DETAILED ACTION
Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-3 and 5-21 have been examined and rejected.

Based on the applicant’s arguments filed on 04/08/2022 and the decision to reopen the case made during the panel decision from pre-appeal brief review, the finality of the rejection of claims 1-3 and 5-21 has been withdrawn and this new non-final with new ground of rejections has been made.

4. The non-statutory double patenting rejection dated 09/17/2021 will be held in abeyance until all ground of rejection are resolved as per applicant’s request.

Claim Rejections - 35 USC § 112
5.	The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

6.	Claim 15 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
As per claim 15,
The claim term “the plurality of service identifiers stored in a variable sized option field” is unclear. It is not clear what the service identifies refers to  “a plurality of network addresses of a plurality of service machines” or any other service identifier. 

Claim Rejections - 35 USC § 103
7.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


8.	Claims 1-3 and 5-13 are rejected under AIA  35 U.S.C. 103 as being unpatentable over Previdi et al. (U.S. PGPub 2017/0005920) in view of Jeuk et al. (U.S. PGPub 2017/0373990).
As per claim 1,
Previdi teaches in a multi-tenant network, a method of specifying service operations for a data message associated with a particular machine of a particular tenant, the method comprising: in a tunnel header for encapsulating a data message, storing a tenant identifier identifying the particular tenant and a plurality of service identifiers associated with a plurality of service machines for performing a plurality of service operations on the data message (Previdi see paragraphs 0023-0025 and 0033 a service function path with services are to perform their respective functions on the packet, the packet/frame may then be encapsulated with an indication of the adding a network service header with metadata and service path information, a Service Path Identifier and Service Index, unique SPI is used to identify a given service path instantiation of a service chain)
and forwarding the data message encapsulated with the tunnel header along a tunnel to a first service machine to perform a first service operation identified by the plurality of service identifiers (Previdi see paragraphs 0067, as shown in fig. 4E, device B forward packet 406 on to the device C, as indicated by label 424 as any number of devices may exist along a given segment, such as between devices B and C. an intermediary device, or device B, depending on the segment, may then perform a POP operation on label 424 before finally forwarding packet 406 on to device C).
Previdi fails to exclusively fail to teach in a multi-tenant network a tunnel header for encapsulating a data message, storing a tenant identifier identifying the particular tenant;
In similar field of endeavor Jeuk teaches, in a multi-tenant network a tunnel header for encapsulating a data message, storing a tenant identifier identifying the particular tenant (Jeuk see paragraphs 0026 as shown in fig. 2C an Internet Protocol version 6 (IPv6) packet 205c that includes an extension header 210 with a Universal Cloud Classification (UCC) 215c that is comprised of a cloud identifier 220c, a service identifier 225c, a tenant identifier 230c, UCC IDs including a tenant identifier 230c with cloud provider significance, meaning a tenant identifier registered with a given cloud provide, correlating between VLANs and Volans while maintaining traffic separation defined for a plurality of service/tenant pairings, while VxLANs may be provided with service/tenant granularity, provide sufficient information for the service function to determine a VxLAN associated with this service/tenant pairing).
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of Previdi with the teaching of Jeuk as doing so would provide an efficient method to provide service functions to configure and transmit a packet according to a network overlay and segmentation based upon information extracted from the packet at a network service function (Jeuk see paragraph 0013-0016).
Previdi in view of Jeuk fails to exclusively teach the plurality of service identifiers stored in a variable sized option field of the tunnel header that allows different number of service machines to be specified for performing different number of service operations for different data message flows;
In a similar filed of endeavor Wang teaches the plurality of service identifiers stored in a variable sized option field of the tunnel header, that allows different number of service machines to be specified for performing different number of service operations for different data message flows (Wang see para 0141, 0170, 0262 and 0264, as shown in fig. 1-5, extension of a packet with a Routing Type of 0 is defined with a list of IPv6 address of intermediate nodes, using an Options field of fig. 1-6, that includes options in a Type-Length-Value/TLV format, as shown in fig. 3-2, the metadata option is arranged to identify a variable length optional metadata information contained in an NSH with MD Option Type: identifying a metadata option type, Opt Data Len: identifying a metadata length contained in the metadata option and Option Data: identifying metadata contained in the option, as shown in fig. 3-10 an IPv6 routing header implemented by transmitting SFP with an IPv6 global address list in an inverted sequence of service function host IPV6 address, a packet format as shown in fig 3-10, intermediate nodes SFF1/SF2/SFF3/SF5 when being sent from a source S to a destination D, all the intermediate nodes have globally reachable IPv6 address IDs. and correspond to IPv6 addresses SF1-IPv6/SF2-IPv6/SFF3-IPv6/SF5-IPv6 respectively, as the SFP will be different for different flows so will the list of IPV6 address of the service function forwarder and the service function machines performing different operations for the different data message flows);
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of Previdi in view of Jeuk with the teaching of Wang as doing so would provide an efficient method for implementing an service function chain that deploy and rapidly implement an service function chain technology in an Internet Protocol version 6 (IPv6) network (Wang see para 0008).

As per claim 2,
Previdi in view of Jeuk teaches the method of claim 1, wherein storing the plurality of service identifiers comprises storing in the tunnel header a plurality of network addresses of the plurality of service machines (Previdi see paragraphs 0023, 0034-35 and 0064-65, as shown in. 4C, ingress device B, or another device in communication therewith, may determine whether packet 406 should be sent through a service chain and, if so, which services should be applied to packet 406 device B classify packet 406 from device A based on the information in header 410, the source address, the destination address,  based on an application associated with packet 406, based on the payload 408, etc. In turn, device B may add a service chain header 412 to packet 406) 

As per claims 3-6,
Previdi in view of Jeuk teaches the method of claim 2, wherein storing the plurality of service identifiers further comprises storing in the tunnel header a service operation descriptor for each service machine identified by a network address stored in the tunnel header, in order to explain the type of service operation that the service machine performs, further comprising storing a service index value in the tunnel header that identifies one of the stored network addresses as the network address of a service machine that is to perform a next service operation, wherein the service identifiers are stored in a reverse order in the tunnel header such that the first service operation is stored last while the last service operation is stored first, and the service index is decremented each time a service operation is performed by a service machine, storing a service index value in the tunnel header that identifies one of the stored service identifiers as a next service operation that is to be performed (Previdi see paragraphs 24-26, 54 and 69, outer encapsulation used for transport between individual services of the service chain is then pushed on to the packet/frame, forwarding of packets/frames is achieved at the service plane layer using the NSH headers, a Service Path Identifier SPI and Service Index (SI), the unique SPI is used to identify a given service path instantiation of a service chain, and the SI is initialized to the total number of services within the service chain, and decremented at each service hop as packets/frames traverse through the service path, as shown in fig.  4G, service S1 may determine that packet 406 includes encapsulated service chain header 412, based on the inclusion of reserved label 426 by device C. In turn, in some embodiments, service S1 may remove the forwarding labels from packet 406, to expose service chain header 412, and perform the corresponding service on packet 406 using header 412. After performing the function/service, service S1 may replace labels 414-420 and forward packet 406 towards its next segment destination, device D, as indicated by label 420).

As per claims 7-8,
Previdi in view of Jeuk teaches the method of claim 1 further comprising based on a set of one or more attributes associated with the data message, selecting a set of at least two service operations from a plurality of candidate sets of service operations that are different viable operation sets for performing on the data message, wherein selecting comprises: for a first data message flow from a first machine to a second machine, selecting a first set of service operations based on a first type of content carried in the first data message flow; and for a second data message flow from the first machine to the second machine, selecting a second set of service operations based on a second type of content carried in the second data message flow, said second set of service operations comprising at least one service operation not in the first set of service operations (Previdi see paragraphs 33, 49, 66-77, use of SR-meaningful labels within a specific context, a reserved label having a predefined value and other reserved label values may be used, the semantics of such a label value indicates that a service chain header directly follows the bottom-of-label-stack. Further, this reserved value may be used within a specific context in an SR-aware service chain, and may not be added at the beginning of an SFP, in some embodiments, the label <100>, which may act as an NSH-aware service indicator and as NSH-encapsulated user packet, may be applied at device R1, in contrast to other devices such as R0 or at the SFP head-end, this allows the label <100> to be in the context from R1 to S1) 

As per claims 9 -11,
Previdi in view of Jeuk teaches the method of claim 1, wherein the tunnel connects to a first service node that connects to the first service machine without having to utilize any intervening hardware router or hardware switch, wherein the first service machine is one of a standalone computer, a service module executing on a host computer, and a standalone service appliance, wherein the first service node and first service machine are modules executing on a host computer along with other machines (Previdi see paragraphs 0063-0067, service nodes 402 and 404 are connected by the tunnel as a service machine as would be understood by one with ordinary skill in the art without any intervening hardware, it is a host computer running a service module services 402-404 may include caching services, firewall services, anti-intrusion services, malware detection services, DPI services, acceleration services, load balancing services, LI services, optimization services). 

As per claim 12,
Previdi in view of Jeuk teaches the method of claim 9, wherein the first service node removes the tunnel header, provides the data message to the first service machine, receives the processed data message from the first service machine, encapsulates the processed data message with another tunnel header generated from information obtained from the removed tunnel header, and sends the encapsulated processed data message along another tunnel to another service node that is connected to a second service machine to perform a first service operation identified by the plurality of service identifiers (Previdi see paragraphs 23, 34-35 and 64-74,  as showing fig. 4G, service S1 may determine that packet 406 includes encapsulated service chain header 412, based on the inclusion of reserved label 426 by device C. In turn, in some embodiments, service S1 may remove the forwarding labels from packet 406, to expose service chain header 412, and perform the corresponding service on packet 406 using header 412. After performing the function/service, service S1 may replace labels 414-420 and forward packet 406 towards its next segment destination, device D, as indicated by label 420).

As per claim 13,
Previdi in view of Jeuk teaches the method of claim 1, teach wherein the service operations are middlebox service operations (Previdi see paragraphs 0063-0067, service nodes 402 and 404 are service machine running a service module services 402-404 may include caching services, firewall services, anti-intrusion services, malware detection services, DPI services, acceleration services, load balancing services, LI services, optimization services which well known as middlebox services).

9.	Claims 14 and 21 is rejected under AIA  35 U.S.C. 103 as being unpatentable over Previdi et al. (U.S. PGPub 2017/0005920) in view of Jeuk et al. (U.S. PGPub 2017/0373990) in view of Cherian et al. (U.S. PGPub 2015/0381494).
As per claims 14,
Previdi in view of Jeuk teaches the method of claim 1, also Jeuk in paragraph 0045 teaches the header carries variable length type-length-value (TLV) formatted information, yet Previdi in view of Jeuk yet fails to exclusively teach wherein the tunnel header is a Geneve tunnel header, the tenant identifier is stored in a Geneve base header, and the plurality of service identifiers are stored in an option TLV (Type, Length, Value) of the Geneve header. 
In a similar field of endeavor Cherian teaches wherein the tunnel header is a Geneve tunnel header, the tenant identifier is stored in a Geneve base header, and the plurality of service identifiers are stored in an option TLV (Type, Length, Value) of the Geneve header (Cherian see paragraphs 1, 77, overlay networks include Virtual eXtensible LAN (VXLAN), Generic Network Virtualization Encapsulation (GENEVE), and Network Virtualization using Generic Routing Encapsulation (NVGRE), the encapsulation is described by reference to the example of VXLAN, a person of ordinary skill in the art will realize that the encapsulation can be done over other overlay networks such as GENEVE).
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of Previdi in view of Jeuk with the teaching of Cherian as doing so would provide an efficient method to provide service functions to method for offloading overlay network packet encapsulation and decapsulation to hardware (Cherian see paragraph 0005).

As per claim 21
Previdi in view of Jeuk teaches the method of claim 1, yet fail to teach wherein the tunnel header is placed outside of layers 2 and 3 headers of the data message.
In a similar field of endeavor Cherian teaches wherein the tunnel header is placed outside of layers 2 and 3 headers of the data message (Cherian see paragraphs 1, 77, overlay networks include Virtual eXtensible LAN (VXLAN), Generic Network Virtualization Encapsulation (GENEVE), and Network Virtualization using Generic Routing Encapsulation (NVGRE), the encapsulation is described by reference to the example of VXLAN, a person of ordinary skill in the art will realize that the encapsulation can be done over other overlay networks such as GENEVE).
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of Previdi in view of Jeuk with the teaching of Cherian as doing so would provide an efficient method to provide service functions to method for offloading overlay network packet encapsulation and decapsulation to hardware (Cherian see paragraph 0005).

10.	Claims 15-20 are rejected under AIA  35 U.S.C. 103 as being unpatentable over Previdi et al. (U.S. PGPub 2017/0005920) in view of Jain et al. (U.S. PGPub 2017/0064749).
As per claim 15,
Previdi teaches a non-transitory machine readable medium storing a program for specifying service operations for a data message associated with a particular machine of a particular tenant in a multi-tenant network, the program comprising sets of instructions for: storing, in a tunnel header for encapsulating a data message, a tenant identifier identifying the particular tenant and a plurality of network addresses of a plurality of service machines that are to perform a plurality of service operations on the data message (Previdi see paragraphs 13-28, in the SFC architecture, a service function path SFP in the header indicates to which services a certain packet must be sent, which services are to perform their respective functions on the packet, the packet/frame may then be encapsulated, to include an indication of the SFP, a network service header NSH added to a packet or frame, to convey metadata and service path information that may be used to create the service plane, transport, the NSH and packet may be encapsulated in an outer header, NSH headers, a Service Path Identifier SPI and Service Index SI , a unique SPI is used to identify a given service path instantiation of a service chain, and the SI is initialized to the total number of services within the service chain, and decremented at each service hop as packets/frames traverse through the service path, the service chain header include a forwarding label stack /an MPLS label stack that the packet encapsulates a service chain header NSH and implement the necessary forwarding operations at the transport layer to successfully steer traffic through a service chain using the label stack).
Previdi fails to exclusively teach the tunnel header encapsulating a tenant identifier identifying the particular tenant and a plurality of network addresses of a plurality of service machines that are to perform a plurality of service operations on the data message, the plurality of service identifiers stored in a variable sized option field of the tunnel header that allows different number of service machines to be specified for performing different number of service operations for different data message flows;
In similar field of endeavor Jain teaches the tunnel header encapsulating a tenant identifier identifying the particular tenant(Jain see paragraphs 0058-0059, 0067 and  0130, the VPN gateway connects to a network element through a Geneve or VXLAN tunnel, the tunnel protocol allows the VPN gateway to insert flow-based metadata which includes an RDM attribute set for the flow in the tunnel header, the MDM server set 120  add the mobile device's identifier, a user identifier and defining tenant information, like corporation identifier, user entitlements).
and a plurality of network addresses of a plurality of service machines that are to perform a plurality of service operations on the data message(Jain see para 0078, 0125, VPN tunnel's associated MDM attribute set in a record that identifies the VPN tunnel  and record the data message identifiers the five tuple identifiers, the source IP, destination IP, source port, destination port, and protocol for the data messages, multiple service modules 1120  associated with the VPN VM perform multiple different MDM-attribute based service operations on the data messages that they intercept form the VPN VM's egress datapath. the SFE port 1235 connected to the VPN VM's VNIC 1225 calls the MDM-attribute processing service modules as it steps through the function call list that it processes for a data message that it receives from the VPN VM ) 
the plurality of service identifiers stored in a variable sized option field of the tunnel header that allows different number of service machines to be specified for performing different number of service operations for different data message flows (Jain see paragraphs 0087, 0130 and 0139-0146, DNAT rules in the DNAT rule storage 500 store one or more candidate destination tuples, multiple sets of destination IP addresses and/or destination ports, for replacing the data message's destination tuple, the received data message's destination IP and/or destination port, during a DNAT operation as shown in fig. 5, service module 1120 of the VPN VM 1110 encapsulating the data message with a tunnel header for a tunnel between the SFE 1130 of the host 1200 and the service node that will perform the MDM-based processing of the data message or will forward the data message to the service node that will perform the MDM-based processing, when encapsulating the data message, the service module 1120 inserts the MDM attribute set for the data message in the tunnel's header, the tunnel is a Geneve or VXLAN tunnel that can have a variable length header see figs 13-16).
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of Previdi with the teaching of Jain as doing so would provide an efficient method for processing remote-device data messages in a network based on data-message attributes from a remote device management system by identifying a set of remote data message attributes associated with a data message to performs one or more service operations based on identified remote data message attribute set (Jain see paragraphs 0005-0007).
and forwarding the data message encapsulated with the tunnel header along a tunnel to a first service machine to perform a first service operation identified by the plurality of service identifiers (Previdi see paragraphs 0067, as shown in fig. 4E, device B forward packet 406 on to the device C, as indicated by label 424 as any number of devices may exist along a given segment, such as between devices B and C. Such an intermediary device, or device B, depending on the segment, may then perform a POP operation on label 424 before finally forwarding packet 406 on to device C).

As per claim 16
Previdi in view of Jain teaches the non-transitory machine readable medium of claim 15, wherein the program further comprises a set of instructions for storing a service index value in the tunnel header that identifies one of the stored network addresses as the network address of a service machine that is to perform a next service operation, said service index adjusted after each service machine performs its associated service operation (Previdi see paragraphs 24-26, 54 and 69, outer encapsulation used for transport between individual services of the service chain is then pushed on to the packet/frame, forwarding of packets/frames is achieved at the service plane layer using the NSH headers, a Service Path Identifier SPI and Service Index (SI), the unique SPI is used to identify a given service path instantiation of a service chain, and the SI is initialized to the total number of services within the service chain, and decremented at each service hop as packets/frames traverse through the service path, as shown in fig.  4G, service S1 may determine that packet 406 includes encapsulated service chain header 412, based on the inclusion of reserved label 426 by device C. In turn, in some embodiments, service S1 may remove the forwarding labels from packet 406, to expose service chain header 412, and perform the corresponding service on packet 406 using header 412. After performing the function/service, service S1 may replace labels 414-420 and forward packet 406 towards its next segment destination, device D, as indicated by label 420).

As per claims 17-18,
Previdi in view of Jain teaches the non-transitory machine readable medium of claim 15, wherein the tunnel connects to a first service node that connects to the first service machine without having to utilize any intervening hardware router or hardware switch, wherein the first service node and first service machine are modules executing on a host computer along with other machines (Previdi see paragraphs 0063-0067, service nodes 402 and 404 are connected by the tunnel as a service machine as would be understood by one with ordinary skill in the art without any intervening hardware, it is a host computer running a service module services 402-404 may include caching services, firewall services, anti-intrusion services, malware detection services, DPI services, acceleration services, load balancing services, LI services, optimization services). 

As per claim 19,
Previdi in view of Jain teaches the non-transitory machine readable medium of claim 17, wherein the first service node removes the tunnel header, provides the data message to the first service machine, receives the processed data message from the first service machine, encapsulates the processed data message with another tunnel header generated from information obtained from the removed tunnel header, and sends the encapsulated processed data message along another tunnel to another service node that is connected to a second service machine to perform a first service operation identified by the plurality of service identifiers (Previdi see paragraphs 23, 34-35 and 64-74,  as showing fig. 4G, service S1 may determine that packet 406 includes encapsulated service chain header 412, based on the inclusion of reserved label 426 by device C. In turn, in some embodiments, service S1 may remove the forwarding labels from packet 406, to expose service chain header 412, and perform the corresponding service on packet 406 using header 412. After performing the function/service, service S1 may replace labels 414-420 and forward packet 406 towards its next segment destination, device D, as indicated by label 420).

As per claim 20,
Previdi in view of Jain teaches the machine readable medium of claim 15, wherein the tunnel header is a Geneve tunnel header, the tenant identifier is stored in a Geneve base header, and the plurality of service identifiers stored in the variable sized option field comprises the N697.01.C1-- 6 --plurality of service identifier stored in an option TLV (Type, Length, Value) of the Geneve header (Jain see para 0015, 0130, 0236,  the VPN gateway connects to a network element through a Geneve tunnel,  encapsulating the data message, the service module 1120 inserts the MDM attribute set for the data message in the tunnel's header. In some embodiments, the tunnel is a Geneve tunnel that can have a variable length header, the service module use a tag length value TLV format to store the service rules. In such embodiments, the service module converts the definition of the service rules from the vector specified format into a TLV format);

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to examiner Sanjoy Roy, whose telephone number is 571- 270-0675.   The examiner can normally be reached on Mon-Fri, 8am.-5pm. (EST).
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas Taylor can be reached on 571-272-3889.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SANJOY ROY/
Examiner, Art Unit 2443

/NICHOLAS R TAYLOR/Supervisory Patent Examiner, Art Unit 2443