EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with NATHANIEL ROSS (65659) on 5/23/2022.
The application has been amended as follows: 
In the claims:
1.	(Currently Amended) A method for establishing a plurality of virtual service networks over a plurality of datacenters, the method comprising:
configuring, for each virtual service network of the plurality of virtual service networks, a set of machines distributed across the plurality of datacenters to implement an ordered set of network services for the virtual service network; and
configuring a first service network selector executing within the plurality of datacenters to receive a data message, select one of the plurality of virtual service networks for the data message based on analysis of information in layer 5-layer 7 (L5-L7) headers of the data message, determine a location within the plurality of datacenters for a first machine implementing a first network service of the ordered set of network services for the selected virtual service network, and transmit the data message to the first machine implementing the first network service; and
configuring a second service network selector executing within the plurality of datacenters to receive the data message from the first machine implementing the first network service, determine the virtual service network selected by the first service network selector for the data message, determine a location within the plurality of datacenters for a second machine implementing a second network service of the ordered set of network services for the selected virtual service network, and transmit the data message to the second machine implementing the second network service.
2.	(Original) The method of claim 1, wherein the plurality of datacenters comprises a plurality of public cloud datacenters.
3.	(Original) The method of claim 1, wherein the plurality of datacenters comprises at least one public cloud datacenter and at least one private datacenter.
4.	(Original) The method of claim 1, wherein the plurality of virtual service networks comprises at least (i) a first virtual service network comprising a first ordered set of network services implemented by a first set of machines operating in the plurality of datacenters and (ii) a second virtual service network comprising a second ordered set of network services implemented by a second set of machines operating in the plurality of datacenters.
5.	(Previously Presented) The method of claim 1, wherein the method is executed by a virtual service network controller, wherein:
configuring a particular set of machines to implement the ordered set of network services for a particular virtual service network comprises providing configuration data for the particular set of machines to a first controller for instantiating at least one of virtual machines and containers on host computers in at least one of the datacenters; and
configuring the first and second service network selectors comprises providing configuration data for service network selection operations to a second controller for configuring service network selectors in at least one of the datacenters.
6.	(Original) The method of claim 5, wherein providing the configuration data for (i) the set of machines to the first controller and (ii) the service network selection operations to the second controller comprises providing virtual service network policies to an agent that executes in a particular datacenter, wherein the agent translates the virtual service network policies into (i) data for the first controller to instantiate and configure the set of machines and (ii) data for the second controller to configure the service network selectors to perform the service network selection operations.
7.	(Previously Presented) The method of claim 1, wherein (i) the data message is received at the first service network selector from an external endpoint device and (ii) after processing by the ordered set of network services for the selected virtual service network, the data message is transmitted from the datacenters to a public network.
8.	(Previously Presented) The method of claim 7, wherein the first service network selector executes in a first datacenter and receives data messages from external endpoint devices located within a first geographic range, wherein additional service network selectors execute in other datacenters and receive data messages from external endpoint devices located within a second geographic range.
9.	(Previously Presented) The method of claim 1, wherein the first service network selector executes on a particular host computer in a particular datacenter of the plurality of datacenters.
10.	(Previously Presented) The method of claim 9, wherein the data message is received by the first service network selector from a data compute node that also executes on the particular host computer, wherein a set of additional service network selectors including the second service network selector execute on additional host computers in the particular datacenter.
11.	(Previously Presented) The method of claim 10, wherein the first machine executing the first network service executes on an additional host computer in the particular datacenter, wherein the second service network selector executes on the additional host computer to determine the location within the plurality of datacenters for the second machine implementing the second network service of the ordered set of network services for the selected virtual service network and transmit the data message to the second machine implementing the second network service.
12.	(Original) The method of claim 10, wherein the data compute node is a first data compute node that executes on a first host computer, wherein after processing by the ordered set of network services for the virtual service networks, the data message is transmitted to a second data compute node that executes on a second host computer in one of the datacenters.
13.	(Original) The method of claim 12, wherein the first and second data compute nodes execute on host computers in two different private datacenters, wherein at least a subset of the network services execute on host computers in at least one public datacenter.
14.	(Previously Presented) The method of claim 12, wherein:
a third service network selector executes on the second host computer; and
the third service network selector stores data regarding the data message to use in selecting the same virtual service network for a return data message from the second data compute node.
15.	(Currently Amended) A non-transitory machine readable medium storing a program which when executed by at least one processing unit establishes a plurality of virtual service networks over a plurality of datacenters, the program comprising sets of instructions for:
configuring, for each virtual service network of the plurality of virtual service networks, a set of machines distributed across the plurality of datacenters to implement an ordered set of network services for the virtual service network; and
configuring a first service network selector executing within the plurality of datacenters to receive a data message, select one of the plurality of virtual service networks for the data message based on analysis of information in layer 5-layer 7 (L5-L7) headers of the data message, determine a location within the plurality of datacenters for a first machine implementing a first network service of the ordered set of network services for the selected virtual service network, and transmit the data message to the first machine implementing the first network service; and
configuring a second service network selector executing within the plurality of datacenters to receive the data message from the first machine implementing the first network service, determine the virtual service network selected by the first service network selector for the data message, determine a location within the plurality of datacenters for a second machine implementing a second network service of the ordered set of network services for the selected virtual service network, and transmit the data message to the second machine implementing the second network service.
16.	(Original) The non-transitory machine readable medium of claim 15, wherein the plurality of virtual service networks comprises at least (i) a first virtual service network comprising a first ordered set of network services implemented by a first set of machines operating in the plurality of datacenters and (ii) a second virtual service network comprising a second ordered set of network services implemented by a second set of machines operating in the plurality of datacenters.
17.	(Previously Presented) The non-transitory machine readable medium of claim 15, wherein the program is a virtual service network controller, wherein:
the set of instructions for configuring a particular set of machines to implement the ordered set of network services for a particular virtual service network comprises a set of instructions for providing configuration data for the particular set of machines to a first controller for instantiating virtual machines on host computers in at least one of the datacenters; and
the set of instructions for configuring the first and second service network selectors comprises a set of instructions for providing configuration data for service network selection operations to a second controller for configuring service network selectors in at least one of the datacenters.
18.	(Original) The non-transitory machine readable medium of claim 17, wherein the sets of instructions for providing the configuration data for (i) the set of machines to the first controller and (ii) the service network selection operations to the second controller comprises a set of instructions for providing virtual service network policies to an agent that executes in a particular datacenter, wherein the agent translates the virtual service network policies into (i) data for the first controller to instantiate and configure the set of machines and (ii) data for the second controller to configure the service network selectors to perform the service network selection operations.
19.	(Previously Presented) The non-transitory machine readable medium of claim 15, wherein:
the data message is received at the first service network selector from an external endpoint device;
after processing by the ordered set of network services for the selected virtual service network, the data message is transmitted from the datacenters to a public network;
the first service network selector executes in a first datacenter and receives data messages from external endpoint devices located within a first geographic range; and
additional service network selectors execute in other datacenters and receive data messages from external endpoint devices located within a second geographic range.
20.	(Previously Presented) The non-transitory machine readable medium of claim 15, wherein:
the first service network selector executes on a particular host computer in a particular datacenter of the plurality of datacenters;
the data message is received by the first service network selector from a data compute node that also executes on the particular host computer;
a set of additional service network selectors including the second service network selector execute on additional host computers in the particular datacenter;
the first machine executing the first network service executes on an additional host computer in the particular datacenter; and
the second service network selector executes on the additional host computer to determine the location within the plurality of datacenters for the second machine implementing the second network service of the ordered set of network services for the selected virtual service network and transmit the data message to the second machine implementing the second network service.
21.	(Currently Amended) A system comprising:
a set of host computers operating in a plurality of datacenters; and
a computing device executing a virtual service network controller to establish a plurality of virtual service networks over the plurality of datacenters, the virtual service network controller for: 
configuring, for each virtual service network of the plurality of virtual service networks, a set of machines executing on the host computers in the plurality of datacenters to implement an ordered set of network services for the virtual service network; and
configuring a first service network selector executing on the host computers in the plurality of datacenters to receive a data message, select one of the plurality of virtual service networks for the data message based on analysis of information in layer 5-layer 7 (L5-L7) headers of the data message, determine a location within the plurality of datacenters for a first machine implementing a first network service of the ordered set of network services for the selected virtual service network, and transmit the data message to the first machine implementing the first network service; and
configuring a second service network selector executing on the host computers in the plurality of datacenters to receive the data message from the first machine implementing the first network service, determine the virtual service network selected by the first service network selector for the data message, determine a location within the plurality of datacenters for a second machine implementing a second network service of the ordered set of network services for the selected virtual service network, and transmit the data message to the second machine implementing the second network service.
22.	(Original) The system of claim 21, wherein the plurality of virtual service networks comprises at least (i) a first virtual service network comprising a first ordered set of network services implemented by a first set of machines executing on a first subset of the host computers in the plurality of datacenters and (ii) a second virtual service network comprising a second ordered set of network services implemented by a second set of machines executing on a second subset of the host computers in the plurality of datacenters.
23.	(Previously Presented) The system of claim 21, wherein (i) the data message is received at the first service network selector from an external endpoint device and (ii) after processing by the ordered set of network services for the selected virtual service network, the data message is transmitted from the datacenters to a public network.
24.	(Previously Presented) The method of claim 1, wherein the first service network selector and second service network selector are a same service network selector, wherein the first service network selector and first machine execute in a same datacenter.
25.	(Previously Presented) The method of claim 1, wherein the first service network selector executes in a first datacenter of the plurality of datacenters, the first machine executes in a second datacenter of the plurality of datacenters, and the second service network selector executes in the second datacenter.
26.	(Previously Presented) The method of claim 1 further comprising configuring a plurality of service network selectors, including the first and second service network selectors, to:
receive a first set of data messages from source endpoints of the data messages and select virtual service networks from the plurality of virtual service networks for the data messages of the first set of data messages based on analysis of contents of the data messages of the first set of data messages; and
receive a second set of data messages from machines implementing network services in the ordered sets of network services for virtual service networks and determine virtual service networks previously selected by the plurality of service network selectors for the data messages of the second set of data messages.
27.	(Canceled)



REASONS FOR ALLOWANCE
The following is the Examiner’s statement of reasons for allowance:
Independent claims 1, 15, 21 all comprise (or are significantly similar to), among other things, configuring, for each virtual service network of the plurality of virtual service networks, a set of machines distributed across the plurality of datacenters to implement an ordered set of network services for the virtual service network; and
configuring a first service network selector executing within the plurality of datacenters to receive a data message, select one of the plurality of virtual service networks for the data message based on analysis of information in layer 5-layer 7 (L5-L7) headers of the data message, determine a location within the plurality of datacenters for a first machine implementing a first network service of the ordered set of network services for the selected virtual service network, and transmit the data message to the first machine implementing the first network service; and
configuring a second service network selector executing within the plurality of datacenters to receive the data message from the first machine implementing the first network service, determine the virtual service network selected by the first service network selector for the data message, determine a location within the plurality of datacenters for a second machine implementing a second network service of the ordered set of network services for the selected virtual service network, and transmit the data message to the second machine implementing the second network service. The remaining dependent claims further limit the invention.

Applicant filed a pre-appeal brief conference request on 4/25/2022. The conference was held, and the panel agreed to go forward with appeal on all claims, but alternately allowed for Claim 27 to be offered for allowance. Examiner contacted Counsel, and Counsel agreed to move Claim 27 into the independents. All claims are allowed.
Examiner cites Beliveau (US Pub. 2014/0233385) paras. 67-70 for the record. 

	Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance."

CORRESPONDANCE INFORMATION
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS P CELANI whose telephone number is (571)272-1205.  The examiner can normally be reached on M-F 9-5.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, VIVEK SRIVASTAVA can be reached on (571) 272-7304.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/NICHOLAS P CELANI/Examiner, Art Unit 2449