VPCs) in a public cloud, the program for execution by at least one processing unit of a computer, the program comprising sets of instructions for: for each of at least two VPCs using one set of one or more service machines: establishing a logical overlay network on top of an underlay network of the public cloud, the logical overlay network comprising a logical router for connecting at least two logical subnets of the logical overlay network, at least two logical switches each connecting a different set of machines in the VPC that are part of one subnet of the logical overlay network; configuring at least one logical interface (LIF) of the logical router to direct, to a forwarding element of the underlay network, a subset of data messages with logical destination addresses that are stored in headers of the data messages with a set of other network addresses defined in a logical address space of the logical overlay network, and that identify the destination machines in the VPC; and configuring the underlay-network forwarding element to forward data messages received from the LIF to the set of service machines when the data messages are from the VPC and have destination addresses that fall within at least a subset of addresses in the logical address space, the service machine set residing outside of the logical overlay network (i) to perform a set of one or more services on the data messages and (ii) to provide processed data messages to a gateway to forward the data messages back to the logical overlay network for forwarding the data messages to destination machines that are addressed by the processed data messages.

38. (New) The non-transitory machine readable medium of claim 37, wherein the uplink gateway of the public cloud is configured to forward data messages of at least two VPCs that are processed by the set of service machines to at least two configured routers of the two VPCs.
8. A non-transitory machine readable medium storing a program for providing a service for data messages exchanged between machines in each of a plurality of virtual private clouds (VPCs) in a public cloud, the program for execution by at least one processing unit of a computer, the program comprising sets of instructions for: for each of at least two VPCs using one set of one or more service machines: establishing a logical overlay network on top of an underlay network of the public cloud, the logical overlay network comprising a logical router for connecting at least two logical subnets of the logical overlay network, at least two logical switches each connecting a different set of machines in the VPC that are part of one subnet of the logical overlay network; configuring at least one logical interface (LIF) of the logical router to direct, to a forwarding element of the underlay network, a subset of data messages with logical destination addresses that are stored in headers of the data messages with a set of other network addresses defined in a logical address space of the logical overlay network, and that identify the destination machines in the VPC; and configuring the underlay-network forwarding element to forward data messages received from the LIF to the set of service machines when the data messages are from the VPC and have destination addresses that fall within at least a subset of addresses in the logical address space, the service machine set residing outside of the logical overlay network (i) to perform a set of one or more services on the data messages and (ii) to provide processed data messages to a gateway to forward the data messages back to the logical overlay network for forwarding the data messages to destination machines that are addressed by the processed data messages.
40. (New) The non-transitory machine readable medium of claim 39, wherein the network for each tenant's VPC is a logical network defined over the shared network of the public cloud.
8. A non-transitory machine readable medium storing a program for providing a service for data messages exchanged between machines in each of a plurality of virtual private clouds (VPCs) in a public cloud, the program for execution by at least one processing unit of a computer, the program comprising sets of instructions for: for each of at least two VPCs using one set of one or more service machines: establishing a logical overlay network on top of an underlay network of the public cloud, the logical overlay network comprising a logical router for connecting at least two logical subnets of the logical overlay network, at least two logical switches each connecting a different set of machines in the VPC that are part of one subnet of the logical overlay network; configuring at least one logical interface (LIF) of the logical router to direct, to a forwarding element of the underlay network, a subset of data messages with logical destination addresses that are stored in headers of the data messages with a set of other network addresses defined in a logical address space of the logical overlay network, and that identify the destination machines in the VPC; and configuring the underlay-network forwarding element to forward data messages received from the LIF to the set of service machines when the data messages are from the VPC and have destination addresses that fall within at least a subset of addresses in the logical address space, the service machine set residing outside of the logical overlay network (i) to perform a set of one or more services on the data messages and (ii) to provide processed data messages to a gateway to forward the data messages back to the logical overlay network for forwarding the data messages to destination machines that are addressed by the processed data messages.


As can be seen from the chart above claims 22-28, 30-38, and 40 of Application 17/020,713 are anticipated by claims 1, 5, 6, and 8 of Patent 10,778,579 as the claims of Patent 10,778,579 include the subject matter of Application 17/020,713 with some rephrasing such as patent 10,778,579 stating “at least two VPC’s” and the Application 17/020,713 stating “first and second VPC”, “underlay-network” in the patent changing to “shared network” in the Application. Applicant should file a terminal disclaimer to overcome this rejection.

Claim Objections
Claim 24, 28, 34 and 38 are objected to because of the following informalities:
Claim 24, line 1, “the downlink gateway” should be changed to “the at least one downlink gateway”.
Claim 28, line 1, “the uplink gateway” should be changed to “the at least one uplink gateway”.
Claim 34, line 1-, “the downlink gateway” should be changed to “the at least one downlink gateway”.
Claim 38, line 1-2, “the uplink gateway” should be changed to “the at least one uplink gateway”.
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 22-40 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
With regards to claim 22, the claim recites in line 4 “a first router” and “a second router” but in lines 6-7 recites “the router”. It is not clear which router, the first or second router, is being referred to by “the router”. Claims 23-31 depend from claim 1 and include all the limitations of claim 1 and are therefore similarly rejected.
With regards to claim 32, the claim recites in line 6 “a first router” and “a second router” but in lines 8-9 recites “the router”. It is not clear which router, the first or second router, is being referred to by “the router”. Claims 33-40 depend from claim 1 and include all the limitations of claim 1 and are therefore similarly rejected.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FAIYAZKHAN GHAFOERKHAN whose telephone number is (571)270-7161. The examiner can normally be reached Flex.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ayaz R Sheikh can be reached on (571) 272-3795. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

FAIYAZKHAN . GHAFOERKHAN
Examiner
Art Unit 2476



/FAIYAZKHAN GHAFOERKHAN/Examiner, Art Unit 2476