Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed Action
In the correspondence filed on 05/24/2022, claims 1-6 and 9-19 have been amended. Claim 8 has been cancelled and claims 21-22 are new. Claims 1-7, and 9-22 are currently pending for examination.
Response to Arguments
Regarding 35 U.S.C. 103(a) applicant’s arguments, see page 9 - page 15 (all), filed
05/24/2022, with respect to claims 1-7, and 9-22 have been fully considered.
Regarding claims 10-17 the applicant argued that the amended subject-matter overcome the  35 U.S.C. 101 rejection and thus withdrawal of the rejections is respectfully required.
In response to applicant's argument, the examiner agrees and the 35 U.S.C. 101 rejection is withdrawn.
Regarding 35 U.S.C. 103 rejection the applicant argued that the amended subject-matter of overcome the  35 U.S.C. 103 rejection of claims 1-7, and 9-20.
In response to applicant's argument, a new round of rejection is presented in view of Das et al. (US20190306239A1).

Claim Rejections - 35 USC § 101

Applicant amended claims 10-17 rendering the 35 U.S.C. 101 rejection moot. The 35 U.S.C. 101 rejections of claims 10-17 have been removed. 


Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
Determining the scope and contents of the prior art.


Ascertaining the differences between the prior art and the claims at issue.

Resolving the level of ordinary skill in the pertinent art.  

Considering objective evidence present in the application  indicating obviousness or nonobviousness.  
Claims 1, 9 - 10, 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Palermo et al. (US20170289068A1) hereinafter Palermo in view of Das et al. (US20190306239A1) hereinafter Das. 
As per claim 1.  A system comprising: (Palermo, par0020 teaches FIG. 1 shows an exemplary host platform architecture 100 [system])
a switch comprising: (Palermo, par0030 teaches under SDN on a virtualized platform, data is passed between VMs over a virtual network. Generally, this may be implemented via virtual NICs for each VM, and a virtual switch implemented by the hypervisor or VMM. Under a non-optimized conventional approach, the virtual switch is actually implemented in a manner similar to a physical switch, meaning the virtual switch includes input and output buffers and performs various packet flow operations).
at least one memory and at least one processor communicatively coupled to the at least one memory,  (Palermo, par0020 teaches FIG. 1 shows an exemplary host platform architecture 100 [system]… includes a central processing unit (CPU) 104 coupled to each of a memory interface 106, … Memory interface 106, also referred to as a memory controller, is configured to facilitate access to system memory 113).
wherein the at least one processor is to: (Palermo, par0024 teaches the multiple cores 114 of CPU 104 are employed to execute various software components 130, such as modules and applications, which are stored in one or more non-volatile storage devices, such as depicted by disk drive 128).
first path tag, (Palermo, par0056 teaches packet data 808 including a tag 810, a packet header 812, and payload data 814. The packet header and payload data correspond to the original packet data (being sent), while tag 810 [first path tag] is used for routing/forwarding purposes, and includes data for determining which packets are forwarded using a VM-to-VM cache fast path [first path] and which packets are forwarded using a vSwitch.).
determine if a packet, provided for transmission, includes a first path tag, (Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912. If the packet is tagged for VM-VM cache fast path).
in response to the packet including the first path tag, permit the packet to progress. (Palermo, par0061 teaches if the packet is tagged for VM-VM cache fast path, the packet will be forwarded via an appropriate VM-VM cache fast path, as depicted by a block 914. This will entail the operations of decision block 916 and blocks 918 and 920).
based on the packet not including the first path tag, (Palermo, par0056, 0061 teaches while tag 810 is used for routing/forwarding purposes, and includes data for determining which packets are forwarded using a VM-to-VM cache fast path and which packets are forwarded using a vSwitch…. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912).
performing lookup of a routing and forwarding table to route the packet (Palermo, par0040 teaches to forward the packet, the packet is first put in vNIC1's V1 Tx port and sent to virtual switch 309, where it is received at the V1 Rx port on the virtual switch and switched internally using a lookup of flow table 348 [performing lookup of a routing and forwarding table to route the packet] to be sent outbound from the virtual switch's V2 Tx port to be received at the V2 Rx port on vNIC2. After being processed by Appliance 2, the packet will be forwarded to the VM hosting the next virtual appliance in the LSC, which again requires the packet to be switched through virtual switch 309). 
          Palermo do not explicitly discloses wherein the first path tag is allocated for high performance computing (HPC) traffic, based on the packet including the first path tag: verify a packet context associated with the packet in response to the packet including the first path tag and in response to verification of the packet, permit the packet to progress along a path allocated for HPC traffic.
          Das however discloses wherein the first path tag is allocated for high performance computing (HPC) traffic, based on the packet including the first path tag: (Das, par0033 teaches each such QP lane 115 connected between each of the one or more controllers 103 may be interconnected/pooled together to form the plurality of interconnected QP lanes 115. Similarly, each VL 117 configured in the HPC switch 107 may be interconnected/pooled together to form the plurality of interconnected VLs 117….. each of the plurality of data packets may include a service level bit [first path tag] that provides service level information required by each of the plurality of data packets. The service level information may help in identifying a destination VL that matches service level required for each of the plurality of data packets.).
verify a packet context associated with the packet in response to the packet including the first path tag and in response to verification of the packet (Das, par0066 teaches the plurality of interconnected QP lanes 115 may receive the plurality of data packets from buffer memory of Controller A and Controller B. Upon receiving the plurality of data packets, the processor 109 may identify [verify a packet context associated with the packet] the service level information associated with each of the plurality of data packets. As an example, consider the service level information [first path tag] associated with the plurality of data packets received from Controller A specify “Reliable Connection” and the service level information associated with the plurality of data packets received from Controller B specify “Unreliable Connection”.).
permit the packet to progress along a path allocated for HPC traffic and (Das, par0055, 0057 teaches the primary cluster may include the one or more ports 119 having an ultra-low latency when compared to a predefined latency threshold. The one or more secondary clusters may include the one or more ports 119 having a high latency when compared to the predefined latency threshold…. the packet transmitting module 247 may transmit the first group of the plurality of data packets to the one or more other controllers 103 associated with the HPC switch 107, through the one or more ports 119 belonging to the primary cluster [permit the packet to progress along a path allocated for HPC traffic]). 
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the first path tag is allocated for high performance computing (HPC) traffic, based on the packet including the first path tag: verify a packet context associated with the packet in response to the packet including the first path tag and in response to verification of the packet, permit the packet to progress along a path allocated for HPC traffic, as taught by Das in the system of Palermo, so High Performance Computing (HPC) switches improve performance in high performance computing and networking infrastructure, including high speed message transmission, see Das par0003.

As per claim 9.  Palermo and Das disclose the system of claim 1.
          Palermo further discloses wherein the at least one processor is to (Palermo, par0024 teaches the multiple cores 114 of CPU 104 are employed to execute various software components 130, such as modules and applications, which are stored in one or more non-volatile 
          Palermo do not explicitly discloses in response to failed verification of the packet, initiate closing of a HPC faster transmit path associated with the packet.
          Das however discloses in response to failed verification of the packet, initiate closing of a HPC faster transmit path associated with the packet (Das, par0055, 0059 teaches the plurality of interconnected QP lanes 115 may receive the plurality of data packets from buffer memory of Controller A and Controller B. Upon receiving the plurality of data packets, the processor 109 may identify [verify a packet context associated with the packet] the service level information associated with each of the plurality of data packets. As an example, consider the service level information [first path tag] associated with the plurality of data packets received from Controller A specify “Reliable Connection” and the service level information associated with the plurality of data packets received from Controller B specify “Unreliable Connection [failed verification of the packet]”…. The transmission rate and receiving rate at each of the plurality of interconnected QP lanes 115 may vary every second due to plurality of new data packets received and transmitted by the HPC switch 107. Therefore, there is a need for the performance computing module 241 to recompute the performance value for each of the one or more ports 119 at the predefined time intervals with an objective of generating one or more new clusters. Based on the recomputed performance value, the port clustering module 243 may generate the one or more new clusters of the one or more ports 119. In some embodiments, the one or more ports 119 that belong to the primary cluster [closing of a HPC faster transmit path] in a previous iteration, may or may not belong to the primary cluster in current iteration.).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of in response to failed verification of the packet, initiate closing of a HPC faster transmit path associated with the packet, as taught by Das in the system of Palermo, so High Performance Computing (HPC) switches improve performance in high performance computing and networking infrastructure, including high speed message transmission, see Das par0003.

As per claim 10.  At least one non-transitory computer-readable medium comprising instructions stored thereon, that if executed by at least one processor, cause the at least one processor to:  (Palermo, par0020, par0024 teaches FIG. 1 shows an exemplary host platform architecture 100 [system]… includes a central processing unit (CPU) 104 coupled to each of a memory interface 106, … Memory interface 106, also referred to as a memory controller, is configured to facilitate access to system memory 113…. the multiple cores 114 of CPU 104 are employed to execute various software components 130, such as modules and applications, which are stored in one or more non-volatile storage devices, such as depicted by disk drive 128).
first path tag, (Palermo, par0056 teaches packet data 808 including a tag 810, a packet header 812, and payload data 814. The packet header and payload data correspond to the original packet data (being sent), while tag 810 [first path tag] is used for routing/forwarding purposes, and includes data for determining which packets are forwarded using a VM-to-VM cache fast path [first path] and which packets are forwarded using a vSwitch.).
a packet is permitted to use a first path route, and the packet including a first path tag (Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912. If the packet is tagged for VM-VM cache fast path, the packet will be forwarded via an appropriate VM-VM cache fast path, as depicted by a block 914. This will entail the operations of decision block 916 and blocks 918 and 920).
          Palermo do not explicitly discloses verify that a packet is permitted to use a first path route based at least in part on the packet context and the packet including a first path tag, wherein the first path route is allocated for high performance computing (HPC) traffic.  
          Das however discloses verify that a packet is permitted to use a first path route based at least in part on the packet context and the packet including a first path tag (Das, par0057, 0066 teaches the plurality of interconnected QP lanes 115 may receive the plurality of data packets from buffer memory of Controller A and Controller B. Upon receiving the plurality of data packets, the processor 109 may identify [verify that a packet is permitted to use a first path route] the service level information associated with each of the plurality of data packets. As an example, consider the service level information [based at least in part on the packet context and the packet including a first path tag] associated with the plurality of data packets received from Controller A specify “Reliable Connection” and the service level information associated with the plurality of data packets received from Controller B specify “Unreliable Connection”.).
wherein the first path route is allocated for high performance computing (HPC) traffic (Das, par0033 teaches each such QP lane 115 connected between each of the one or more controllers 103 may be interconnected/pooled together to form the plurality of interconnected QP lanes 115. Similarly, each VL 117 configured in the HPC switch 107 may be interconnected/pooled together to form the plurality of interconnected VLs 117….. each of the plurality of data packets may include a service level bit [first path tag] that provides service level information required by each of the plurality of data packets. The service level information may help in identifying a destination VL that matches service level required for each of the plurality of data packets.).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of verify that a packet is permitted to use a first path route based at least in part on the packet context and the packet including a first path tag, wherein the first path route is allocated for high performance computing (HPC) traffic, as taught by Das in the at least one non-transitory computer-readable medium of Palermo, so High Performance Computing (HPC) switches improve performance in high performance computing and networking infrastructure, including high speed message transmission, see Das par0003.


As per claim 18.   A system comprising: a host system comprising one or more processors and one or more memory devices and (Palermo, par0020 teaches FIG. 1 shows an exemplary host platform architecture 100 [A system comprising: a host system] including platform hardware 102 and various software-based components … includes a central processing unit (CPU) 104 coupled to each of a memory interface 106 …Memory interface 106, also referred to as a memory controller, is configured to facilitate access to system memory 113)
a network interface communicatively coupled to the host system, the network interface: (Palermo, par0035 teaches architecture 300 includes a host platform 302 coupled to a network interface 304 that may be integrated on the host platform (e.g., as a NIC).
first path tag, (Palermo, par0056 teaches packet data 808 including a tag 810, a packet header 812, and payload data 814. The packet header and payload data correspond to the original packet data (being sent), while tag 810 [first path tag] is used for routing/forwarding purposes, and includes data for determining which packets are forwarded using a VM-to-VM cache fast path [first path] and which packets are forwarded using a vSwitch.).
in response to the packet including a first path tag, permit the packet to progress (Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912. If the packet is tagged for VM-VM cache fast path).
in response to the packet including the first path tag, permit the packet to progress to a first path, (Palermo, par0061 teaches if the packet is tagged for VM-VM cache fast path, the packet will be forwarded via an appropriate VM-VM cache fast path, as depicted by a block 914. This will entail the operations of decision block 916 and blocks 918 and 920).
          Palermo do not explicitly discloses verify that a packet has an associated packet context in response to the packet including a first path tag and in response to verification of the packet, permit the packet to progress to a first path, wherein the first path is allocated for high performance computing (HPC) traffic.
          Das however discloses verify that a packet has an associated packet context in response to the packet including a first path tag and in response to verification of the packet, (Das, par0066 teaches the plurality of interconnected QP lanes 115 may receive the plurality of data packets from buffer memory of Controller A and Controller B. Upon receiving the plurality of data packets, the processor 109 may identify [verify that a packet has an associated packet context] the service level information associated with each of the plurality of data packets. As an example, consider the service level information [first path tag] associated with the plurality of data packets received from Controller A specify “Reliable Connection” and the service level information associated with the plurality of data packets received from Controller B specify “Unreliable Connection”.).
permit the packet to progress to a first path,  (Das, par0055, 0057 teaches the primary cluster may include the one or more ports 119 having an ultra-low latency when compared to a predefined latency threshold. The one or more secondary clusters may include the one or more ports 119 having a high latency when compared to the predefined latency threshold…. the packet transmitting module 247 may transmit the first group of the plurality of data packets to the one or more other controllers 103 associated with the HPC switch 107, through the one or more ports 119 belonging to the primary cluster [permit the packet to progress along a path allocated for HPC traffic]). 
wherein the first path is allocated for high performance computing (HPC) traffic (Das, par0033 teaches each such QP lane 115 connected between each of the one or more controllers 103 may be interconnected/pooled together to form the plurality of interconnected QP lanes 115. Similarly, each VL 117 configured in the HPC switch 107 may be interconnected/pooled together to form the plurality of interconnected VLs 117….. each of the plurality of data packets may include a service level bit [first path tag] that provides service level information required by each of the plurality of data packets. The service level information may help in identifying a destination VL that matches service level required for each of the plurality of data packets.).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of verify that a packet has an associated packet context in response to the packet including a first path tag and in response to verification of the packet, permit the packet to progress to a first path, wherein the first path is allocated for high performance computing (HPC) traffic, as taught by Das in the system of Palermo, so High Performance Computing (HPC) switches improve performance in high performance computing and networking infrastructure, including high speed message transmission, see Das par0003.

As per claim 20.  Palermo and Das disclose the system of claim 18.
          Palermo further discloses wherein the network interface comprises a wired or wireless network interface and further comprising one or more of: (Palermo, par0043 teaches each of NIC Cards 404 a and 404 b are coupled [wired or wireless] to an external switch 504 that is connected to network 118).
at least one storage device communicatively coupled to the network interface, (Palermo, par0024 teaches all or a portion of software components 130 may be stored on one or more storage devices (not shown) that are accessed via a network 122).
[examiner will not map the following since the first "or" condition is mapped] Or at least one interconnect communicatively coupled to the network interface.

Claims 2, 3, 11 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Palermo in view of Das, further in view of Kavanagh (US20030081607A1) hereinafter Kavanagh, and further in view of Miriyala et al. (US11159389B1) hereinafter Miriyala. 
As per claim 2.  Palermo and Das disclose the system of claim 1.
          Palermo further discloses wherein the at least one processor is to: (Palermo, par0024 teaches the multiple cores 114 of CPU 104 are employed to execute various software components 130).
first path tag, (Palermo, par0056 teaches packet data 808 including a tag 810, a packet header 812, and payload data 814. The packet header and payload data correspond to the original packet data (being sent), while tag 810 [first path tag] is used for routing/forwarding purposes, and includes data for determining which packets are forwarded using a VM-to-VM cache fast path [first path] and which packets are forwarded using a vSwitch.).
determine if the first path tag matches a permitted routing tag, the permitted routing tag (Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912. If the packet is tagged for VM-VM cache fast path, the packet will be forwarded via an appropriate VM-VM cache fast path, as depicted by a block 914.
          Palermo and Das do not explicitly disclose verify that the packet context that matches a context associated with.
          Kavanagh however discloses verify that the packet context that matches a context associated with. (Kavanagh, par0064, 0092 teaches the GTP Filter then verifies that the IE “SGSN Address for Signaling” is that of an expected/permitted IP address. The GTP Filter also verifies that the IE “SGSN Address for User Traffic” is that of an expected/permitted IP address. It is then determined that the MS has an active PDP Context residing on the target GGSN by analyzing the TID value in the GTP header. An Update PDP Context response is only permitted through the GTP Filter when an Update PDP Context Request Message Type has been received… the TID or TEID is also checked to determine whether a PDP Context exists for this MS, and if so, the message is permitted. The GTP Filter only permits an SGSN Context Acknowledge message when an SGSN Context Request message exists. The GTP Filter also verifies that the TEID value in the SGSN Context Acknowledge message is the same as what was sent in the SGSN Context Request/Response message).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of  verify that the packet context that matches a context associated with, as taught by Kavanagh in the system of Palermo and Das, so GTP Filter performs specific filtering rules, this limits the effect of attacks, limits the number of GTP-Control Plane and User Plane messages that can be passed through the GTP Filter and what messages are permitted and denied, see Kavanagh par0034.
          Palermo, Das and Kavanagh do not explicitly disclose determine if the tag matches a permitted tag.
          Miriyala however discloses determine if the tag matches a permitted tag. (Miriyala, col29 par4 teaches policy agent 139 receives, from policy controller 23, a first policy rule that permits network traffic originating from interface 146C and includes tag 1. Policy agent 139 may examine categories applied to interfaces 146, determine that a category of interface 146A matches tag 1 of the first policy rule, and apply the policy rule only to interface 146A. VN agent 35 may subsequently permit network traffic originating from interface 146C and destined for interface 146A).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of determine if the tag matches a permitted tag, as taught by Miriyala in the system of Palermo, Das and Kavanagh, so virtualization can provide significant improvements to efficiency and provide significant control over the infrastructure, see Miriyala col1 par2.

As per claim 3.  Palermo, Das, Kavanagh and Miriyala disclose the system of claim 2.
          Palermo and Das do not explicitly disclose wherein the packet context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag.
          Kavanagh however discloses wherein the packet context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag. (Kavanagh, par0092 teaches the GTP packets are first checked against the correct source and destination and mask addresses….the GTP Filter determines whether the message type (SGSN Context Request/Acknowledge) based on the source IP address [source IP address] is permitted to proceed through the GTP Filter).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the packet context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag, as taught by Kavanagh in the system of Palermo and Das, so GTP Filter performs specific filtering rules, this limits the effect of attacks, limits the number of GTP-Control Plane and User Plane messages that can be passed through the GTP Filter and what messages are permitted and denied, see Kavanagh par0034.

As per claim 11.  Palermo and Das disclose the at least one non-transitory computer-readable medium of claim 10.
          Palermo further discloses wherein the at least one processor is to: (Palermo, par0024 teaches the multiple cores 114 of CPU 104 are employed to execute various software components 130).
first path tag, (Palermo, par0056 teaches packet data 808 including a tag 810, a packet header 812, and payload data 814. The packet header and payload data correspond to the original packet data (being sent), while tag 810 [fast path tag] is used for routing/forwarding purposes, and includes data for determining which packets are forwarded using a VM-to-VM cache fast path [fast path] and which packets are forwarded using a vSwitch.).
a packet is permitted to use a first path route, and the packet including a first path tag (Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912. If the packet is tagged for VM-VM cache fast path, the packet will be forwarded via an appropriate VM-VM cache fast path, as depicted by a block 914. This will entail the operations of decision block 916 and blocks 918 and 920).
determine if the first path tag comprises a routing tag that matches a permitted routing tag, the permitted routing tag (Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912. If the packet is tagged for VM-VM cache fast path, the packet will be forwarded via an appropriate VM-VM cache fast path, as depicted by a block 914.
          Palermo and Das do not explicitly disclose verify that a packet is permitted, based at least in part on the packet context, verify that the packet has an associated context associated with.
          Kavanagh however discloses verify that a packet is permitted, based at least in part on the packet context. (Kavanagh, par0064, 0092 teaches the GTP Filter then verifies that the IE “SGSN Address for Signaling” is that of an expected/permitted IP address. The GTP Filter also verifies that the IE “SGSN Address for User Traffic” is that of an expected/permitted IP address. It is then determined that the MS has an active PDP Context residing on the target GGSN by analyzing the TID value in the GTP header. An Update PDP Context response is only permitted through the GTP Filter when an Update PDP Context Request Message Type has been received… the TID or TEID is also checked to determine whether a PDP Context exists for this MS, and if so, the message is permitted. The GTP Filter only permits an SGSN Context Acknowledge message when an SGSN Context Request message exists. The GTP Filter also verifies that the TEID value in the SGSN Context Acknowledge message is the same as what was sent in the SGSN Context Request/Response message).
verify that the packet has an associated context associated with. (Kavanagh, par0064, 0092 teaches the GTP Filter then verifies that the IE “SGSN Address for Signaling” is that of an expected/permitted IP address. The GTP Filter also verifies that the IE “SGSN Address for User Traffic” is that of an expected/permitted IP address. It is then determined that the MS has an active PDP Context residing on the target GGSN by analyzing the TID value in the GTP header. An Update PDP Context response is only permitted through the GTP Filter when an Update PDP Context Request Message Type has been received… the TID or TEID is also checked to determine whether a PDP Context exists for this MS, and if so, the message is permitted. The GTP Filter only permits an SGSN Context Acknowledge message when an SGSN Context Request message exists. The GTP Filter also verifies that the TEID value in the SGSN Context Acknowledge message is the same as what was sent in the SGSN Context Request/Response message).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of verify that a packet is permitted, based at least in part on the packet context, verify that the packet has an associated context associated with, as taught by Kavanagh in the at least one non-transitory computer-readable medium of Palermo and Das, so GTP Filter performs specific filtering rules, this limits the effect of attacks, limits the number of GTP-Control Plane and User Plane messages that can be passed through the GTP Filter and what messages are permitted and denied, see Kavanagh par0034.
          Palermo, Das and Kavanagh do not explicitly disclose determine if the tag comprises a tag that matches a permitted tag.
          Miriyala however discloses determine if the tag comprises a tag that matches a permitted tag. (Miriyala, col29 par4 teaches policy agent 139 receives, from policy controller 23, a first policy rule that permits network traffic originating from interface 146C and includes tag 1. Policy agent 139 may examine categories applied to interfaces 146, determine that a category of interface 146A matches tag 1 of the first policy rule, and apply the policy rule only to interface 146A. VN agent 35 may subsequently permit network traffic originating from interface 146C and destined for interface 146A).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of determine if the tag comprises a tag that matches a permitted tag, as taught by Miriyala in the at least one non-transitory computer-readable medium of Palermo, Das and Kavanagh, so virtualization can provide significant improvements to efficiency and provide significant control over the infrastructure, see Miriyala col1 par2.

As per claim 12.  Palermo, Das, Kavanagh and Miriyala disclose the at least one non-transitory computer-readable medium of claim 11.
          Palermo and Das do not explicitly disclose wherein the packet context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag.
          Kavanagh however discloses wherein the packet context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag. (Kavanagh, par0092 teaches the GTP packets are first checked against the correct source and destination and mask addresses….the GTP Filter determines whether the message type (SGSN Context Request/Acknowledge) based on the source IP address [source IP address] is permitted to proceed through the GTP Filter).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the packet context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag, as taught by Kavanagh in the at least one non-transitory computer-readable medium of Palermo and Das, so GTP Filter performs specific filtering rules, this limits the effect of attacks, limits the number of GTP-Control Plane and User Plane messages that can be passed through the GTP Filter and what messages are permitted and denied, see Kavanagh par0034.

Claims 4 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Palermo in view of Das further in view of Kavanagh further in view of Miriyala, and further in view of Seely et al. (US20190109792A1) hereinafter Seely. 
As per claim 4.  Palermo, Das, Kavanagh and Miriyala disclose the system of claim 2.
          Palermo further discloses the at least one processor is to (Palermo, par0024 teaches the multiple cores 114 of CPU 104 are employed to execute various software components 130).
          Palermo do not explicitly discloses to the path allocated for HPC traffic.
          Das however discloses to the path allocated for HPC traffic (Das, par0055, 0057 teaches the primary cluster may include the one or more ports 119 having an ultra-low latency when compared to a predefined latency threshold. The one or more secondary clusters may include the one or more ports 119 having a high latency when compared to the predefined latency threshold…. the packet transmitting module 247 may transmit the first group of the plurality of data packets to the one or more other controllers 103 associated with the HPC switch 107, through the one or more ports 119 belonging to the primary cluster [the path allocated for HPC traffic]). 
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of to the path allocated for HPC traffic, as taught by Das in the system of Palermo, so High Performance Computing (HPC) switches improve performance in high performance computing and networking infrastructure, including high speed message transmission, see Das par0003.
         Palermo, Das, Kavanagh and Miriyala do not explicitly disclose wherein to permit the packet to progress, the at least one processor is to associate the packet with an egress queue for egress.
          Seely however discloses wherein to permit the packet to progress, the at least one processor is to associate the packet with an egress queue for egress. (Seely, par0023-0025 teaches the egress 106 may include an egress queue…. The egress queue may store incoming packets 104 at the egress buffer until there is storage space and/or processing bandwidth available at an egress 106 that packet 104 is being routed to …The egress metering and/or policing manager may meter and or police packets 104 coming from the egress queue on the way to departing the egress 106).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein to permit the packet to progress, the at least one processor is to associate the packet with an egress queue for egress, as taught by Seely in the system of Palermo, Das, Kavanagh and Miriyala, so mechanisms to monitor and influence the flow of information across the network may be utilized to monitor and influence the performance of the network, see Seely par0001.

As per claim 13.  Palermo, Das and Kavanagh and Miriyala disclose the at least one non-transitory computer-readable medium of claim 11.
          Palermo further discloses comprising instructions stored thereon, that if executed by at least one processor, cause the at least one processor to:  (Palermo, par0020, par0024 teaches FIG. 1 shows an exemplary host platform architecture 100 [system]… includes a central processing unit (CPU) 104 coupled to each of a memory interface 106, … Memory interface 106, also referred to as a memory controller, is configured to facilitate access to system memory 113…. the multiple cores 114 of CPU 104 are employed to execute various software components 130, such as modules and applications, which are stored in one or more non-volatile storage devices, such as depicted by disk drive 128).
permit the packet to progress to, the permitted routing tag (Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912. If the packet is tagged for VM-VM cache fast path, the packet will be forwarded via an appropriate VM-VM cache fast path, as depicted by a block 914. This will entail the operations of decision block 916 and blocks 918 and 920).
          Palermo, Das, Kavanagh and Miriyala do not explicitly disclose an egress queue associated with an egress port, the egress queue and egress port associated with.
          Seely however discloses an egress queue associated with an egress port, the egress queue and egress port associated with. (Seely, par0023-0025 teaches the egress 106 may include an egress queue…. The egress queue may store incoming packets 104 at the egress buffer until there is storage space and/or processing bandwidth available at an egress 106 that packet 104 is being routed to …The egress metering and/or policing manager may meter and or police packets 104 coming from the egress queue on the way to departing the egress 106).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of an egress queue associated with an egress port, the egress queue and egress port associated with, as taught by Seely in the at least one non-transitory computer-readable medium of Palermo, Das, Kavanagh and Miriyala, so mechanisms to monitor and influence the flow of information across the network may be utilized to monitor and influence the performance of the network, see Seely par0001.

Claims 5 - 7 and 14 - 16 are rejected under 35 U.S.C. 103 as being unpatentable over Palermo in view of Das further in view of Kavanagh, and further in view of Hummel et al. (US20140137215A1) hereinafter Hummel. 
As per claim 5.  Palermo and Das disclose the system of claim 1.
          Palermo further discloses wherein the at least one processor is to:  (Palermo, par0024 teaches the multiple cores 114 of CPU 104 are employed to execute various software components 130).
first path tag, (Palermo, par0056 teaches packet data 808 including a tag 810, a packet header 812, and payload data 814. The packet header and payload data correspond to the original packet data (being sent), while tag 810 [first path tag] is used for routing/forwarding purposes, and includes data for determining which packets are forwarded using a VM-to-VM cache fast path [fast path] and which packets are forwarded using a vSwitch.).
determine if the first path tag comprises a, tag that matches a permitted, tag, the permitted, tag (Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912. If the packet is tagged for VM-VM cache fast path, the packet will be forwarded via an appropriate VM-VM cache fast path, as depicted by a block 914.
          Palermo and Das do not explicitly disclose verify that the packet context matches a context associated with.
          Kavanagh however discloses verify that the packet context matches a context associated with. (Kavanagh, par0064, 0092 teaches the GTP Filter then verifies that the IE “SGSN Address for Signaling” is that of an expected/permitted IP address. The GTP Filter also verifies that the IE “SGSN Address for User Traffic” is that of an expected/permitted IP address. It is then determined that the MS has an active PDP Context residing on the target GGSN by analyzing the TID value in the GTP header. An Update PDP Context response is only permitted through the GTP Filter when an Update PDP Context Request Message Type has been received… the TID or TEID is also checked to determine whether a PDP Context exists for this MS, and if so, the message is permitted. The GTP Filter only permits an SGSN Context Acknowledge message when an SGSN Context Request message exists. The GTP Filter also verifies that the TEID value in the SGSN Context Acknowledge message is the same as what was sent in the SGSN Context Request/Response message).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of verify that the packet context matches a context associated with, as taught by Kavanagh in the system of Palermo and Das, so GTP Filter performs specific filtering rules, this limits the effect of attacks, limits the number of GTP-Control Plane and User Plane messages that can be passed through the GTP Filter and what messages are permitted and denied, see Kavanagh par0034.
          Palermo, Das and Kavanagh do not explicitly disclose a queue tag that matches a permitted queue tag, the permitted queue tag.
          Hummel however discloses a queue tag that matches a permitted queue tag, the permitted queue tag. (Hummel, par0036-0037 teaches related header information, for example: {per port seed, port number, link number, virtual queue tag}. The credential processing engine 226 can assign one or more credentials based on a virtual queue (VQ) tag, VLAN membership….The credential validation module 228 authenticates flowtag data can validate a credential received with a flowtag against a copy generated, or recalculated, at an ingress port at the aggregation device 200. Once the credential is validated, the flowtag contents can be used to route the packet to the appropriate destination virtqueue 218).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of determine if the tag comprises a tag that matches a permitted tag, as taught by Hummel in the system of Palermo, Das and Kavanagh, so flow tag permits decode functions to be performed in software thereby reducing hardware efforts generally required when processing MAC addresses and can also reduce the risk of exposure of MAC addresses to spoofing, see Hummel par0017.

As per claim 6.  Palermo, Das, Kavanagh and Hummel disclose the system of claim 5.
           Palermo and Das do not explicitly disclose wherein the packet context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag.
          Kavanagh however discloses wherein the packet context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag. (Kavanagh, par0092 teaches the GTP packets are first checked against the correct source and destination and mask addresses….the GTP Filter determines whether the message type (SGSN Context Request/Acknowledge) based on the source IP address [source IP address] is permitted to proceed through the GTP Filter).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of  wherein the packet context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag, as taught by Kavanagh in the system of Palermo and Das, so GTP Filter performs specific filtering rules, this limits the effect of attacks, limits the number of GTP-Control Plane and User Plane messages that can be passed through the GTP Filter and what messages are permitted and denied, see Kavanagh par0034.

As per claim 7  Palermo, Das, Kavanagh and Hummel disclose the system of claim 5. 
          Palermo further discloses the at least one processor is to (Palermo, par0024 teaches the multiple cores 114 of CPU 104 are employed to execute various software components 130).
          Palermo, Das and Kavanagh do not explicitly disclose wherein to permit the packet to progress, to associate the packet with a destination queue.
          Hummel however discloses wherein to permit the packet to progress, to associate the packet with a destination queue. (Hummel, par0036-0037 teaches related header information, for example: {per port seed, port number, link number, virtual queue tag}. The credential processing engine 226 can assign one or more credentials based on a virtual queue (VQ) tag, VLAN membership….The credential validation module 228 authenticates flowtag data can validate a credential received with a flowtag against a copy generated, or recalculated, at an ingress port at the aggregation device 200. Once the credential is validated, the flowtag contents can be used to route the packet to the appropriate destination virtqueue 218).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein to permit the packet to progress, to associate the packet with a destination queue, as taught by Hummel in the system of Palermo, Das and Kavanagh, so flow tag permits decode functions to be performed in software thereby reducing hardware efforts generally required when processing MAC addresses and can also reduce the risk of exposure of MAC addresses to spoofing, see Hummel par0017.

As per claim 14.  Palermo and Das disclose the at least one non-transitory computer-readable medium of claim 10.
          Palermo further discloses the at least one processor is to: (Palermo, par0024 teaches the multiple cores 114 of CPU 104 are employed to execute various software components 130).
faster path tag, and the packet including a faster path tag (Palermo, par0056 teaches packet data 808 including a tag 810, a packet header 812, and payload data 814. The packet header and payload data correspond to the original packet data (being sent), while tag 810 [fast path tag] is used for routing/forwarding purposes, and includes data for determining which packets are forwarded using a VM-to-VM cache fast path [fast path] and which packets are forwarded using a vSwitch.).
use a first path route, determine if the first path tag comprises (Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912. If the packet is tagged for VM-VM cache fast path, the packet will be forwarded via an appropriate VM-VM cache fast path, as depicted by a block 914.
          Palermo and Das do not explicitly disclose verify that a packet is permitted, based at least in part on the packet context, verify that the packet has an expected context associated with.
          Kavanagh however discloses verify that a packet is permitted, based at least in part on the packet context. (Kavanagh, par0064, 0092 teaches the GTP Filter then verifies that the IE “SGSN Address for Signaling” is that of an expected/permitted IP address. The GTP Filter also verifies that the IE “SGSN Address for User Traffic” is that of an expected/permitted IP address. It is then determined that the MS has an active PDP Context residing on the target GGSN by analyzing the TID value in the GTP header. An Update PDP Context response is only permitted through the GTP Filter when an Update PDP Context Request Message Type has been received… the TID or TEID is also checked to determine whether a PDP Context exists for this MS, and if so, the message is permitted. The GTP Filter only permits an SGSN Context Acknowledge message when an SGSN Context Request message exists. The GTP Filter also verifies that the TEID value in the SGSN Context Acknowledge message is the same as what was sent in the SGSN Context Request/Response message).
verify that the packet has an expected context associated with. (Kavanagh, par0064, 0092 teaches the GTP Filter then verifies that the IE “SGSN Address for Signaling” is that of an expected/permitted IP address. The GTP Filter also verifies that the IE “SGSN Address for User Traffic” is that of an expected/permitted IP address. It is then determined that the MS has an active PDP Context residing on the target GGSN by analyzing the TID value in the GTP header. An Update PDP Context response is only permitted through the GTP Filter when an Update PDP Context Request Message Type has been received… the TID or TEID is also checked to determine whether a PDP Context exists for this MS, and if so, the message is permitted. The GTP Filter only permits an SGSN Context Acknowledge message when an SGSN Context Request message exists. The GTP Filter also verifies that the TEID value in the SGSN Context Acknowledge message is the same as what was sent in the SGSN Context Request/Response message).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of verify that a packet is permitted, based at least in part on the packet context, verify that the packet has an expected context associated with, as taught by Kavanagh in the at least one non-transitory computer-readable medium of Palermo and Das, so GTP Filter performs specific filtering rules, this limits the effect of attacks, limits the number of GTP-Control Plane and User Plane messages that can be passed through the GTP Filter and what messages are permitted and denied, see Kavanagh par0034.
          Palermo, Das and Kavanagh do not explicitly disclose a queue tag that matches a permitted queue tag, the permitted queue tag.
          Hummel however discloses a queue tag that matches a permitted queue tag, the permitted queue tag. (Hummel, par0036-0037 teaches related header information, for example: {per port seed, port number, link number, virtual queue tag}. The credential processing engine 226 can assign one or more credentials based on a virtual queue (VQ) tag, VLAN membership….The credential validation module 228 authenticates flowtag data can validate a credential received with a flowtag against a copy generated, or recalculated, at an ingress port at the aggregation device 200. Once the credential is validated, the flowtag contents can be used to route the packet to the appropriate destination virtqueue 218).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of determine if the tag comprises a tag that matches a permitted tag, as taught by Hummel in the at least one non-transitory computer-readable medium of Palermo, Das and Kavanagh, so flow tag permits decode functions to be performed in software thereby reducing hardware efforts generally required when processing MAC addresses and can also reduce the risk of exposure of MAC addresses to spoofing, see Hummel par0017.

 As per claim 15.  Palermo, Das and Kavanagh and Hummel disclose the at least one non-transitory computer-readable medium of claim 14.
           Palermo and Das do not explicitly disclose wherein the packet context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag.
          Kavanagh however discloses wherein the packet context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag. (Kavanagh, par0092 teaches the GTP packets are first checked against the correct source and destination and mask addresses….the GTP Filter determines whether the message type (SGSN Context Request/Acknowledge) based on the source IP address [source IP address] is permitted to proceed through the GTP Filter).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the packet context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag, as taught by Kavanagh in the at least one non-transitory computer-readable medium of Palermo and Das, so GTP Filter performs specific filtering rules, this limits the effect of attacks, limits the number of GTP-Control Plane and User Plane messages that can be passed through the GTP Filter and what messages are permitted and denied, see Kavanagh par0034.

As per claim 16  Palermo, Das, Kavanagh and Hummel disclose the at least one non-transitory computer-readable medium of claim 14. 
          Palermo further discloses comprising instructions stored thereon, that if executed by at least one processor, cause the at least one processor to:  (Palermo, par0020, par0024 teaches FIG. 1 shows an exemplary host platform architecture 100 [system]… includes a central processing unit (CPU) 104 coupled to each of a memory interface 106, … Memory interface 106, also referred to as a memory controller, is configured to facilitate access to system memory 113…. the multiple cores 114 of CPU 104 are employed to execute various software components 130, such as modules and applications, which are stored in one or more non-volatile storage devices, such as depicted by disk drive 128).
permit the packet to progress to, the permitted routing tag (Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912. If the packet is tagged for VM-VM cache fast path, the packet will be forwarded via an appropriate VM-VM cache fast path, as depicted by a block 914. This will entail the operations of decision block 916 and blocks 918 and 920).
          Palermo, Das and Kavanagh do not explicitly disclose permit the packet to progress to a destination queue associated with associated with the permitted queue tag.
          Hummel however discloses permit the packet to progress to a destination queue associated with associated with the permitted queue tag. (Hummel, par0036-0037 teaches related header information, for example: {per port seed, port number, link number, virtual queue tag}. The credential processing engine 226 can assign one or more credentials based on a virtual queue (VQ) tag, VLAN membership….The credential validation module 228 authenticates flowtag data can validate a credential received with a flowtag against a copy generated, or recalculated, at an ingress port at the aggregation device 200. Once the credential is validated, the flowtag contents can be used to route the packet to the appropriate destination virtqueue 218).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of permit the packet to progress to a destination queue associated with associated with the permitted queue tag, as taught by Hummel in the at least one non-transitory computer-readable medium of Palermo, Das and Kavanagh, so flow tag permits decode functions to be performed in software thereby reducing hardware efforts generally required when processing MAC addresses and can also reduce the risk of exposure of MAC addresses to spoofing, see Hummel par0017.

Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Palermo in view of Das and further in view of Kavanagh. 
As per claim 17.  Palermo and Das disclose the at least one non-transitory computer-readable medium of claim 10.
          Palermo further discloses comprising instructions stored thereon, that if executed by at least one processor, cause the at least one processor to:  (Palermo, par0020, par0024 teaches FIG. 1 shows an exemplary host platform architecture 100 [system]… includes a central processing unit (CPU) 104 coupled to each of a memory interface 106, … Memory interface 106, also referred to as a memory controller, is configured to facilitate access to system memory 113…. the multiple cores 114 of CPU 104 are employed to execute various software components 130, such as modules and applications, which are stored in one or more non-volatile storage devices, such as depicted by disk drive 128).
permit the packet to progress to, the permitted routing tag (Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912. If the packet is tagged for VM-VM cache fast path, the packet will be forwarded via an appropriate VM-VM cache fast path, as depicted by a block 914. This will entail the operations of decision block 916 and blocks 918 and 920).
          Palermo and Das do not explicitly disclose in response to failed verification of the packet, perform one or more of: discard the packet or initiate closing of a first transmit path associated with the packet.
          Kavanagh however discloses in response to failed verification of the packet, perform one or more of: discard the packet or initiate closing of a first transmit path associated with the packet. (Kavanagh, par0095-0096 teaches the GTP Filter verifies that there is a PDP Context that is active for this MS. Thus, as shown at step 162, GTP packets that do not meet the filtering criteria [in response to failed verification of the packet] are dropped [discard the packet]).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of in response to failed verification of the packet, perform one or more of: discard the packet or initiate closing of a first transmit path associated with the packet, as taught by Kavanagh in the at least one non-transitory computer-readable medium of Palermo and Das, so GTP Filter performs specific filtering rules, this limits the effect of attacks, limits the number of GTP-Control Plane and User Plane messages that can be passed through the GTP Filter and what messages are permitted and denied, see Kavanagh par0034.

Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Palermo in view of Das further in view of Kavanagh, further in view of Hummel, and further in view of Seely. 
As per claim 19.  Palermo and Das disclose the system of claim 18.
           Palermo further discloses wherein the at least one processor is to: (Palermo, par0024 teaches the multiple cores 114 of CPU 104 are employed to execute various software components 130).
first path tag, (Palermo, par0056 teaches packet data 808 including a tag 810, a packet header 812, and payload data 814. The packet header and payload data correspond to the original packet data (being sent), while tag 810 [first path tag] is used for routing/forwarding purposes, and includes data for determining which packets are forwarded using a VM-to-VM cache fast path [first path] and which packets are forwarded using a vSwitch.).
permit the packet to progress to, the permitted routing tag and the first path tag comprising a routing tag that matches a permitted routing tag (Palermo, par0061 teaches the packet tag and header is inspected in a block 908 at a virtual network ingress point. As determined by a decision block 910, if the packet is not tagged for VM-VM cache fast path, the packet will be forwarded via a virtual switch, as depicted by a block 912. If the packet is tagged for VM-VM cache fast path, the packet will be forwarded via an appropriate VM-VM cache fast path, as depicted by a block 914.
          Palermo and Das do not explicitly disclose based on the packet having packet context associated with, the packet context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag.
          Kavanagh however discloses based on the packet having packet context associated with. (Kavanagh, par0064, 0092 teaches the GTP Filter then verifies that the IE “SGSN Address for Signaling” is that of an packet/permitted IP address. The GTP Filter also verifies that the IE “SGSN Address for User Traffic” is that of an packet/permitted IP address. It is then determined that the MS has an active PDP Context residing on the target GGSN by analyzing the TID value in the GTP header. An Update PDP Context response is only permitted through the GTP Filter when an Update PDP Context Request Message Type has been received… the TID or TEID is also checked to determine whether a PDP Context exists for this MS, and if so, the message is permitted. The GTP Filter only permits an SGSN Context Acknowledge message when an SGSN Context Request message exists. The GTP Filter also verifies that the TEID value in the SGSN Context Acknowledge message is the same as what was sent in the SGSN Context Request/Response message).
the packet context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag. (Kavanagh, par0092 teaches the GTP Filter determines whether the message type (SGSN Context Request/Acknowledge) based on the source IP address [source IP address] is permitted to proceed through the GTP Filter).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of based on the packet having packet context associated with, the packet context comprises one or more of: transmit queue identifier, header structure, header content, source MAC address, source IP address, ingress port number, egress port number, egress queue ID, destination MAC address, destination IP address, or VLAN tag, as taught by Kavanagh in the system of Palermo and Das, so GTP Filter performs specific filtering rules, this limits the effect of attacks, limits the number of GTP-Control Plane and User Plane messages that can be passed through the GTP Filter and what messages are permitted and denied, see Kavanagh par0034.
          Palermo, Das and Kavanagh do not explicitly disclose a queue tag that matches a permitted queue tag, the permitted queue tag.
          Hummel however discloses a queue tag that matches a permitted queue tag, the permitted queue tag. (Hummel, par0036-0037 teaches related header information, for example: {per port seed, port number, link number, virtual queue tag}. The credential processing engine 226 can assign one or more credentials based on a virtual queue (VQ) tag, VLAN membership….The credential validation module 228 authenticates flowtag data can validate a credential received with a flowtag against a copy generated, or recalculated, at an ingress port at the aggregation device 200. Once the credential is validated, the flowtag contents can be used to route the packet to the appropriate destination virtqueue 218).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of a queue tag that matches a permitted queue tag, the permitted queue tag, as taught by Hummel in the system of Palermo, Das and Kavanagh, so flow tag permits decode functions to be performed in software thereby reducing hardware efforts generally required when processing MAC addresses and can also reduce the risk of exposure of MAC addresses to spoofing, see Hummel par0017.
          Palermo, Das, Kavanagh and Hummel do not explicitly disclose permit the packet to progress to a destination queue, an egress queue.
          Seely however discloses permit the packet to progress to a destination queue, an egress queue. (Seely, par0021, 0023 teaches the egress 106 may be an interface with a destination node … The egress 106 may include an egress queue. … The egress queue may store incoming packets 104 at the egress buffer until there is storage space and/or processing bandwidth available at an egress 106 that packet 104 is being routed to).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of permit the packet to progress to a destination queue, an egress queue, as taught by Seely in the system of Palermo, Das, Kavanagh and Hummel, so mechanisms to monitor and influence the flow of information across the network may be utilized to monitor and influence the performance of the network, see Seely par0001.

Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over Palermo in view of Das and further in view of Gogic et al. (US20100226252A1) hereinafter Gogic. 
As per claim 21.  Palermo and Das disclose the system of claim 1.
       Palermo further discloses wherein the first path tag is valid (Palermo, par0056 teaches packet data 808 including a tag 810, a packet header 812, and payload data 814. The packet header and payload data correspond to the original packet data (being sent), while tag 810 [wherein the first path tag is valid] is used for routing/forwarding purposes, and includes data for determining which packets are forwarded using a VM-to-VM cache fast path and which packets are forwarded using a vSwitch.).
       Palermo and Das do not explicitly disclose wherein the first path tag is valid for a period of time. 
          Gogic however discloses wherein the first path tag is valid for a period of time. (Gogic, par0053, 0059 teaches priority status may be valid for a period of time…. the user equipment 602 may use the priority DSCP markings 634 as a bootstrap for unimpeded communication with the authorization server 646 to effectively request priority for all its IP flows 630 for a period of time).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the first path tag is valid for a period of time, as taught by Gogic in the system of Palermo and Das, so it may be desirable to give priority to data traffic from personnel providing emergency services during a natural disaster, invoking data service priority during network congestion, see Gogic par0004.

Claim 22 is rejected under 35 U.S.C. 103 as being unpatentable over Palermo in view of Das and further in view of Li et al. (US20200195551A1) hereinafter Li. 
As per claim 22.  Palermo and Das disclose the system of claim 1.
       Palermo further discloses wherein based on the packet including the first path tag, the at least one processor is to:  (Palermo, par0056 teaches packet data 808 including a tag 810, a packet header 812, and payload data 814. The packet header and payload data correspond to the original packet data (being sent), while tag 810 [packet including the first path tag] is used for routing/forwarding purposes, and includes data for determining which packets are forwarded using a VM-to-VM cache fast path and which packets are forwarded using a vSwitch.).
       Palermo and Das do not explicitly disclose form a second packet that encapsulates the packet and cause transmission of the second packet. 
          Li however discloses form a second packet that encapsulates the packet and cause transmission of the second packet. (Li, par0059 teaches when a second packet hits the host route matching the first packet, the forwarding plane on the Leaf node encapsulates the second packet and sends the encapsulated second packet to a Leaf node corresponding to a next hop of the hit host route.).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of form a second packet that encapsulates the packet and cause transmission of the second packet, as taught by Li in the system of Palermo and Das, so data center may use a distributed gateway deployment, that is, each Leaf node in the data center is a distributed gateway, Leaf node is responsible for providing access for a host, see Li par0003.

Conclusion
The prior art made of record and not relied upon is considered pertinent are -
• Patel et al. (US9742672B1) – Related art in the area of an edge routing device of a service provider network includes a processing unit configured to retrieve, from a packet received via the one or more network interfaces, priority data from an Internet protocol (IP) header of the packet, form a first tag.
• Morrow (US7522601B1) – Related art in the area of a filtered router flag value in an information packet for packet-based communication networks. The presence of the filtered router flag value identifies the information packet as possibly requiring a slow-path routing technique.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MONISHWAR MOHAN whose telephone number is (571)272-2907. The examiner can normally be reached Monday - Thursday 7:00 am - 5:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Trost can be reached on (571) 272-7872. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/M.M./Examiner, Art Unit 2442                                                                                                                                                                                                        
/WILLIAM G TROST IV/Supervisory Patent Examiner, Art Unit 2442