Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed Action
This office action is responsive to communication filed on 03/17/2022. Claims 1-20 have been examined.
Response to Arguments
Applicant's argument is persuasive and a new ground(s) of rejection presented in
this Office action. 
Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
Determining the scope and contents of the prior art.


Ascertaining the differences between the prior art and the claims at issue.

Resolving the level of ordinary skill in the pertinent art.

Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 9, 11-12 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Koponen et al. (US20150117454A1) hereinafter Koponen in view of Ghule et al. (US20210203688A1) hereinafter Ghule, and further in view of Chen et al. (US20200014638A1) hereinafter Chen.
As per claim 1.  A method of facilitating, (Koponen, par0003 teaches some embodiments provide novel packet processing techniques within a managed network that enable first-hop processing of bi-directional stateful traffic that passes through distributed middleboxes (e.g., firewalls, load balancers, network address translators, etc.).
a source network address translation (SNAT) (Koponen, par0136 teaches one of the middlebox services that may be provided in a distributed manner in logical networks of some embodiments is a SNAT service. When providing the SNAT service, the middlebox replaces a source network address (e.g., the source IP address) with a different source network address in order to hide the real source network address from the recipient of the packet).
middlebox service operation for a first network, the method comprising: receiving, from a second network, (Koponen, par0036 teaches the middlebox may be located directly between two other components (e.g., in order to process all traffic between a logical switch and a logical router irrespective of any routing policies), directly between the external network and logical router (e.g., in order to monitor and process all traffic entering or exiting the logical network [first and second network]), or in other locations in a more complex network).
identifying an SNAT record that maps the first destination IPv4 address, (Koponen par0133 teaches  the SNAT processing identifies that the packet matches its connection table [record]. The SNAT modifies the destination IP to the actual IP address).
executing an middlebox service instance within the first network (Koponen par0083 teaches upon receiving an instruction to create a new middlebox instance and an external identifier (that used on the packets) for the new instance, some embodiments automatically create the new middlebox instance and assign the instance an internal identifier. In addition, the middlebox stores a binding for the instance that maps the external slice identifier to the internal slice identifier).
forwarding the packet along the first network, an SNAT middlebox service instance within the first network, iii) have the SNAT middlebox service (Koponen par0164 teaches with the packet allowed, the MFE sends packet 1 to the distributed middlebox instance 920. In some embodiments, the MFE (e.g., according to a flow entry not shown in this figure) attaches a slice identifier to the packet before sending it to the SNAT element, so that the SNAT element knows which of its potentially several instances should process the packet). 
replace the first destination IP address (Koponen par0153 teaches  in some embodiments, directs the MFE to modify a matched packet by replacing the destination address of the packet to the a real IP address to which the destination address maps).
with a first destination IPv4 address and a first destination port; (Koponen par0113 teaches this flow entry then specifies as an action to create a new high-priority flow entry in the forwarding table that sends packets for the connection received from the local VM over the tunnel to the first MFE in host 505. In some embodiments, the connection is identified using a five-tuple of {source IP address, destination IP address, source port, destination port, transport protocol type}).
a second destination IP address and a second destination port (Koponen par0179 teaches the VMs run a standard TCP/IP stack which always assumes that the 5-tuple of {source IP, destination IP, transport protocol type, source transport port number, destination transport port number} is unique. …. In order to resolve this conflict, some embodiments modify one of the values that makes up the 5-tuple (e.g., the source port number or source IP address) before sending the packets to the destination VM.).
a third destination IP address and a third destination port (Koponen par0197 teaches the MFE 915 identifies that the 5-tuple of {source IP, source port, destination IP, destination port, transport protocol} for the received packet matches the stored info for a previously-sent packet sent from VM 2 to VM 3, because the SNAT elements 920 and 925 chose the same source IP address (and possibly source port number) from the available range of addresses (and port numbers). As the source MFE (i.e., tunnel through which the packet was received) is different, the record 30 specifies for the MFE to dynamically generate two flow entries (e.g., by filling in values of predefined flow templates).
replace the first destination IP address and port in the IPv4 address with a third destination IP address and a third destination port (Koponen par0165, 0167 teaches as shown in this figure and the subsequent FIG. 12, some embodiments send the first packet for a connection to an SNAT element, which modifies the packet to change the source address (and, in some embodiments, the source transport port number), and generates flow entries for processing future packets in both directions. On the other hand, the SNAT elements of some embodiments do not generate new flow entries, and instead all packets in both directions are sent to the SNAT element for processing. In still other embodiments, the distributed SNAT is not implemented as a module separate from the MFE, but instead as flow entries within the MFE. These flow entries perform the function of the described SNAT element, generating flow entries for future use that store the connection mapping information).
 (iv) provide the packet to a destination machine (Koponen, par0203 teaches the MFE then maps the logical egress port of the packet to its interface to the destination VM 3, and delivers the packet to the VM. 
connected to the first network. (Koponen, par0220 teaches FIG. 18 illustrates a more complex logical network 1800 of some embodiments. The logical network 1800 includes three logical switches 1805-1815, each with two VMs attached. These three logical switches are connected via a logical router 1820. Between the second logical switch 1810 and the logical router 1820 is a firewall 1825. In addition, connected to the logical router are a load balancer 1830 that balances packets between the VMs 1 and 2 of logical switch 1805, and a logical SNAT 1835 that translates source IP addresses for packets sent by the VMs 5 and 6 of logical switch 1815. The firewall located between the logical router 1820 and the logical switch 1810 receives all packets sent between these logical elements).
          Koponen does not explicitly discloses a packet comprising an internet protocol version 4 (IPv4) header with a first destination IPv4 address and a first destination port; for inclusion in an IP version 6 (IPv6) header; encapsulating the received packet with the IPv6 header that uses the second destination IPv6 address and port; forwarding the encapsulated packet along the first network, (i) to receive the packet, (ii) extract the IPv6 header, in the IPv4 address.
          Ghule however discloses a packet comprising an internet protocol version 4 (IPv4) header with a first destination IPv4 address and a first destination port; (Ghule, par0041 teaches FIG. 3A is a block diagram illustrating a conceptual IPv4 packet 300 in accordance to techniques of this disclosure. In this example, IPv4 packet 300 includes IPv4 headers 302 and IPv4 payload. IPv4 headers 302 may include IPv4 version (i.e., 4), protocol (e.g., Transmission Control Protocol (TCP), User Datagram Protocol (UDP), IPv6 encapsulation (ENCAP)), header checksum, 32-bit IPv4 source address, and 32-bit IPv4 destination address among others. IPv4 payload 304 includes the data to be transported by IPv4 packet 300. The contents of IPv4 payload 304 depend on the protocol being used. In some examples, IPv4 headers 302 or IPv4 payload may include a source port number and/or a destination port number, depending on the protocol being used).
for inclusion in an IP version 6 (IPv6) header; (Ghule, par0026 teaches client device 102 may be coupled (e.g., via a data link) to CPE 104 which may be configured to function as a customer edge router in a use Mapping of Address and Port with Encapsulation (MAP-E) deployment. In some examples, CPE 104 may receive one or more IPv4 packets from CD 102 and encapsulate those one or more IPv4 packets into one or more IPv6 packets based on the IPv4 packet header information (e.g., using MAP-E). For example, CPE 104 may determine an IPv6 source address based on the IPv4 source address and IPv4 source port number from the IPv4 header information (e.g., using Network Address and Port Translation (NAPT) or other address mapping techniques). Similarly, CPE 104 may determine an IPv6 destination address based on the IPv4 destination address and, optionally, destination port number from the IPv4 header information. The one or more encapsulated packets are transmitted (e.g., via a datalink) to tunnel entry point (TEP) device 106, which forwards the one or more encapsulated packets through network tunnel 116 to network device 110 based on the IPv6 header information of the one or more encapsulated packets).
encapsulating the received packet with the IPv6 header that uses the second destination IPv6 address and port (Ghule, par0026 teaches CPE 104 may receive one or more IPv4 packets from CD 102 and encapsulate those one or more IPv4 packets into one or more IPv6 packets based on the IPv4 packet header information (e.g., using MAP-E). For example, CPE 104 may determine an IPv6 source address based on the IPv4 source address and IPv4 source port number from the IPv4 header information (e.g., using Network Address and Port Translation (NAPT) or other address mapping techniques). Similarly, CPE 104 may determine an IPv6 destination address based on the IPv4 destination address and, optionally, destination port number from the IPv4 header information).
forwarding the encapsulated packet along the first network,  (Ghule, par0026 teaches the one or more encapsulated packets are transmitted (e.g., via a datalink) to tunnel entry point (TEP) device 106, which forwards the one or more encapsulated packets through network tunnel 116 to network device 110 based on the IPv6 header information of the one or more encapsulated packets).
(i) to receive the packet, (Ghule, par0044 teaches network device 110 receives an encapsulated packet (e.g., encapsulated IPv6 packet 310 of FIG. 3B) (402).
(ii) extract the IPv6 header, (Ghule, par0045 teaches network device 110 extracts IPv6 header information and the IPv4 packet from the encapsulated packet (404).
in the IPv4 address (Ghule, par0063 teaches inner header types 806 may include any IPv4 header information from the IPv4 packet in the encapsulated packet, such as an IPv4 protocol, a source IPv4 address, a source IPv4 port number, a destination IPv4 address, a destination IPv4 port number, and the like).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of a packet comprising an internet protocol version 4 (IPv4) header with a first destination IPv4 address and a first destination port; for inclusion in an IP version 6 (IPv6) header; encapsulating the received packet with the IPv6 header that uses the second destination IPv6 address and port; forwarding the encapsulated packet along the first network, (i) to receive the packet, (ii) extract the IPv6 header, in the IPv4 address, as taught by Ghule in the method of Koponen, so some networks use IPv4 and other networks use IPv6, many computer networks encapsulate IPv4 packets into IPv6 packets, and vice versa, facilitating transmission within networks that use IPv6 or IPv4, respectively, see Ghule par0004.
          Koponen and Ghule do not explicitly disclose at a gateway device of a datacenter, of the datacenter to a host computer operating in the datacenter, executing on the host computer.
          Chen however discloses at a gateway device of a datacenter (Chen, par0076, 0082 teaches in some embodiments, forwarding the data message to the edge gateway [gateway device] includes providing the encapsulated data message (e.g., data message 425) to a physical NIC of host 100 to be sent out over the physical network of a datacenter… In some embodiments, middlebox service engines execute on a same physical device as an edge gateway (i.e., edge host 720) and each of the middlebox service engines and the edge gateway are implemented using virtual machines (service virtual machines), containers, or software modules executing on the physical device. In other embodiments, edge gateways and middlebox service engines execute on separate physical devices (not shown). In some embodiments, each physical device is one of a standalone device for performing a particular gateway or middlebox function).
of the datacenter to a host computer operating in the datacenter, (Chen, par0078 teaches FIG. 7 illustrates a set of datacenters 740 that includes a set of hosts 100 as described in relation to FIG. 1 and an edge host 720 hosting a set of context-aware middlebox service engines 725. FIG. 7 also depicts external networks 750, which can provide connectivity between datacenters or include destination machines 760).
executing on the host computer (Chen, par0036 teaches The DCNs are endpoint machines executing on the host computer 100. The DCNs are virtual machines (VMs) in some embodiments, containers in other embodiments, or a mix of VMs and containers in still other embodiments. On each DCN, a GI agent 150 executes in order to collect contextual attributes for the context engine 110.).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of at a gateway device of a datacenter, of the datacenter to a host computer operating in the datacenter, executing on the host computer, as taught by Chen in the method of Koponen and Ghule, so a middlebox service engine can use the threat level indicator as another attribute to identify service rules to enforce, see Chen par0009.

As per claim 9. Koponen, Ghule and Chen disclose the method of claim 1.
          Koponen further discloses wherein the SNAT record is received from (Koponen par0133 teaches  the SNAT processing identifies that the packet matches its connection table [record]. The SNAT modifies the destination IP to the actual IP address).
a controller computer of the first network. (Koponen par0072 teaches he middlebox configuration data is a set of records, with each record specifying a particular rule. These records, in some embodiments, are in a similar format to the flow entries propagated to the managed forwarding elements. In fact, some embodiments use the same applications on the controllers to propagate the firewall configuration records as for the flow entries, and the same table mapping language (e.g., nLog) for the records).

As per claim 11 A method of facilitating the provision of a distributed source network address translation (dSNAT) middlebox service at a host computer for a first network, (Koponen, Fig10, par0019, 0136. Par0136 teaches one of the middlebox services that may be provided in a distributed manner in logical networks of some embodiments is a SNAT service. When providing the SNAT service, the middlebox replaces a source network address (e.g., the source IP address) with a different source network address in order to hide the real source network address from the recipient of the packet).
the dSNAT middlebox service implemented by a plurality of dSNAT middlebox service instances executing on a plurality of host computers, (Koponen, par0143 teaches this network includes three hosts 935-945 on which the MFEs 905-915 and distributed SNAT elements 920-930 run, respectively).
each dSNAT using a same external IPv4 address as a source address for serviced packets the method comprising: (Koponen, par0179 teaches the VMs run a standard TCP/IP stack which always assumes that the 5-tuple of {source IP, destination IP, transport protocol type, source transport port number, destination transport port number} is unique. Accordingly, if the source IP and source port for two connections are the same, the destination VM will treat these as the same connection. Furthermore, when the MFE receives return packets from this destination VM, the MFE will not be able to differentiate the connections to determine to which MFE to send the packet).
external IPv4 address (Koponen, par0216 teaches the packet matches the record R, the generation of which is described above by reference to FIG. 11, based on its destination IP address matching that chosen as the public IP for VM 1 by the distributed SNAT element 920).
receiving, executing between the first network and a second network, (Koponen, Fig1 {router1-gateway device}, par0036 teaches the logical router 115 [gateway device] also connects to an external network 145).
to the identified dSNAT middlebox service within the first network
dSNAT middlebox service instance executing on the host computer (Koponen par0136-0137 teaches one of the middlebox services that may be provided in a distributed manner in logical networks of some embodiments is a SNAT service. When providing the SNAT service, the middlebox replaces a source network address (e.g., the source IP address) with a different source network address in order to hide the real source network address from the recipient of the packet…..If a first VM sends a packet to a second VM, the local SNAT [host computer] may translate the IP address of the first VM into a particular address. In some embodiments, the SNAT (or SNATP) assigns a source transport port number in addition to the IP address. This source port number may be assigned at random in some embodiments. When a third VM, on the same subnet as the first VM but located at a different host, sends a packet to the second VM, the local SNAT element of the different host will perform its SNAT processing).  
replace the second destination IP address and second port number with a third destination IP address and port number replace the first destination IP address with a third destination IP address (Koponen par0153 teaches  in some embodiments, directs the MFE to modify a matched packet by replacing the destination address of the packet to the a real IP address to which the destination address maps).
source IP address and port (Koponen par0164 teaches in some cases, the SNAT element will select the same address and transport port number, in which case the second VM will see packets coming from two different sources (i.e., two different tunnels) but having the same source address and port number, and therefore having the same transport connection 5-tuple unless the transport protocol or destination port number are different).
destination IP address and port (Koponen par0034 teaches in some cases the SNAT elements will choose the same source IP address and port number, thereby creating a conflict if the transport protocol and destination IP address and port number are the same).
so that the packet can then be supplied to a destination machine connected to the first network. (Koponen par0170 teaches the MFE may use the address resolution protocol (ARP) to resolve the destination IP address of the packet into the MAC address of VM 3, and replace the current destination MAC address of the packet (that of port X of the logical router) with this identified MAC address for the eventual destination VM).
          Koponen does not explicitly discloses a packet comprising an inner IPv4 packet and, with a first destination IP address and a first destination port number; an internet protocol version 6 (IPv6) encapsulation header, removing the IPv6 encapsulation header to identify a, that is associated with a second destination IP address and a second destination port number in an IPv4 header of the inner IPv4 packet; forwarding the inner IPv4 packet along the first network to receive the packet with the IPv4 header.
          Ghule however discloses a packet comprising an inner IPv4 packet and, with a first destination IP address and a first destination port number; (Ghule, par0041 teaches FIG. 3A is a block diagram illustrating a conceptual IPv4 packet 300 in accordance to techniques of this disclosure. In this example, IPv4 packet 300 includes IPv4 headers 302 and IPv4 payload. IPv4 headers 302 may include IPv4 version (i.e., 4), protocol (e.g., Transmission Control Protocol (TCP), User Datagram Protocol (UDP), IPv6 encapsulation (ENCAP)), header checksum, 32-bit IPv4 source address, and 32-bit IPv4 destination address among others. IPv4 payload 304 includes the data to be transported by IPv4 packet 300. The contents of IPv4 payload 304 depend on the protocol being used. In some examples, IPv4 headers 302 or IPv4 payload may include a source port number and/or a destination port number, depending on the protocol being used).
an internet protocol version 6 (IPv6) encapsulation header, removing the IPv6 encapsulation header to identify a, that is associated with a second destination IP address and a second destination port number in an IPv4 header of the inner IPv4 packet; (Ghule, par0026 teaches CPE 104 may receive one or more IPv4 packets from CD 102 and encapsulate those one or more IPv4 packets into one or more IPv6 packets based on the IPv4 packet header information (e.g., using MAP-E). For example, CPE 104 may determine an IPv6 source address based on the IPv4 source address and IPv4 source port number from the IPv4 header information (e.g., using Network Address and Port Translation (NAPT) or other address mapping techniques). Similarly, CPE 104 may determine an IPv6 destination address based on the IPv4 destination address and, optionally, destination port number from the IPv4 header information).
forwarding the inner IPv4 packet along the first network to receive the packet with the IPv4 header and (Ghule, par0026 teaches the one or more encapsulated packets are transmitted (e.g., via a datalink) to tunnel entry point (TEP) device 106, which forwards the one or more encapsulated packets through network tunnel 116 to network device 110 based on the IPv6 header information of the one or more encapsulated packets).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of a packet comprising an inner IPv4 packet and, with a first destination IP address and a first destination port number; an internet protocol version 6 (IPv6) encapsulation header, removing the IPv6 encapsulation header to identify a, that is associated with a second destination IP address and a second destination port number in an IPv4 header of the inner IPv4 packet; forwarding the inner IPv4 packet along the first network to receive the packet with the IPv4 header, as taught by Ghule in the method of Koponen, so some networks use IPv4 and other networks use IPv6, many computer networks encapsulate IPv4 packets into IPv6 packets, and vice versa, facilitating transmission within networks that use IPv6 or IPv4, respectively, see Ghule par0004.
          Koponen and Ghule do not explicitly disclose from a gateway device of, the datacenter, of a datacenter, executing on the host computer.
          Chen however discloses from a gateway device of, the datacenter (Chen, par0076, 0082 teaches in some embodiments, forwarding the data message to the edge gateway [gateway device] includes providing the encapsulated data message (e.g., data message 425) to a physical NIC of host 100 to be sent out over the physical network of a datacenter… In some embodiments, middlebox service engines execute on a same physical device as an edge gateway (i.e., edge host 720) and each of the middlebox service engines and the edge gateway are implemented using virtual machines (service virtual machines), containers, or software modules executing on the physical device. In other embodiments, edge gateways and middlebox service engines execute on separate physical devices (not shown). In some embodiments, each physical device is one of a standalone device for performing a particular gateway or middlebox function).
of a datacenter, (Chen, par0078 teaches FIG. 7 illustrates a set of datacenters 740 that includes a set of hosts 100 as described in relation to FIG. 1 and an edge host 720 hosting a set of context-aware middlebox service engines 725. FIG. 7 also depicts external networks 750, which can provide connectivity between datacenters or include destination machines 760).
executing on the host computer (Chen, par0036 teaches The DCNs are endpoint machines executing on the host computer 100. The DCNs are virtual machines (VMs) in some embodiments, containers in other embodiments, or a mix of VMs and containers in still other embodiments. On each DCN, a GI agent 150 executes in order to collect contextual attributes for the context engine 110.).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of from a gateway device of, the datacenter, of a datacenter, executing on the host computer, as taught by Chen in the method of Koponen and Ghule, so a middlebox service engine can use the threat level indicator as another attribute to identify service rules to enforce, see Chen par0009.

As per claim 12. Koponen, Ghule and Chen disclose the method of claim 11.
          Koponen further discloses wherein the inner IPv4 packet is sent as an IPv4 packet by a source device in the second network using the second IP address and port number as a destination IP address and destination port number in the IPv4 packet header, (Koponen par0066 teaches whereas routers and switches will normally forward packets according to the destination address (e.g., MAC address or IP address) of the packet, policy routing allows forwarding decisions to be made based on other information stored by the packet (e.g., source addresses, a combination of source and destination addresses, etc.). For example, the user might specify that all packets with source IP addresses in a particular subnet, or that have destination IP addresses not matching a particular set of subnets, should be forwarded to the middlebox).
 and the gateway device receives the IPv4 packet for forwarding (Koponen, Fig1 {router1-gateway device}, par0036 teaches the logical router 115 [gateway device] also connects to an external network 145).
destination IP address and port (Koponen par0034 teaches in some cases the SNAT elements will choose the same source IP address and port number, thereby creating a conflict if the transport protocol and destination IP address and port number are the same).
to the dSNAT middlebox service instance in the first network. (Koponen par0136-0137 teaches one of the middlebox services that may be provided in a distributed manner in logical networks of some embodiments is a SNAT service. When providing the SNAT service, the middlebox replaces a source network address (e.g., the source IP address) with a different source network address in order to hide the real source network address from the recipient of the packet…..If a first VM sends a packet to a second VM, the local SNAT [host computer] may translate the IP address of the first VM into a particular address. In some embodiments, the SNAT (or SNATP) assigns a source transport port number in addition to the IP address. This source port number may be assigned at random in some embodiments. When a third VM, on the same subnet as the first VM but located at a different host, sends a packet to the second VM, the local SNAT element of the different host will perform its SNAT processing).

As per claim 20. Koponen, Ghule and Chen disclose the method of claim 11.
          Koponen further discloses wherein the packet is a first packet in a packet flow between a device in the second network and the destination machine, the method further comprising:, a dSNAT service operation performed by the identified dSNAT middlebox instance Koponen par0136-0137 teaches one of the middlebox services that may be provided in a distributed manner in logical networks of some embodiments is a SNAT service. When providing the SNAT service, the middlebox replaces a source network address (e.g., the source IP address) with a different source network address in order to hide the real source network address from the recipient of the packet…..If a first VM sends a packet to a second VM, the local SNAT [host computer] may translate the IP address of the first VM into a particular address. In some embodiments, the SNAT (or SNATP) assigns a source transport port number in addition to the IP address. This source port number may be assigned at random in some embodiments. When a third VM, on the same subnet as the first VM but located at a different host, sends a packet to the second VM, the local SNAT element of the different host will perform its SNAT processing).  
receiving a second packet in the packet flow from a source machine that was the destination machine of the first packet with a first source IP address that is the same as the second destination IP address and a first source port that is the same as the second destination source port; and (Koponen, par0036 teaches the middlebox may be located directly between two other components (e.g., in order to process all traffic between a logical switch and a logical router irrespective of any routing policies), directly between the external network and logical router (e.g., in order to monitor and process all traffic entering or exiting the logical network [first and second network]), or in other locations in a more complex network).
forwarding the data message to the device in the second network without encapsulating the packet using the first IP destination address as either a source or destination IP address, (Koponen par0164 teaches with the packet allowed, the MFE sends packet 1 to the distributed middlebox instance 920. In some embodiments, the MFE (e.g., according to a flow entry not shown in this figure) attaches a slice identifier to the packet before sending it to the SNAT element, so that the SNAT element knows which of its potentially several instances should process the packet).
wherein the source machine that was the destination machine of the first packet sends the second packet with a second source IP address that is the same as the third destination IP address and a second source port that is the same as the third destination source port that are replaced with the first source IP address and source port by (Koponen par0136-0137 teaches one of the middlebox services that may be provided in a distributed manner in logical networks of some embodiments is a SNAT service. When providing the SNAT service, the middlebox replaces a source network address (e.g., the source IP address) with a different source network address in order to hide the real source network address from the recipient of the packet…..If a first VM sends a packet to a second VM, the local SNAT [host computer] may translate the IP address of the first VM into a particular address. In some embodiments, the SNAT (or SNATP) assigns a source transport port number in addition to the IP address. This source port number may be assigned at random in some embodiments. When a third VM, on the same subnet as the first VM but located at a different host, sends a packet to the second VM, the local SNAT element of the different host will perform its SNAT processing).  

Claims 2, and 13-15 are rejected under 35 U.S.C. 103 as being unpatentable over Koponen in view of Ghule further in view of Chen, and further in view of Filsfils et al. (US20130089097A1) hereinafter Filsfils.
As per claim 2. Koponen, Ghule and Chen disclose the method of claim 1.
          Koponen further discloses wherein the host computer, the SNAT middlebox service instance. (Koponen par0136-0137 teaches one of the middlebox services that may be provided in a distributed manner in logical networks of some embodiments is a SNAT service. When providing the SNAT service, the middlebox replaces a source network address (e.g., the source IP address) with a different source network address in order to hide the real source network address from the recipient of the packet…..If a first VM sends a packet to a second VM, the local SNAT may translate the IP address of the first VM into a particular address. In some embodiments, the SNAT (or SNATP) assigns a source transport port number in addition to the IP address. This source port number may be assigned at random in some embodiments. When a third VM, on the same subnet as the first VM but located at a different host, sends a packet to the second VM, the local SNAT element of the different host will perform its SNAT processing).  
middlebox service instance (Koponen par0165 teaches the SNAT element 920 identifies an IP address to which to translate the source IP address (10.0.1.1) of packet 1. In this example, the distributed middlebox instance 125 selects 11.0.1.1 from the range of IP addresses (11.0.1.1-11.0.1.100) described above by reference to FIG. 9. The distributed SNAT element 920 modifies the source IP address of the current packet 1 to have the selected IP address 11.0.1.1).
          Koponen, Ghule and Chen do not explicitly disclose removes the IPv6 encapsulation and forwards the received packet to, based on the first destination IPv4 address.
         Filsfils however discloses removes the IPv6 encapsulation and forwards the received packet to, based on the first destination IPv4 address. (Filsfils, par0039 teaches in process block 672, the received IPv6 packet is processed, including removing the IPv6 encapsulation such as to expose the encapsulated IP packet, which is then forwarded from the packet switching device).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of removes the IPv6 encapsulation and forwards the received packet to, based on the first destination IPv4 address, as taught by Filsfils in the method of Koponen, Ghule and Chen, so forwarding IPv6 packets based on shorter addresses derived from their IPv6 destination addresses allow providers to employ networks and systems having greater speed and capacity, see Filsfils par0002.

As per claim 13. Koponen, Ghule and Chen disclose the method of claim 12.
          Koponen further discloses wherein the gateway device (Koponen, Fig1 {router1-gateway device}, par0036 teaches the logical router 115 [gateway device] also connects to an external network 145).
          Koponen does not explicitly discloses forwards the encapsulated packet to the host machine based on the first destination IP address in the IPv6 encapsulation header.
          Ghule however discloses forwards the encapsulated packet to the host machine based on the first destination IP address in the IPv6 encapsulation header. (Ghule, par0026 teaches the one or more encapsulated packets are transmitted (e.g., via a datalink) to tunnel entry point (TEP) device 106, which forwards the one or more encapsulated packets through network tunnel 116 to network device 110 based on the IPv6 header information of the one or more encapsulated packets).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of forwards the encapsulated packet to the host machine based on the first destination IP address in the IPv6 encapsulation header, as taught by Ghule in the method of Koponen, so some networks use IPv4 and other networks use IPv6, many computer networks encapsulate IPv4 packets into IPv6 packets, and vice versa, facilitating transmission within networks that use IPv6 or IPv4, respectively, see Ghule par0004.
         Koponen, Ghule and Chen do not explicitly disclose generates the IPv6 encapsulation header.
         Filsfils however discloses generates the IPv6 encapsulation header (Filsfils, par0034 teaches this exchanging of routing information includes, but is not limited to, an identification of a prefix/value to be added to an advertised IPv4 address to generate an IPv6 address for referencing the same route, or the identification of a prefix/value to be removed from an advertised IPv6 address to generate an IPv4 address for referencing the same route).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of generates the IPv6 encapsulation header, as taught by Filsfils in the method of Koponen, Ghule and Chen, so forwarding IPv6 packets based on shorter addresses derived from their IPv6 destination addresses allow providers to employ networks and systems having greater speed and capacity, see Filsfils par0002.

As per claim 14. Koponen, Ghule, Chen and Filsfils disclose the method of claim 13.
          Koponen further discloses wherein the gateway device (Koponen, Fig1 {router1-gateway device}, par0036 teaches the logical router 115 [gateway device] also connects to an external network 145).
          Koponen, Ghule and Chen do not explicitly identifies the first destination IP address in the IPv6 encapsulation header based on the second IP address and port number in the IPv4 header.
         Filsfils however discloses identifies the first destination IP address in the IPv6 encapsulation header based on the second IP address and port number in the IPv4 header. (Filsfils, par0039 teaches in process block 672, the received IPv6 packet is processed, including removing the IPv6 encapsulation such as to expose the encapsulated IP packet, which is then forwarded from the packet switching device).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of identifies the first destination IP address in the IPv6 encapsulation header based on the second IP address and port number in the IPv4 header, as taught by Filsfils in the method of Koponen, Ghule and Chen, so forwarding IPv6 packets based on shorter addresses derived from their IPv6 destination addresses allow providers to employ networks and systems having greater speed and capacity, see Filsfils par0002.

As per claim 15. Koponen, Ghule, Chen and Filsfils disclose the method of claim 14.
          Koponen further discloses (1) to identify the first IP destination address, (Koponen par0133 teaches  the SNAT processing identifies that the packet matches its connection table [record]. The SNAT modifies the destination IP to the actual IP address).
          Koponen does not explicitly discloses (2) to encapsulate IPv4 packets destined to the second IP address with the IPv6 header using the first IP destination address, and (3) to forward data messages destined to the first IPv6 address to the host computer.
          Ghule however discloses (2) to encapsulate IPv4 packets destined to the second IP address with the IPv6 header using the first IP destination address, and (3) to forward data messages destined to the first IPv6 address to the host computer. (Ghule, par0026 teaches client device 102 may be coupled (e.g., via a data link) to CPE 104 which may be configured to function as a customer edge router in a use Mapping of Address and Port with Encapsulation (MAP-E) deployment. In some examples, CPE 104 may receive one or more IPv4 packets from CD 102 and encapsulate those one or more IPv4 packets into one or more IPv6 packets based on the IPv4 packet header information (e.g., using MAP-E). For example, CPE 104 may determine an IPv6 source address based on the IPv4 source address and IPv4 source port number from the IPv4 header information (e.g., using Network Address and Port Translation (NAPT) or other address mapping techniques). Similarly, CPE 104 may determine an IPv6 destination address based on the IPv4 destination address and, optionally, destination port number from the IPv4 header information. The one or more encapsulated packets are transmitted (e.g., via a datalink) to tunnel entry point (TEP) device 106, which forwards the one or more encapsulated packets through network tunnel 116 to network device 110 based on the IPv6 header information of the one or more encapsulated packets).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of (2) to encapsulate IPv4 packets destined to the second IP address with the IPv6 header using the first IP destination address, and (3) to forward data messages destined to the first IPv6 address to the host computer, see Ghule par0004.
          Koponen and Ghule do not explicitly disclose wherein the gateway device is configured by a controller computer in the first network.
          Chen however discloses wherein the gateway device is configured by a controller computer in the first network (Chen, par0079, 0082 teaches the management plane controller 705 communicates the middlebox service configurations to the control plane controllers 710 for the control plane controllers 710 to provide control plane data to the edge hosts 720 to configure [gateway device is configured by a controller computer] the edge hosts 720 to implement the desired middlebox services according to the middlebox service configurations….. middlebox service engines execute on a same physical device as an edge gateway (i.e., edge host 720) and each of the middlebox service engines and the edge gateway are implemented using virtual machines (service virtual machines), containers, or software modules executing on the physical device. In other embodiments, edge gateways and middlebox service engines execute on separate physical devices (not shown). In some embodiments, each physical device is one of a standalone device for performing a particular gateway or middlebox function or a device executing a set of virtual machines, containers or software modules to implement the gateway or middlebox function.).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the gateway device is configured by a controller computer in the first network, as taught by Chen in the method of Koponen and Ghule, so a middlebox service engine can use the threat level indicator as another attribute to identify service rules to enforce, see Chen par0009.

Claims 3 - 5 are rejected under 35 U.S.C. 103 as being unpatentable over Koponen in view of Ghule further in view of Filsfils further in view of Chen, and further in view of Nixon et al. (US20130070745A1) hereinafter Nixon. 
As per claim 3. Koponen, Ghule, Chen and Filsfils disclose the method of claim 2. 
          Koponen does not explicitly discloses wherein forwarding the encapsulated packet to the host computer.
          Ghule however discloses wherein forwarding the encapsulated packet to the host computer. (Ghule, par0026 teaches the one or more encapsulated packets are transmitted (e.g., via a datalink) to tunnel entry point (TEP) device 106, which forwards the one or more encapsulated packets through network tunnel 116 to network device 110 based on the IPv6 header information of the one or more encapsulated packets).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein forwarding the encapsulated packet to the host computer, as taught by Ghule in the method of Koponen, so some networks use IPv4 and other networks use IPv6, many computer networks encapsulate IPv4 packets into IPv6 packets, and vice versa, for transmission within networks that use IPv6 or IPv4, see Ghule par0004.
          Koponen, Ghule and Chen do not explicitly disclose that is created based on the host computer advertising the second destination IP address as available at the host computer.
         Filsfils however discloses that is created based on the host computer advertising the second destination IP address as available at the host computer. (Filsfils, par0033 teaches in process block 502, routing protocol packets are exchanged with other packet switching devices in the network to distribute IP routing information, with these IP routes typically stored in a RIB).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of that is created based on the host computer advertising the second destination IP address as available at the host computer, as taught by Filsfils in the method of Koponen, Ghule and Chen, so forwarding IPv6 packets based on shorter addresses derived from their IPv6 destination addresses allow providers to employ networks and systems having greater speed and capacity, see Filsfils par0002.
          Koponen, Ghule, Chen and Filsfils do not explicitly disclose is based on a routing entry in an IPv6 routing table of the gateway device.
        Nixon however discloses is based on a routing entry in an IPv6 routing table of the gateway device (Nixon, par0101 teaches the IPv6 data frame may ultimately be routed to and received by the IPv6 enabled WirelessHART gateway 102 via the internet 101 using standard IPv6 or IP network routing protocol techniques.  As previously described, the IPv6 enabled WirelessHART gateway 102 may use IP routing tables to determine that the device associated with the IP destination address of the IPv6 data frame is within the WirelessHART network 100 and may determine WirelessHART network routing information needed to send information to that device over the network 100).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of is based on a routing entry in an IPv6 routing table of the gateway device, as taught by Nixon in the method of Koponen, Ghule  and Filsfils,  so improved networking ability translate to enhanced process plant control and consequently, improved process plant output, see Nixon par0004.

As per claim 4. Koponen, Ghule, Chen, Filsfils and Nixon disclose the method of claim 3.
          Koponen further discloses the SNAT middlebox service instance to replace source addresses of packets sent from within the first network to which it provides the SNAT middlebox service. (Koponen par0136 teaches one of the middlebox services that may be provided in a distributed manner in logical networks of some embodiments is a SNAT service. When providing the SNAT service, the middlebox replaces a source network address (e.g., the source IP address) with a different source network address in order to hide the real source network address from the recipient of the packet).
          Koponen, Ghule and Chen do not explicitly disclose wherein the advertised IPv6 address is an IPv6 address prefix based on the first destination IPv4 address used by.
         Filsfils however discloses wherein the advertised IPv6 address is an IPv6 address prefix based on the first destination IPv4 address used by (Filsfils, par0034 teaches this exchanging of routing information includes, but is not limited to, an identification of a prefix/value to be added to an advertised IPv4 address to generate an IPv6 address for referencing the same route, or the identification of a prefix/value to be removed from an advertised IPv6 address to generate an IPv4 address for referencing the same route).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the advertised IPv6 address is an IPv6 address prefix based on the first destination IPv4 address used by, as taught by Filsfils in the method of Koponen, Ghule and Chen, so forwarding IPv6 packets based on shorter addresses derived from their IPv6 destination addresses allow providers to employ networks and systems having greater speed and capacity, see Filsfils par0002.

As per claim 5. Koponen, Ghule, Chen, Filsfils and Nixon disclose the method of claim 4.
          Koponen further discloses wherein the SNAT middlebox service is a distributed SNAT (dSNAT) middlebox service implemented by a plurality of dSNAT middlebox service instances executing on a plurality of host computers and (Koponen par0143 teaches this network includes three hosts 935-945 on which the MFEs 905-915 and distributed SNAT elements 920-930 run, respectively).
dSNAT (Koponen par0019 teaches FIG. 10 conceptually illustrates a process performed by a distributed SNAT middlebox element of some embodiments in order to translate source network addresses of the packets received from the MFE that operates in the same host as the distributed SNAT element).
the middlebox service instance executing on the host computer. (Koponen par0136-0137 teaches one of the middlebox services that may be provided in a distributed manner in logical networks of some embodiments is a SNAT service. When providing the SNAT service, the middlebox replaces a source network address (e.g., the source IP address) with a different source network address in order to hide the real source network address from the recipient of the packet…..If a first VM sends a packet to a second VM, the local SNAT [host computer] may translate the IP address of the first VM into a particular address. In some embodiments, the SNAT (or SNATP) assigns a source transport port number in addition to the IP address. This source port number may be assigned at random in some embodiments. When a third VM, on the same subnet as the first VM but located at a different host, sends a packet to the second VM, the local SNAT element of the different host will perform its SNAT processing).  
each middlebox service instance, (Koponen par0165 teaches the SNAT element 920 identifies an IP address to which to translate the source IP address (10.0.1.1) of packet 1. In this example, the distributed middlebox instance 125 selects 11.0.1.1 from the range of IP addresses (11.0.1.1-11.0.1.100) described above by reference to FIG. 9. The distributed SNAT element 920 modifies the source IP address of the current packet 1 to have the selected IP address 11.0.1.1).
using the first destination IPv4 address to provide the, middlebox service for packets sent from within the first network, (Koponen par0066 teaches whereas routers and switches will normally forward packets according to the destination address (e.g., MAC address or IP address) of the packet, policy routing allows forwarding decisions to be made based on other information stored by the packet (e.g., source addresses, a combination of source and destination addresses, etc.). For example, the user might specify that all packets with source IP addresses in a particular subnet, or that have destination IP addresses not matching a particular set of subnets, should be forwarded to the middlebox).
of port numbers (Koponen par0137 teaches in some embodiments, the SNAT (or SNATP) assigns a source transport port number in addition to the IP address. This source port number may be assigned at random in some embodiments).
is assigned a non-overlapping range, to use in providing, the range, assigned to  (Koponen par0165 teaches the SNAT element 920 identifies an IP address to which to translate the source IP address (10.0.1.1) of packet 1. In this example, the distributed middlebox instance 125 selects 11.0.1.1 from the range of IP addresses (11.0.1.1-11.0.1.100) described above by reference to FIG. 9).
          Koponen, Ghule and Chen do not explicitly disclose each host computer advertises a different IPv6 address prefix based on the first destination IPv4 address.
         Filsfils however discloses each host computer advertises a different IPv6 address prefix based on the first destination IPv4 address (Filsfils, par0034 teaches this exchanging of routing information includes, but is not limited to, an identification of a prefix/value to be added to an advertised IPv4 address to generate an IPv6 address for referencing the same route, or the identification of a prefix/value to be removed from an advertised IPv6 address to generate an IPv4 address for referencing the same route).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of each host computer advertises a different IPv6 address prefix based on the first destination IPv4 address, as taught by Filsfils in the method of Koponen, Ghule and Chen, so forwarding IPv6 packets based on shorter addresses derived from their IPv6 destination addresses allow providers to employ networks and systems having greater speed and capacity, see Filsfils par0002.

Claims 6 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Koponen in view of Ghule further in view of Chen, and further in view of Ogier et al. (US20030179742A1) hereinafter Ogier.
As per claim 6. Koponen, Ghule and Chen disclose the method of claim 1.
          Koponen further discloses wherein the SNAT record is a record that identifies packets destined to the first destination IPv4 address (Koponen par0133 teaches the SNAT processing identifies that the packet matches its connection table [record]. The SNAT modifies the destination IP to the actual IP address).
          Koponen, Ghule and Chen do not explicitly disclose requiring the identifying and encapsulating operations to forward the packet using the identified second destination IP address.
         Ogier however discloses requiring the identifying and encapsulating operations to forward the packet using the identified second destination IP address. (Ogier, Fig. 16,  par0309-0311 the routing node 14 then determines (step 334) if any IPv6 routing information leads to the destination node 18; that is, if the IPv6 routing table has an entry for ‘default’ (i.e., the default gateway) or for the IPv6 prefix of the destination node 18. If such an entry is found, the router 14 determines (step 336) whether there is a path through IPv6 routing infrastructure to the gateway 16 for the IPv6 prefix of the destination node 18. If there is such an IPv6 path, then the router 14 sends (step 338) the packet as an IPv6 packet to the IPv6 gateway 16 for that IPv6 prefix. If no such IPv6 path to the gateway 16 through IPv6 routing infrastructure exists, the routing node 14 construes (step 340) the last four bytes of the extension identifier 308 as an IPv4 address embedded in the IPv6-IPv4 compatibility address. The routing node 14 then determines (step 342) if the IPv4 routing table includes an entry for a prefix of the embedded IPv4 address of the destination. Upon finding such an entry, the routing node 14 encapsulates (step 342) the IPv6 packet for tunneling through the IPv4 routing infrastructure using the embedded IPv4 address as the destination for the tunneled packet.).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of requiring the identifying and encapsulating operations to forward the packet using the identified second destination IP address, as taught by Ogier in the method of Koponen, Ghule and Chen, so a proactive link-state routing protocol designed for mobile ad-hoc networks enable a mobile wireless network to perform reliably and efficiently, see Ogier par0014.

As per claim 8. Koponen, Ghule and Chen disclose the method of claim 7.
          Koponen further discloses a third set of bits comprising a set of bits of the port number that belong to a port number (Koponen par0164 teaches in some cases, the SNAT element will select the same address and transport port number, in which case the second VM will see packets coming from two different sources (i.e., two different tunnels) but having the same source address and port number, and therefore having the same transport connection 5-tuple unless the transport protocol or destination port number are different).
range that has been assigned to the SNAT middlebox instance (Koponen par0165 teaches the SNAT element 920 identifies an IP address to which to translate the source IP address (10.0.1.1) of packet 1. In this example, the distributed middlebox instance 125 selects 11.0.1.1 from the range of IP addresses (11.0.1.1-11.0.1.100) described above by reference to FIG. 9).
          Koponen, Ghule and Chen do not explicitly disclose wherein the IPv6 address comprises a first set of bits that indicate that the address is not necessarily globally unique, a second set of bits comprising the IPv4 address.
         Ogier however discloses wherein the IPv6 address comprises a first set of bits that indicate that the address is not necessarily globally unique, a second set of bits comprising the IPv4 address. (Ogier, par0304 IPv4 addresses need not be globally unique but may be allocated through a private network-addressing scheme that has meaning only within the context of that domain. IPv6-IPv4 compatibility addresses for private IPv4 addresses set the ‘u’ bit to 0 for local scope. For example, a node with the private, non-globally unique IPv4 address 10.0.0.1 can be assigned the IPv6-IPv4 compatibility address of 3FFE:1a05:510:200:0000:5EFE:10.0.0.1, which uses the same example IPv6 64-bit prefix and IANA OUI (00-00-5E) described above with the ‘u’ bit in the EUI-64 interface identifier indicating that this is a local address.).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the IPv6 address comprises a first set of bits that indicate that the address is not necessarily globally unique, a second set of bits comprising the IPv4 address, as taught by Ogier in the method of Koponen, Ghule and Chen, so a proactive link-state routing protocol designed for mobile ad-hoc networks enable a mobile wireless network to perform reliably and efficiently, see Ogier par0014.

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Koponen in view of Ghule further in view of Chen and further in view of Boucadair et al. (US20110110374A1) hereinafter Boucadair.
As per claim 7. Koponen, Ghule and Chen disclose the method of claim 1.
          Koponen, Ghule and Chen do not explicitly disclose wherein the second destination IP address is an IPv6 address comprising the first destination IPv4 address and a set of bits of the first destination port.
          Boucadair however discloses wherein the second destination IP address is an IPv6 address comprising the first destination IPv4 address and a set of bits of the first destination port. (Boucadair, par0115 teaches the receiving method includes a step PA1 of constructing an IPv6 destination address IPv4inIPv6_dest_address by 
concatenating a prefix IPv6/IPv4_Access_Node_prefix of the access node 40, said 
IPv4 destination address shared@IPv4, and the destination port number 
dest-port, as described with reference to FIG. 4.  The destination port number 
dest-port is inserted in the right-hand part of the IPv6 constructed 
destination address.  The receiving method of the invention thus inserts both 
the 32 bits of the destination IPv4 address of the received IPv4 packet and the 
16 bits of the destination port dest-port to constitute a constructed 
destination IPv6 address that is referred to as IPv4inIPv6 dest address).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the second destination IP address is an IPv6 address comprising the first destination IPv4 address and a set of bits of the first destination port, as taught by Boucadair in the method of Koponen, Ghule and Chen, double NAT or operator NAT enables a service provider to economize on a non-negligible number of IPv4 public addresses required to provide IP connectivity service, see Boucadair par00011.

Claims 10 and 16-19 are rejected under 35 U.S.C. 103 as being unpatentable over Koponen in view of Ghule further in view of Chen, and further in view of Nixon. 
As per claim 10. Koponen, Ghule and Chen disclose the method of claim 1.
          Koponen further discloses associated with a set of SNAT middlebox service instances is received from a (Koponen par0133 teaches  the SNAT processing identifies that the packet matches its connection table [record]. The SNAT modifies the destination IP to the actual IP address).
middlebox service instance. (Koponen par0165 teaches the SNAT element 920 identifies an IP address to which to translate the source IP address (10.0.1.1) of packet 1. In this example, the distributed middlebox instance 125 selects 11.0.1.1 from the range of IP addresses (11.0.1.1-11.0.1.100) described above by reference to FIG. 9. The distributed SNAT element 920 modifies the source IP address of the current packet 1 to have the selected IP address 11.0.1.1).
controller computer for inclusion in an (Koponen par0072 teaches he middlebox configuration data is a set of records, with each record specifying a particular rule. These records, in some embodiments, are in a similar format to the flow entries propagated to the managed forwarding elements. In fact, some embodiments use the same applications on the controllers to propagate the firewall configuration records as for the flow entries, and the same table mapping language (e.g., nLog) for the records).
          Koponen, Ghule and Chen do not explicitly disclose wherein a set of IPv6 routing entries, IPv6 routing table of the gateway device, forwarding the encapsulated packet comprises performing a lookup in the IPv6 routing table to identify a next hop for forwarding the encapsulated packet to the.
        Nixon however discloses wherein a set of IPv6 routing entries, IPv6 routing table of the gateway device, (Nixon, par0101 teaches the IPv6 data frame may ultimately be routed to and received by the IPv6 enabled WirelessHART gateway 102 via the internet 101 using standard IPv6 or IP network routing protocol techniques.  As previously described, the IPv6 enabled WirelessHART gateway 102 may use IP routing tables to determine that the device associated with the IP destination address of the IPv6 data frame is within the WirelessHART network 100 and may determine WirelessHART network routing information needed to send information to that device over the network 100).
forwarding the encapsulated packet comprises performing a lookup in the IPv6 routing table to identify a next hop for forwarding the encapsulated packet to the (Nixon, par0101 teaches the data frame routing block 308 may maintain one or several “routing tables” (illustrated in FIG. 7 as routing tables 309) to assist the data frame routing block 308 in determining where to route a particular data frame. Generally, the routing tables 309 include one or several route entries and each route entry may include a subnet mask, the IP address of another gateway or router, etc. The entries in the routing table 309 may be utilized by the data frame routing block 308 to determine the address or location of the next gateway/router where the data frame may be sent to, in order for the data frame to reach the intended recipient devices connected to the internet. The routing table entries maintained by the data frame routing block 308 in the IP routing tables 309 may be configurable and the routing tables 309 may be updated with route entries received from the internet or via the WirelessHART network in some cases).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein a set of IPv6 routing entries, IPv6 routing table of the gateway device, forwarding the encapsulated packet comprises performing a lookup in the IPv6 routing table to identify a next hop for forwarding the encapsulated packet to the, as taught by Nixon in the method of Koponen, Ghule and Chen,  so improved networking ability translate to enhanced process plant control and consequently, improved process plant output, see Nixon par0004.

As per claim 16. Koponen, Ghule and Chen disclose the method of claim 11.
          Koponen, Ghule and Chen  do not explicitly disclose further comprising advertising, to the gateway device, an IPv6 address prefix that comprises the first IP destination address as available at the host computer to cause the gateway device to forward to the host computer packets destined to IPv6 destination addresses for which the advertised IPv6 address prefix is the longest matching prefix.
        Nixon however discloses further comprising advertising, to the gateway device, an IPv6 address prefix that comprises the first IP destination address as available at the host computer to cause the gateway device to forward to the host computer packets destined to IPv6 destination addresses for which the advertised IPv6 address prefix is the longest matching prefix (Nixon, par0101 teaches the destination IP address in the IP header of the IPv6 data frame may correspond to the IPv6 address of IPv6-enabled WirelessHART field device 107. The computing device 115 may transmit the IPv6 data frame via a WLAN network 16, for example, into the internet 101. The IPv6 data frame may ultimately be routed to and received by the IPv6 enabled WirelessHART gateway 102 via the internet 101 using standard IPv6 or IP network routing protocol techniques. As previously described, the IPv6 enabled WirelessHART gateway 102 may use IP routing tables to determine that the device associated with the IP destination address of the IPv6 data frame is within the WirelessHART network 100 and may determine WirelessHART network routing information needed to send information to that device over the network 100).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of further comprising advertising, to the gateway device, an IPv6 address prefix that comprises the first IP destination address as available at the host computer to cause the gateway device to forward to the host computer packets destined to IPv6 destination addresses for which the advertised IPv6 address prefix is the longest matching prefix, as taught by Nixon in the method of Koponen, Ghule and Chen,  so improved networking ability translate to enhanced process plant control and consequently, improved process plant output, see Nixon par0004.

As per claim 17. Koponen, Ghule, Chen and Nixon disclose the method of claim 16.
          Koponen further discloses the dSNAT middlebox service instance (Koponen par0143 teaches this network includes three hosts 935-945 on which the MFEs 905-915 and distributed SNAT elements 920-930 run, respectively).
and (2) a range of port numbers assigned to, use as source ports for outgoing packets (Koponen par0136-0137 teaches one of the middlebox services that may be provided in a distributed manner in logical networks of some embodiments is a SNAT service. When providing the SNAT service, the middlebox replaces a source network address (e.g., the source IP address) with a different source network address in order to hide the real source network address from the recipient of the packet…..If a first VM sends a packet to a second VM, the local SNAT [host computer] may translate the IP address of the first VM into a particular address. In some embodiments, the SNAT (or SNATP) assigns a source transport port number in addition to the IP address. This source port number may be assigned at random in some embodiments. When a third VM, on the same subnet as the first VM but located at a different host, sends a packet to the second VM, the local SNAT element of the different host will perform its SNAT processing).  
          Koponen does not explicitly discloses further comprising identifying the IPv6 address prefix based on (1) an IPv4 address used as a source IP address by, for outgoing packets.
          Ghule however discloses further comprising identifying the IPv6 address prefix based on (1) an IPv4 address used as a source IP address by, for outgoing packets (Ghule, par0026 teaches client device 102 may be coupled (e.g., via a data link) to CPE 104 which may be configured to function as a customer edge router in a use Mapping of Address and Port with Encapsulation (MAP-E) deployment. In some examples, CPE 104 may receive one or more IPv4 packets from CD 102 and encapsulate those one or more IPv4 packets into one or more IPv6 packets based on the IPv4 packet header information (e.g., using MAP-E). For example, CPE 104 may determine an IPv6 source address based on the IPv4 source address and IPv4 source port number from the IPv4 header information (e.g., using Network Address and Port Translation (NAPT) or other address mapping techniques). Similarly, CPE 104 may determine an IPv6 destination address based on the IPv4 destination address and, optionally, destination port number from the IPv4 header information. The one or more encapsulated packets are transmitted (e.g., via a datalink) to tunnel entry point (TEP) device 106, which forwards the one or more encapsulated packets through network tunnel 116 to network device 110 based on the IPv6 header information of the one or more encapsulated packets).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of further comprising identifying the IPv6 address prefix based on (1) an IPv4 address used as a source IP address by, for outgoing packets, as taught by Ghule in the method of Koponen, so some networks use IPv4 and other networks use IPv6, many computer networks encapsulate IPv4 packets into IPv6 packets, and vice versa, facilitating transmission within networks that use IPv6 or IPv4, respectively, see Ghule par0004.

As per claim 18. Koponen, Ghule, Chen and Nixon disclose the method of claim 16.
          Koponen, Ghule and Chen do not explicitly disclose wherein advertising the IPv6 address prefix to the gateway device comprises advertising the IPv6 address prefix as available at the host computer to a route reflector that, in turn, advertises the IPv6 address prefix as available at the host computer to the gateway device.
        Nixon however discloses wherein advertising the IPv6 address prefix to the gateway device comprises advertising the IPv6 address prefix as available at the host computer to a route reflector that, in turn, advertises the IPv6 address prefix as available at the host computer to the gateway device (Nixon, par0101 teaches the IPv6 data frame may ultimately be routed to and received by the IPv6 enabled WirelessHART gateway 102 via the internet 101 using standard IPv6 or IP network routing protocol techniques.  As previously described, the IPv6 enabled WirelessHART gateway 102 may use IP routing tables to determine that the device associated with the IP destination address of the IPv6 data frame is within the WirelessHART network 100 and may determine WirelessHART network routing information needed to send information to that device over the network 100).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein advertising the IPv6 address prefix to the gateway device comprises advertising the IPv6 address prefix as available at the host computer to a route reflector that, in turn, advertises the IPv6 address prefix as available at the host computer to the gateway device, as taught by Nixon in the method of Koponen, Ghule and Chen,  so improved networking ability translate to enhanced process plant control and consequently, improved process plant output, see Nixon par0004.

As per claim 19. Koponen, Ghule, Chen and Nixon disclose the method of claim 16.
          Koponen does not explicitly discloses device to perform the IPv6 encapsulation for data messages destined for the second IP address.
          Ghule however discloses device to perform the IPv6 encapsulation for data messages destined for the second IP address (Ghule, par0041 teaches FIG. 3A is a block diagram illustrating a conceptual IPv4 packet 300 in accordance to techniques of this disclosure. In this example, IPv4 packet 300 includes IPv4 headers 302 and IPv4 payload. IPv4 headers 302 may include IPv4 version (i.e., 4), protocol (e.g., Transmission Control Protocol (TCP), User Datagram Protocol (UDP), IPv6 encapsulation (ENCAP)), header checksum, 32-bit IPv4 source address, and 32-bit IPv4 destination address among others. IPv4 payload 304 includes the data to be transported by IPv4 packet 300. The contents of IPv4 payload 304 depend on the protocol being used. In some examples, IPv4 headers 302 or IPv4 payload may include a source port number and/or a destination port number, depending on the protocol being used).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of device to perform the IPv6 encapsulation for data messages destined for the second IP address, as taught by Ghule in the method of Koponen, so some networks use IPv4 and other networks use IPv6, many computer networks encapsulate IPv4 packets into IPv6 packets, and vice versa, facilitating transmission within networks that use IPv6 or IPv4, respectively, see Ghule par0004.
          Koponen, Ghule and Chen do not explicitly disclose wherein advertising the IPv6 address prefix to the gateway device further comprises information for configuring the gateway.
        Nixon however discloses wherein advertising the IPv6 address prefix to the gateway device further comprises information for configuring the gateway (Nixon, par0101 teaches the IPv6 data frame may ultimately be routed to and received by the IPv6 enabled WirelessHART gateway 102 via the internet 101 using standard IPv6 or IP network routing protocol techniques.  As previously described, the IPv6 enabled WirelessHART gateway 102 may use IP routing tables to determine that the device associated with the IP destination address of the IPv6 data frame is within the WirelessHART network 100 and may determine WirelessHART network routing information needed to send information to that device over the network 100).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein advertising the IPv6 address prefix to the gateway device further comprises information for configuring the gateway, as taught by Nixon in the method of Koponen, Ghule and Chen, so improved networking ability translate to enhanced process plant control and consequently, improved process plant output, see Nixon par0004.

Conclusion
The prior art made of record and not relied upon is considered pertinent are -
• Boutros et al. (US 20190020580 A1) – Related art in the area of managed network implementing at least one logical router having centralized and distributed components, some embodiments provide a method that better supports the provision of certain network applications and/or services.
• Zhang et al. (US20130125120A1) – Related art in the area of a controller of a network control system for configuring several middlebox instances, the middlebox instances implement a middlebox in a distributed manner in several hosts.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MONISHWAR MOHAN whose telephone number is (571)272-2907. The examiner can normally be reached Monday - Thursday 7:00 am - 5:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Trost can be reached on (571) 272-7872. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/M.M./Examiner, Art Unit 2442                                                                                                                                                                                                        

/WILLIAM G TROST IV/Supervisory Patent Examiner, Art Unit 2442