Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
	  Applicant's submission filed on 6/7/2022 has been entered. Claim(s) 1-20 is/are pending in the application.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-5, 8-13, 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Thubert (U.S. Patent App Pub 2014/0192808) in view of Friedman (U.S. Patent App Pub 2013/0117847) further in view of Nedeltchev (U.S. Patent App Pub 20150063158).
As per claim 1, Thubert teaches a method of collecting security, flow, and/or routing information associated with an encrypted-encapsulated packet (para (0043]-[0044], (0058]-[0060], (0081)-(0086) (Apparatus having a network interface, the apparatus comprising para [0024], (0075], (0078), the method comprising:
receiving, at a first network node, a packet to selectively apply, according to one or more policies enforced at the first network node, an encrypted encapsulation to generate an encrypted-encapsulated packet; (e.g. ingress endpoint of the tunnel encapsulates the data traffic in the tunnel headers. Based on the tunnel header information, the tunnel traffic is transmitted directly or indirectly to the endpoint of the tunnel. For secure tunnels, the encapsulated information is encrypted for transmission, para [0060]; para [0043]-[0044]);
generating, at the first network node, the encrypted-encapsulated packet by (i) encrypting the packet having included a packet header and a packet payload to form an encrypted payload of the encrypted-encapsulated packet and  (e.g. payload of tunnel packets are encrypted by the ingress device of the tunnel, para (0030); e.g. data traffic 50 with a network header and corresponding data payload. The network header is from the original protocol data unit (POU) that is to be encapsulated in the tunnel, para [0043)-(0044), [0058)-(0060) 
wherein the one or more visibility metadata information are inserted as a string into one or more pre-defined fields in the visibility encapsulation header (para [0086) teaches encapsulated menta data; and transmitting, at the first network node, over a tunnel, the encrypted-encapsulated packet to a second network node located in the network (para (0030), [0060) teaches a tunnel used to transmit data through the tunnel). 
Thubert fails to teach wherein the one or more visibility metadata information is subsequently collected, by an a third network node located between, or able to observe traffic between, the first network node and second network node, to be subsequently analyzed individually or in combination with other collected metadata information, wherein the third network node collects the one or more visibility metadata information by interrogating the string in the one or more pre-defined fields of the visibility encapsulation header.
However, Friedman, in an analogous art. teaches wherein the one or more visibility metadata information is subsequently collected, by an a third network node located between, or able to observe traffic between, the first network node and second network node, to be subsequently analyzed individually or in combination with other collected metadata information (para [0013)-(0015], [0059), Friedman teaches an intelligence intermediary  system that collects data. ), wherein the third network node collects the one or more visibility metadata information by interrogating the string in the one or more pre-defined fields of the visibility encapsulation header (para (0013)-(0014), (0088)-(0089), (0188), Friedman teaches storing the information from the intermediary node ).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have modified the system of Thubert by including wherein the one or more visibility metadata information are inserted as a string into one or more pre-defined fields in the visibility encapsulation header; and transmitting, at the first network node, over a tunnel, the encrypted-encapsulated packet to a second network node located in the network as taught by Friedman because the modification would process network metadata obtained through network monitoring activities and a subsequent processing of the metadata, which may efficiently result in useful information being reported in a timely manner to a consumer of the metadata (Friedman, para [0031).)
Thubert  and Friendman do not explicitly teach but Nedetchev teaches (ii) inserting a visibility encapsulation header to the encrypted-encapsulated packet, wherein the visibility encapsulation header comprises one or more visibility metadata information derived, or retrieved, from the header or the payload of the received packet to provide visibility into the secured encapsulated packet for subsequent traffic analytic, (See paragraphs 25-28,  figures 2a, 2b, Nedeltchev teaches inserting visibility encapsulation header  to provide visibility into the secured encapsulated packet for subsequent traffic analytic)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have known to combine the teachings of Nedetchev with Thubert and Friedman because both deal with flow monitoring. The advantage of incorporating the above limitation(s) of Nedetchev into Thubert and Friedman is that Nedetchev enables manipulating control and provisioning of wireless access points (CAPWAP)-header to accommodate real-time transport protocol (RTP) header information that is used by a downstream network device or network analyzer to determine performance metrics for the network on a per-hop or per-path hop-by-hop basis at multiple locations-within the network connecting the wireless controller to the wireless access point without decrypting an encrypted packet and without altering content of the packet, which can cause the packet to be dropped on arrival by a recipient device. The method enables increasing visibility and quality of service parameters for data, voice and video applications by enabling media net capabilities in access point management and provisioning tunnels, therefore making the overall system more robust and efficient. (See paragraphs [0003] , [0011], Nedetchev)

As per claim 2, Thubert, Friedman, and Nedeltchev teaches the method of claim 1,  further comprising: 
Friedman further teaches forwarding, at the third network node, the one or more visibility metadata information to a collector for subsequent analysis (para (0013)-(0014), (0088)-(0089), (0188), Friedman teaches storing the information from the intermediary node). See motivation to claim 1.

As per claim 3, Thubert, Friedman, and Nedeltchev teaches the method of claim 2.
Friedman further teaches wherein the collector is configured to store the one or more visibility metadata information and other metadata information(para (0013)-(0014), (0088)-(0089), (0188), Friedman teaches storing the information from the intermediary node ). 
 Friedman further teaches collected from other encrypted encapsulated packets (para (0013)-(0014), (0088)-(0089), (0188), Friedman teaches storing the encrypted packets). See motivation to claim 1.

As per claim 4, Thubert, Friedman, and Nedeltchev further teaches the method of claim 3, wherein the collector is further configured to store IP traffic data collected from the network (para (0063), (0081)(0086] Thubert teaches store IP traffic). 
Thubert further teaches the collector is further configured to store IP traffic data collected from the network (para [0006], [0062)-( 0064], Thubert teaches storing IP traffic). 

As per claim 5, Thubert, Friedman, and Nedeltchev teaches the method of claim 1 further comprising: receiving, at the second network node, the encrypted-encapsulated packet (para (0030], [0060], Thubert teaches receiving the packet ); and generating, at the second network node, the packet, wherein the packet having included the packet header and packet payload is generated by decrypting the encrypted payload {para [0030], (0060], Thubert teaches netflow in and outflow packets). 

As per claim 8, Thubert, Friedman, and Nedeltchev teaches the method of claim 1. 
Friedman further teaches wherein the one or more visibility metadata information are specified in the one or more policies, wherein the one or more policies are editable i) by a controller located in the network and/or ii) by a network administrator through a computing terminal having access to the network. (para (0300], [0323], Friedman teaches one or more polices are changeable) See motivation to combine for claim 1.

As per claim 9, Thubert, Friedman, and Nedeltchev teaches the method of claim 1, wherein the one or more visibility metadata information includes an identifier selected from the group consisting of:a source IP address associated with the packet; a destination IP address associated with the packet; a security group tag (SGT) associated with the packet; a VXLAN network identifier (VNI) associated with the packet; a user identifier associated with the packet; a user-group identifier associated with the packet; a subnet address associated with the packet; a subnet group address associated with the packet; an application identifier associated with an application executing on a computing device that is origin to the packet; a virtualized instance identifier of a computing device in the network that is origin to the packet; and a combination thereof.(para 44-46, Thubert teaches at least source and destination ip addresses)

As per claim 10, Thubert, Friedman, and Nedeltchev teaches the method of claim 1, wherein the one or more visibility metadata information are inserted as one or more unencrypted strings into one or more pre-defined fields in the visibility encapsulation header. (para 59 91, Thubert teaches an unencrypted payload)

As per claim 11, Thubert, Friedman, and Nedeltchev teaches the method of claim 1, wherein the one or more visibility metadata information is inserted as one or more encrypted strings into one or more pre-defined fields in the visibilityencapsulation header. (para 58, 60, 89, Thubert teaches encrypted data strings)

As per claim 12, Thubert teaches a system (para [0024]) comprising:
a network interface having instructions stored thereon, wherein execution of the instructions by a processor causes the interface to (para [0075], [0078], Thubert teaches a network interface):
upon receipt of a packet in an encapsulation network, generate an encrypted-encapsulated packet by (i) encrypting the packet having included a packet header and packet payload to form an encrypted payload of the encrypted-encapsulated packet (e.g. ingress endpoint of the tunnel encapsulates the data traffic in the tunnel headers. Based on the tunnel header information, the tunnel traffic is transmitted directly or indirectly to the endpoint of the tunnel. For secure tunnels, the encapsulated information is encrypted for transmission, para [0060]; para [0043)-(0044]);and 
wherein the one or more visibility metadata information are inserted into one or more pre-defined fields of the visibility encapsulation header; and (para [0086) teaches encapsulated meta data; and transmit, over a tunnel of an encapsulation network, the encrypted-encapsulated packet to an second network node located in the encapsulation network,  (para (0030), [0060) teaches a tunnel used to transmit data through the tunnel). 
Thubert fails to teach wherein the one or more visibility metadata information is subsequently collected, by a third network node located between, or able to observe traffic between, the first network node and second network node, to be subsequently analyzed individually or in combination with other collected visibility metadata information, wherein the third network node collects the one or more visibility metadata information by interrogating the string in the one or more pre-defined fields of the visibility encapsulation header.
However, Friedman, in an analogous art, teaches wherein the one or more visibility metadata information is subsequently collected, by a third network node located between, or able to observe traffic between, the first network node and second network node, to be subsequently analyzed individually or in combination with other collected visibility metadata information (para [0013)-(0015], [0059), Friedman teaches an intelligence intermediary  system that collects data. ),, wherein the third network node collects the one or more visibility metadata information by interrogating the string in the one or more pre-defined fields of the visibility encapsulation header (para [0013)-(0015), [0088)-(0094], (0183], [0280], Friedman teaches intermediary collects data.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have known to modified the system of Thubert by including wherein the one or more visibility metadata information is subsequently collected, by a third network node located between, or able to observe traffic between, the first network node and second network node, to be subsequently analyzed individually or in combination with other collected visibility metadata information, wherein the third network node collects the one or more visibility metadata information by interrogating the string in the one or more pre-defined fields of the visibility encapsulation header as taught by Friedman because the modification would process network metadata obtained through network monitoring activities and a subsequent processing of the metadata, which may efficiently result in useful information being reported in a timely manner to a consumer of the metadata (Friedman, para (0031).
Thubert and Freidman does not explicitly teach but Nedetchev teaches ( (ii) inserting a visibility encapsulation header to the encrypted-encapsulated packet, wherein the visibility encapsulation header comprises one or more visibility metadata information derived, or retrieved, from the header or payload of the received packet to provide visibility into the secured encapsulated packet for subsequent traffic analytic. (See paragraphs 25-28,  figures 2a, 2b, Nedeltchev teaches inserting visibility encapsulation header  to provide visibility into the secured encapsulated packet for subsequent traffic analytic)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have known to combine the teachings of Nedetchev with Thubert and Friedman because both deal with flow monitoring. The advantage of incorporating the above limitation(s) of Nedetchev into Thubert and Friedman is that Nedetchev enables manipulating control and provisioning of wireless access points (CAPWAP)-header to accommodate real-time transport protocol (RTP) header information that is used by a downstream network device or network analyzer to determine performance metrics for the network on a per-hop or per-path hop-by-hop basis at multiple locations-within the network connecting the wireless controller to the wireless access point without decrypting an encrypted packet and without altering content of the packet, which can cause the packet to be dropped on arrival by a recipient device. The method enables increasing visibility and quality of service parameters for data, voice and video applications by enabling media net capabilities in access point management and provisioning tunnels, therefore making the overall system more robust and efficient. (See paragraphs [0003] , [0011], Nedetchev)

As per claim 13, Thubert, Friedman, and Nedeltchev teaches the system of claim 12, wherein a collector is configured to store the one or more visibility metadata information and other metadata information collected from other encrypted encapsulated packets (para (0058), (0086], Thubert teaches encrypted strings collected). 
Thubert further teaches a collector is configured to store the one or more metadata information and other metadata information collected from other encrypted encapsulated packets (para (0006], (0061), (0066] Thubert teaches encrypted strings collected). 

As per claim 18, Thubert, Friedman, and Nedeltchev teaches the system of claim 12, wherein the one or more visibility metadata information includes an identifier selected from the group consisting of:a source IP address associated with the packet; a destination IP address associated with the packet; a security group tag associated with the packet; a VXLAN network identifier (VNI) associated with the packet; a user identifier associated with the packet; a user-group identifier associated with the packet; a subnet address associated with the packet; a subnet group address associated with the packet; a source application executing on a computing device that is origin to the packet; a virtualized instance of a computing device in the network that is origin to the packet; and a combination thereof. (para 44-46, Thurbert teaches at least source and destination ip addresses )

Claim 6, 7, 14-17, 19, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Thubert (U.S. Patent App Pub 2014/0192808) in view of Friedman (U.S. Patent App Pub 2013/0117847) further in view of Nedeltchev (U.S. Pattent App Pub 20150063158)  further in view of US 2017/0033924 to Jain, Inc. (hereinafter Jain).

As per claim 6, neither Thubert, Friedman, and Nedeltchev teach wherein the visibility encapsulation header comprises a VXLAN-GPE header, and wherein the VXLAN-GPE header comprises a number of allocate-able bits for inclusion of the one or more visibility metadata information selected from the group consisting of: at least 16 bits, at least 32 bits, and at least 48 bits.
However, Jain, in an analogous art, teaches the visibility encapsulation header comprises a VXLANGPE header, and wherein the VXLAN-GPE header comprises a number of allocate-able bits for inclusion of the one or more visibility metadata information selected from the group consisting of: at least 16 bits, at least 32 bits, and at least 48 bits (para (0051), (0070), (0075), Jain teaches a few bytes which is 24 bits).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have known to have modified the system of Thubert, Friedman, and Nedeltchev by including the encapsulation header comprises a VXLANGPE header, and wherein the VXLAN-GPE header comprises a number of allocate-able bits for inclusion of the one or more metadata information selected from the group consisting of: at least 16 bits, at least 32 bits. and at least 48 bits as taught by Jain because the modification provides higher level of security.

As per claim 7, neither Thubert, Friedman, and Nedeltchev teach wherein the encapsulation header comprises a metadata GPE header, and visibility wherein the metadata GPE header comprises a number of allocate-able bits for inclusion of the one or more metadata information selected from the group consisting of at least 24 bits and at least 56 bits.
However, Jain, in an analogous art, teaches wherein the visibility encapsulation header comprises a metadata GPE header, and wherein the metadata GPE header comprises a number of allocate-able bits for inclusion of the one or more metadata information selected from the group consisting of at least 24 bits and at least 56 bits.para (0051), (0070), (0075), Jain teaches a few bytes which is 24 bits).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have known to have modified the system of Thubert, Friedman, and Nedeltchev by including wherein the encapsulation header comprises a metadata GPE header, and wherein the metadata GPE header comprises a number of allocate-able bits for inclusion of the one or more metadata information selected from the group consisting of at least 24 bits and at least 56 bits (e.g., one or more bits located between bit location 0 and bit location 23 and/or between bit location 32 and bit location 63 of the header)least 48 bits as taught by Jain because the modification provides higher level of security.

As per claim 14, neither Thubert, Friedman, and Nedeltchev teach wherein the visibility encapsulation header comprises a VXLANGPE header, and wherein the VXLAN-GPE header comprises a number of allocate-able bits for inclusion of the one or more visibility metadata information selected from the group consisting of: at least 16 bits, at least 32 bits, and at least 48 bits.
However, Jain, in an analogous art, teaches the visibility encapsulation header comprises a VXLANGPE header, and wherein the VXLAN-GPE header comprises a number of allocate-able bits for inclusion of the one or more visibility metadata information selected from the group consisting of: at least 16 bits, at least 32 bits, and at least 48 bits (para (0051), (0070), (0075), Jain teaches a few bytes which is 24 bits).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have known to have modified the system of Thubert, Friedman, and Nedeltchev by including the encapsulation header comprises a VXLANGPE header, and wherein the VXLAN-GPE header comprises a number of allocate-able bits for inclusion of the one or more metadata information selected from the group consisting of: at least 16 bits, at least 32 bits. and at least 48 bits as taught by Jain because the modification provides higher level of security.

As per claim 15, Thubert, Friedman, and Nedeltchev teaches the system of claim 12,wherein the visibility encapsulation header comprises a metadata GPE header, and wherein the metadata GPE header comprises a number of allocate-able bits for inclusion of the one or more metadata information selected from the group consisting of at least 24 bits and at least 56 bits
However, Jain, in an analogous art, teaches wherein the encapsulation header comprises a metadata GPE header, and wherein the metadata GPE header comprises a number of allocate-able bits for inclusion of the one or more metadata information selected from the group consisting of at least 24 bits and at least 56 bits (para (0051), (0070), (0075), Jain teaches a few bytes which is 24 bits).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have known to have modified the system of Thubert, Friedman, and Nedeltchev by including wherein the encapsulation header comprises a metadata GPE header, and wherein the metadata GPE header comprises a number of allocate-able bits for inclusion of the one or more metadata information selected from the group consisting of at least 24 bits and at least 56 bits as taught by Jain because the modification provides higher level of security.

As per claims 16, Thubert, Friedman, and Nedeltchev teaches a system of claim 12, wherein the visibility encapsulation header comprises a VXLAN DTLS header or a metadata DTLS header.
However, Jain, in an analogous art, teaches wherein the visibility encapsulation header comprises a VXLAN DTLS header or a metadata DTLS header. (para (0029), (0059),  Jain teaches DTLS header).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have known to have modified the system of Thubert, Friedman, and Nedeltchev by wherein the encapsulation header comprises a VXLAN DTLS header or a metadata DTLS header. as taught by Jain because the modification provides higher level of security.

As per claims 17, Thubert, Friedman, and Nedeltchev teaches a system of claim 12, wherein the one or more visibility metadata information is specified in one or more policies, wherein the one or more policies are editable i) by a controller located in the network or ii) by a network administrator through a computing terminal having access to the network, the system further comprising:a memory having instructions stored thereon, wherein execution of the instructions by one or more processors of the system, cause the processor to: receive the one or more policies from a computing device external to the system; and apply the one or more policies to incoming traffic received at the network interface.
However, Jain, in an analogous art, teaches wherein the one or more visibility metadata information is specified in one or more policies, wherein the one or more policies are editable i) by a controller located in the network or ii) by a network administrator through a computing terminal having access to the network, the system further comprising:a memory having instructions stored thereon, wherein execution of the instructions by one or more processors of the system, cause the processor to: receive the one or more policies from a computing device external to the system; and apply the one or more policies to incoming traffic received at the network interface., (0045), 0046, 0055)., Jain )
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have known to have modified the system of Thubert, Friedman, and Nedeltchev by including wherein the one or more metadata information is specified in one or more policies, wherein the one or more policies are editable i) by a controller located in the network or ii) by a network administrator through a computing terminal having access to the network, the system further comprising:a memory having instructions stored thereon, wherein execution of the instructions by one or more processors of the system, cause the processor to: receive the one or more policies from a computing device external to the system; and apply the one or more policies to incoming traffic received at the network interface. as taught by Jain because the modification provides higher level of security.

As per claims 19. Thubert teaches a system comprising para [0024), [0075],
[0078) ,Thubert)  comprising: a network interface having instructions stored thereon, wherein execution of the instructions, cause the interface to (para [0075), [0078], Thubert):
upon receipt of an encrypted encapsulated packet having a visibility encrypted- encapsulation header and an encrypted payload, generate an unencrypted packet having included a packet header and a packet payload from the encrypted payload; and
(Thubert teaches 43-44, e.g. ingress endpoint of the tunnel encapsulates the data traffic in the tunnel headers. Based on the tunnel header information, the tunnel traffic is transmitted directly or indirectly to the endpoint of the tunnel. For secure tunnels, the encapsulated information is encrypted for transmission, para [0060); para (0043)-(0044], Thubert teaches tunnels); and
wherein the encrypted-encapsulated packet was generated by (i) encrypting the packet having included the packet header and the packet payload to form the encrypted payload and  (e.g. payload of tunnel packets are encrypted by the ingress device of the tunnel, para [0030]; e.g. data traffic 50 with a network header and corresponding data payload. The network header is from the original protocol data unit (POU) that is to be encapsulated in the tunnel, para (0043]-[0044], [0058]-[0060])(e.g. payload of tunnel packets are encrypted by the ingress device of the tunnel, para [0030]; e.g. data traffic 50 with a network header and corresponding data payload. The network header is from the original protocol data unit (POU) that is to be encapsulated in the tunnel, para [0043]-[0044], [0058]-[0060]) and (ii) inserting the encapsulation header to the encrypted-encapsulated packet, wherein the encapsulation header comprises one or more metadata information derived, or retrieved, from the packet header or the packet payload (e.g. tunnel header includes various fields for defining the tunnel.the tunnel header is added to the data traffic. The encapsulated data traffic may then be transmitted between the endpoints of the tunnel, para [0086]), wherein the one or more metadata information is inserted into one or more pre-defined fields of the encapsulation header (para [0086] Thubert reaches encapsulation)
Thubert fails to teach transmit the unencrypted packet to a next hop in the network based on routing information identified in the unencrypted packet; wherein the one or more metadata information is collectable, by an intermediary node located between, or able to observe traffic between, the ingress network node and egress network node, to be analyzed individually or in combination with other collected metadata information, wherein the intermediary node collects the one or more metadata information by interrogating in the one or more pre-defined fields of the encapsulation header.
However, Friedman, teaches wherein the one or more visibility metadata information is collectable, by a third network node located between, or able to observe traffic between, the first network node and second network node, to be analyzed individually or in combination with other collected visibility metadata information (para [0013)-(0015], [0059), Friedman teaches an intelligence intermediary  system that collects data. ),, wherein the third network node collects the one or more visibility metadata information by interrogating in the one or more pre-defined fields of the visibility encapsulation header., (para (0013)-(0014), (0088)-(0089), (0188), Friedman teaches storing the information from the intermediary node ).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have known to have modified the system of Thubert by including the one or more metadata information is collectable, by an intermediary node located between, or able to observe traffic between, the ingress network node and egress network node, to be analyzed individually or in combination with other collected metadata information, wherein the intermediary node collects the one or more metadata information by interrogating in the one or more pre-defined fields of the encapsulation header as taught by Friedman because the modification would process network metadata obtained through network monitoring activities and a subsequent processing of the metadata, which may efficiently result in useful information being reported in a timely manner to a consumer of the metadata (Friedman, para [0031).
Thubert and Friedman do not teach but Nedeltchev teaches (ii) inserting the visibility encapsulation header to the encrypted-encapsulated packet, wherein the visibility encapsulation header comprises one or more visibility metadata information derived, or retrieved, from the packet header or the packet payload, wherein the one or more visibility metadata information is inserted into one or more pre-defined fields of the visibility encapsulation header(See paragraphs 25-28,  figures 2a, 2b, Nedeltchev teaches inserting visibility encapsulation header  to provide visibility into the secured encapsulated packet for subsequent traffic analytic)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have known to combine the teachings of Nedetchev with Thubert and Friedman because both deal with flow monitoring. The advantage of incorporating the above limitation(s) of Nedetchev into Thubert and Friedman is that Nedetchev enables manipulating control and provisioning of wireless access points (CAPWAP)-header to accommodate real-time transport protocol (RTP) header information that is used by a downstream network device or network analyzer to determine performance metrics for the network on a per-hop or per-path hop-by-hop basis at multiple locations-within the network connecting the wireless controller to the wireless access point without decrypting an encrypted packet and without altering content of the packet, which can cause the packet to be dropped on arrival by a recipient device. The method enables increasing visibility and quality of service parameters for data, voice and video applications by enabling media net capabilities in access point management and provisioning tunnels, therefore making the overall system more robust and efficient. (See paragraphs [0003] , [0011], Nedetchev)
Thubert and Friedman and Nedeltchev do not teach but Jain teaches transmit the unencrypted packet to a next hop in the network based on routing information identified in the unencrypted packet. (para (0055)-(0068], (0075)-(0076), Jain teaches sending an unecypted packet to the next hope ).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have known to have modified the system of Thubert and Friedman and Nedeltchev by including transmit the unencrypted packet to a next hop in the network based on routing information identified in the unencrypted packet as taught by Jain because the modification determines whether the destination IP address need to be resolved (Jain, para [0054)]).

As per claim 20, 
Thubert, Friedman, Nedeltchev and Jain teach wherein the one or more visibility metadata information includes an identifier selected from the group consisting of: a source IP address associated with the packet; a destination IP address associated with the packet; a security group tag associated with the packet; a VXLAN network identifier (VNI) associated with the packet; a source IP address associated with the packet; a destination IP address associated with the packet; a security group tag associated with the packet; a VXLAN network identifier (VNI) associated with the packet; a user identifier associated with the packet; a user-group identifier associated with the packet; a subnet address associated with the packet; and a subnet group address associated with the packet; a source application executing on a computing device that is origin to the packet; a virtualized instance of a computing device in the network that is origin to the packet; a combination thereof. (para 44-46, Thubert teaches at least source and destination ip addresses)
Friedman further teaches wherein the network interface is configurable via instructions to forward the visibility one or more metadata information to a collector located in the network, wherein the collector is configured to store the visibility one or more metadata information and other metadata information collected from other encrypted-encapsulated(para (0013)-(0014), (0088)-(0089), (0188), Friedman teaches storing the information from the intermediary node ). See motivation to combine for claim 19.
Neither Thubert, Friedman, Nedeltchev teach wherein the encapsulation header comprises a VXLAN DTLS header or a GPE DTLS header.
However, Jain, in an analogous art, teaches the encapsulation header comprises a VXLAN DTLS header or a GPE DTLS header, (para (0029), (0059),  Jain teaches DTLS header).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have known to have modified the system of Thubert and Friedman by including the encapsulation header comprises a VXLAN DTLS header or a GPE DTLS header, as taught by Jain because the modification provides higher level of security. 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have known to have modified the system of Thubert and Friedman and Nedeltchev by including transmit the unencrypted packet to a next hop in the network based on routing information identified in the unencrypted packet as taught by Jain because the modification determines whether the destination IP address need to be resolved (Jain, para [0053-54)]).


Response to Arguments
Applicant’s arguments with respect to claim(s) have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure and located in the PTO-892 form. 
1. Singh U.S. Patent App Pub 20130297768 teaches a method includes generating at a network device comprising a virtual switch, a tenant record comprising tenant information for a context defined within the virtual switch, exporting the tenant record to a collector, monitoring network flow at the virtual switch, and exporting network flow data in a data record to the collector. The data record includes an identifier associating the data record with the context.
2. Pukhraj U.S. Patent App Pub 20170346731 teaches a switch includes a storage device, a rule management module, an inner packet module, and a packet processor. During operation, the rule management module obtains a rule associated with a data flow within tunnel encapsulation of a tunnel. This rule indicates how the flow is to be processed at the switch. The rule management module then applies an initial rule to a respective line card of the switch. The initial rule is derived from a virtual network identifier, which is associated with the tunnel, of the obtained rule. The inner packet module determines that a first inner packet, which is encapsulated with a first encapsulation header, belongs to the flow without decapsulating the first encapsulation header. The rule management module applies the obtained rule to a line card associated with an ingress port of the encapsulated first inner packet.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to NINOS DONABED whose telephone number is (571)272-8757.  The examiner can normally be reached on Monday - Friday 8:00pm - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John FOLLANSBEE can be reached on (571)272-3964.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/NINOS DONABED/Primary Examiner, Art Unit 2444