PNG
    media_image1.png
    340
    340
    media_image1.png
    Greyscale
United States Patent and Trademark Office    
        
            
                                
            
        
    

Commissioner for Patents
United States Patent and Trademark Office
P.O. Box 1450
Alexandria, VA 22313-1450
www.uspto.gov











BEFORE THE PATENT TRIAL AND APPEAL BOARD


Application Number: 16/519,931
Filing Date: 23 Jul 2019
Appellant(s): VMware, Inc.



__________________
Keith N Arment (Reg. No. 72, 061)
For Appellant


EXAMINER’S ANSWER





This is in response to the appeal brief filed 05-09-2022 appealing from Office Action mailed 12-06-2021
(1) Grounds of Rejection to be Reviewed on Appeal
Every ground of rejection set forth in the Office action dated 12-06-2021 from which the appeal is taken is being maintained by the examiner except for the grounds of rejection (if any) listed under the subheading “WITHDRAWN REJECTIONS.”  New grounds of rejection (if any) are provided under the subheading “NEW GROUNDS OF REJECTION.”



(2) Restatement of Rejection
The following ground(s) of rejection are applicable to the appealed claims.
A. Claim Rejections - 35 USC § 103

Claims 1-4, 7-12, and 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over Kempf et al (US 20130125124) in view of Madapurath et al (US 20160299775).

As to claim 1 Kempf discloses a method comprising identifying a connection of a virtual machine to a port of a virtual switch on a host(Kempf ¶0017- 2nd sentence- CNM is coupled to a first virtualized server for hosting one or more virtual machines ("VM"), wherein the first virtualized server comprises a first virtual switch; Kempf Fig.2, ¶0067- 2nd – 4th sentences- virtual switch 217A provides virtual network ports to the VMs); identifying a tenant of a plurality of tenants associated with the virtual machine(Kempf ¶0115- last sentence- the VM's that belong to different tenants can have same network (IP/MAC) addresses); 
Kempf however is silent in determining that a tunnel endpoint is not allocated to the tenant on the host; and when in response to determining that a tunnel endpoint is not allocated to the tenant: initiating a tunnel endpoint on the host for the tenant; and directing traffic for the virtual machine to the initiated tunnel endpoint- in other words virtual machine associated with a new tenant will require a new tunnel. However in an analogous art Madapurath remedies this deficiency: (Madapurath Fig.2, ¶072-switch 103 creates an entry in forwarding mapping 206 for MAC address 252…tunnel mapping 206 maps a tuple comprising MAC address 252, VLAN 112, and tenant 1 to another tuple comprising tunnel 162 and VNI 222; ¶0076- Overlay module 172 determines virtual machine 156 to be a new virtual machine running on hypervisor 142 and determines whether to establish a tunnel….… virtual machines 126 and 136 are coupled to switch 103 and in VLAN 112 of tenant 2,…. overlay module 172 updates tunnel mapping 202 to map VLAN 112 and tenant 2 to tunnel 162 and VNI 228), 
Therefore it would have been obvious to one of ordinary skills in the art before the effective filing date of the invention to modify the teachings of Kempf with that of Madapurath for the purpose of updating tunnel mappings to associate VNIs with tunnels (Madapurath- penultimate sentence).

As to claim 2 the combined teachings of Kemp and Madapurath disclose the method of claim 1 further  comprising: identifying a second connection of a second virtual machine to a second port of the virtual switch on the host (Kempf Fig.2, ¶0067- 2nd – 4th sentences- virtual switch 217A provides virtual network ports to the VMs ); identifying a second tenant of the plurality of tenants associated with the second virtual machine (Kempf ¶0023- 3rd sentence- plurality of databases to generate tenant specific labels that are added to packets sent between tenant (VMs) ) determining that a second tunnel endpoint is allocated to the second tenant on the host; and in response to determining that a second tunnel endpoint is allocated to the tenant, directing traffic for the second virtual machine to the second tunnel endpoint(Madapurath Fig.2, ¶072; ¶0076). 

As to claim 3 the combined teachings of Kemp and Madapurath disclose the method of claim 1, wherein the tunnel endpoint is associated with a tenant identifier (Kempf ¶0021- 4th sentence- tenant identifier. .¶0073- 1st sentence).

As to claim 4 the combined teachings of Kemp and Madapurath discloses the method of claim 1, wherein the tunnel endpoint is associated with a tenant identifier, and wherein the tenant identifier comprises at least a source encapsulation internet protocol (IP) address and a virtual local area network (VLAN) tag (Kemp ¶0015- ¶0016, ¶0021-2nd sentence; Madapurath ¶0041- 3rd sentence)

As to claim 7 the combined teachings of Kemp and Madapurath disclose the method of claim 1 further comprising: identifying a second connection of a second virtual machine to a second port of the virtual switch on the host (Kempf Fig.2, ¶0067- 2nd – 4th sentences- virtual switch 217A provides virtual network ports to the VMs); identifying a second tenant of the plurality of tenants associated with the second virtual machine determining whether a second tunnel endpoint is allocated to the second tenant on the host (Kempf ¶0023- 3rd sentence- plurality of databases to generate tenant specific labels that are added to packets sent between tenant (VMs); and in response to determining that a second tunnel endpoint is not allocated to the tenant; initiating a second tunnel endpoint on the host to the second tenant; and directing traffic for the second virtual machine to the second initiated tunnel  endpoint (Madapurath Fig.2, ¶072 ¶0076)

As to claim 8 the combined teachings of Kemp and Mittal disclose the method of claim 1, wherein the second packet comprises a Virtual Extensible Local Area Network (VXLAN) packet (Madapurath ¶0069- last sentence- to carry traffic of both VLANs 112 and 114 of tenant 1 by using VNIs 222 and 224, respectively, in the tunnel encapsulation header (e.g., a VXLAN header). 

As to claim 9 Kempf disclose a computing apparatus comprising: one or more non-transitory computer readable storage media (Kempf ¶0059- 2nd sentence- non-transitory tangible machine readable medium) a processing system operatively coupled to the one or more non-transitory computer readable storage media (Kempf ¶059- 3rd sentence- one or more processors); and program instructions stored on the one or more non-transitory computer readable storage media that, when executed by the processing system, direct the processing system to: identify a connection of a virtual machine to a port of a virtual switch on a host (Kempf ¶0017- 2nd sentence- CNM is coupled to a first virtualized server for hosting one or more virtual machines ("VM"), wherein the first virtualized server comprises a first virtual switch; Fig.2, ¶0067- 2nd – 4th sentences- virtual switch 217A provides virtual network ports to the VMs) ; identify a tenant associated with the virtual machine (Kempf ¶0115- last sentence- the VM's that belong to different tenants can have same network (IP/MAC) addresses); 
Kempf however is silent in determining that a tunnel endpoint is not allocated to the tenant on the host; and when in response to determining that a tunnel endpoint is not allocated to the tenant: initiating a tunnel endpoint on the host for the tenant; and directing traffic for the virtual machine to the initiated tunnel endpoint- in other words virtual machine associated with a new tenant will require a new tunnel. However in an analogous art Madapurath remedies this deficiency: (Madapurath Fig.2, ¶072-switch 103 creates an entry in forwarding mapping 206 for MAC address 252…tunnel mapping 206 maps a tuple comprising MAC address 252, VLAN 112, and tenant 1 to another tuple comprising tunnel 162 and VNI 222; ¶0076- Overlay module 172 determines virtual machine 156 to be a new virtual machine running on hypervisor 142 and determines whether to establish a tunnel….… virtual machines 126 and 136 are coupled to switch 103 and in VLAN 112 of tenant 2,…. overlay module 172 updates tunnel mapping 202 to map VLAN 112 and tenant 2 to tunnel 162 and VNI 228), 
Therefore it would have been obvious to one of ordinary skills in the art before the effective filing date of the invention to modify the teachings of Kempf with that of Madapurath for the purpose of updating tunnel mappings to associate VNIs with tunnels (Madapurath- penultimate sentence).

As to claim 10 the combined teachings of Kempf and Madapurath disclose the computing apparatus of claim 9, wherein the program instructions further direct the processing system to, identify a second connection of a second virtual machine to a second port of the virtual switch on the host (Kempf Fig.2, ¶0067- 2nd – 4th sentences- virtual switch 217A provides virtual network ports to the VMs); identify a second tenant of the plurality of tenants associated with the second virtual machine (Kempf ¶0023- 3rd sentence- plurality of databases to generate tenant specific labels that are added to packets sent between tenant (VMs) ) determining that a second tunnel endpoint is allocated to the second tenant on the host; and in response to determining that a second tunnel endpoint is allocated to the tenant, directing traffic for the second virtual machine to the second tunnel endpoint (Madapurath Fig.2, ¶072 ¶0076). 
 
As to claim 11 the combined teachings of Kempf and Madapurath discloses the computing apparatus of claim 9 wherein the tunnel endpoint is associated with a tenant identifier (Kempf ¶0021- 4th sentence- tenant identifier.¶0073- 1st sentence).

As to claim 12 the combined teachings of Kempf and Madapurath disclose the computing apparatus of claim 9, wherein the tunnel endpoint is associated with a tenant identifier, and wherein the tenant identifier comprises at least a source encapsulation internet protocol (IP) address and a virtual local area network (VLAN) tag (Kemp ¶0015- ¶0016, ¶0021-2nd sentence; Madapurath ¶0041- 3rd sentence)

As to claim 15 the combined teachings of Kempf and Madapurath disclose the computing apparatus of claim 9, wherein the program instructions further direct the processing system to: identify a second connection of a second virtual machine to a second port of the virtual switch on the host ((Kempf Fig.2, ¶0067- 2nd – 4th sentences- virtual switch 217A provides virtual network ports to the VMs)); identify a second tenant of the plurality of tenants associated with the second virtual machine (Kempf ¶0023- 3rd sentence- plurality of databases to generate tenant specific labels that are added to packets sent between tenant (VMs); determine whether a second tunnel endpoint is allocated to the second tenant on the host; and when a second tunnel endpoint is not allocated to the tenant: allocate a second tunnel endpoint on the host to the second tenant; and map the second virtual machine to the second tunnel endpoint(Madapurath Fig.2, ¶072 ¶0076).  

As to claim 16 the combined teachings of Kempf and Madapurath disclose the computing apparatus of claim 9, wherein the second packet comprises a Virtual Extensible Local Area Network (VXLAN) packet (Madapurath ¶0069- last sentence- to carry traffic of both VLANs 112 and 114 of tenant 1 by using VNIs 222 and 224, respectively, in the tunnel encapsulation header (e.g., a VXLAN header).

As to claim 17 the combined teachings of Kempf and Madapurath disclose the computing apparatus of claim 9, wherein the tunnel endpoint is associated with a tenant identifier Kempf ¶0021- 4th sentence- tenant identifier.¶0073- 1st sentence), and wherein the program instructions further direct the processing system to notify a control system of the tenant identifier associated with the tenant (Kempf -¶0028- 4th sentence-  CNM receives a message including a tenant identifier (ID), a tenant MAC, and a server MAC)

As to claim 18 Kempf discloses an apparatus comprising: one or more non-transitory computer readable storage media (Kempf ¶0059- 2nd sentence- non-transitory tangible machine readable medium);
a processing system operatively coupled to the one or more non-transitory computer readable storage media (Kempf ¶059- 3rd sentence- one or more processors); and program instructions stored on the one or more non-transitory computer readable storage media that, when executed by the processing system, direct the processing system to: identify a connection of a virtual machine to a port of a virtual switch on a host (Kempf ¶0017- 2nd sentence- CNM is coupled to a first virtualized server for hosting one or more virtual machines ("VM"), wherein the first virtualized server comprises a first virtual switch; Fig.2, ¶0067- 2nd – 4th sentences- virtual switch 217A provides virtual network ports to the VMs); identify a tenant associated with the virtual machine (Kempf ¶0115- last sentence- the VM's that belong to different tenants can have same network (IP/MAC) addresses); 
Kempf however is silent in determining that a tunnel endpoint is not allocated to the tenant on the host; and when in response to determining that a tunnel endpoint is not allocated to the tenant: initiating a tunnel endpoint on the host for the tenant; and directing traffic for the virtual machine to the initiated tunnel endpoint; and when a tunnel endpoint is allocated to the tenant, directing traffic for the virtual machine to the initiated tunnel endpoint. However in an analogous art Madapurath remedies this deficiency: (Madapurath Fig.2, ¶072-switch 103 creates an entry in forwarding mapping 206 for MAC address 252…tunnel mapping 206 maps a tuple comprising MAC address 252, VLAN 112, and tenant 1 to another tuple comprising tunnel 162 and VNI 222; ¶0076- Overlay module 172 determines virtual machine 156 to be a new virtual machine running on hypervisor 142 and determines whether to establish a tunnel….… virtual machines 126 and 136 are coupled to switch 103 and in VLAN 112 of tenant 2,…. overlay module 172 updates tunnel mapping 202 to map VLAN 112 and tenant 2 to tunnel 162 and VNI 228), 
Therefore it would have been obvious to one of ordinary skills in the art before the effective filing date of the invention to modify the teachings of Kempf with that of Madapurath for the purpose of updating tunnel mappings to associate VNIs with tunnels (Madapurath- penultimate sentence).

As to claim 19 the combined teachings of Kempf and Madapurath disclose the apparatus of claim 18, wherein the tunnel endpoint is associated with a tenant identifier, and wherein the tenant identifier comprises at least a source encapsulation internet protocol (IP) address and a virtual local area network (VLAN) tag (Kemp ¶0009- tenant VPNs are implemented using IP encapsulation; ¶0063- 4th sentence- a specific source IP/MAC address specific VL2 broadcast domain (e.g., a specific virtual local area network (VLAN)) and IP/MAC address pair (e.g., a service policy may require that any 
network traffic including a specific VL2 broadcast domain broadcast domain (e.g., a specific VLAN tag)).

Claims 5, 13, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kempf in view of Madapurath and further in view of NAKAGAWA (US 20140208317).

As to claim 5 the combined teachings of Kemp and Madapurath disclose the method of claim 1, wherein the tunnel endpoint is associated with a tenant identifier (Kempf ¶0021- 4th sentence- tenant identifier.), however silent wherein the method further comprises: after directing traffic for the virtual machine to the tunnel endpoint, obtaining a packet from the virtual machine; generating a second packet that encapsulates the first packet-, wherein the second packet comprises the tenant identifier. However in an analogous art Nakagawa remedies this deficiency: (Nakagawa ¶0066- 1st sentence- receives a packet; ¶0066- 1st sentence-encapsulates the received packet- second packet being an encapsulated packet). Therefore it would have been obvious to one of ordinary skills in the art before the effective filing date of the invention to modify the teachings of Kempf and Mittal with that of Nakagawa for the purpose of managing allocation of VTEPs according to tenants on a host (Nakagawa ¶0177- last sentence).

As to claim 13 the combined teachings of Kempf and Madapurath discloses the computing apparatus of claim 9, wherein the tunnel endpoint is associated with a tenant identifier (Kempf ¶0021- 4th sentence- tenant identifier. ¶0073- 1st sentence), however silent wherein the method further comprises: after directing traffic for the virtual machine to the tunnel endpoint, obtaining a packet from the virtual machine; generating a second packet that encapsulates the first packet-, wherein the second packet comprises the tenant identifier. However in an analogous art Nakagawa remedies this deficiency: (Nakagawa ¶0066- 1st sentence- receives a packet; ¶0066- 1st sentence-encapsulates the received packet- second packet being an encapsulated packet). Therefore it would have been obvious to one of ordinary skills in the art before the effective filing date of the invention to modify the teachings of Kempf and Madapurath with that of Nakagawa for the purpose of managing allocation of VTEPs according to tenants on a host (Nakagawa ¶0177- last sentence).
As to claim 20 the combined teachings of Kempf and Madapurath disclose the apparatus of claim 18, wherein the tunnel endpoint is associated with a tenant identifier (Kempf ¶0021- 4th sentence- tenant identifier. ¶0073- 1st sentence), Kempf and Mittal however are silent wherein the program instructions further direct the processing system to: after directing traffic for the virtual machine to the tunnel endpoint, obtain a packet from the virtual machine generate a second packet that encapsulates the first packet, wherein the second packet comprises the tenant identifier. However in an analogous art Nakagawa remedies this deficiency: (Nakagawa ¶0066- 1st sentence- receives a packet; ¶0066- 1st sentence-encapsulates the received packet- second packet being an encapsulated packet). Therefore it would have been obvious to one of ordinary skills in the art before the effective filing date of the invention to modify the teachings of Kempf and Madapurath with that of Nakagawa for the purpose of managing allocation of VTEPs according to tenants on a host (Nakagawa ¶0177- last sentence).

Claims 6 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Kempf in view of Madapurath in view of NAKAGAWA and further in view of Sarangam et al (US 20190007280).

As to claim 6 the combined teachings of Kemp, Madapurath and Nakagawa disclose the method of claim 5 however silent further comprising: determining a quality of service associated with the second packet- encapsulated packet as taught by Nakagawa; and assigning the second packet to an egress queue based on the quality of service . However in an analogous art Sarangam remedies this deficiency: (Sarangam ¶0069- classified packets are scheduled for egress as a function of QoS traffic classifications of the packets; and transmitting packets that are scheduled for egress onto the network). Therefore it would have been obvious to one of ordinary skills in the art before the effective filing date of the invention to modify the combined teachings of Kempf, Madapurath and Nakagawa with that of Sarangam for the purpose of scheduling of packet egress as a function of the packet's QoS (Sarangam – Abstract).

As to claim 14 the combined teachings of Kemp, Madapurath and Nakagawa disclose
the computing apparatus of claim 13, however silent wherein the program instructions further direct the processing system to: determine a quality of service associated with the second packet; and assign the second packet to an egress queue based on the quality of service. However in an analogous art Sarangam remedies this deficiency: (Sarangam ¶0069- classified packets are scheduled for egress as a function of QoS traffic classifications of the packets; and transmitting packets that are scheduled for egress onto the network). Therefore it would have been obvious to one of ordinary skills in the art before the effective filing date of the invention to modify the combined teachings of Kempf, Madapurath and Nakagawa with that of Sarangam for the purpose of scheduling of packet egress as a function of the packet's QoS (Sarangam – Abstract).

(3) NEW GROUNDS OF REJECTION
N/A

(4) WITHDRAWN REJECTIONS
N/A 

(5) Response to Argument 
The Examiner’s response to the arguments of the brief concerning the art rejection of claims 1-20 are as follows:
In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007). In this case the Appellant argues that the cited art fail to teach or suggest “in response to determining that a tunnel endpoint is not allocated to the tenant: initiating a tunnel endpoint on the host for the tenant and directing traffic for the virtual machine to the initiated tunnel endpoint,” as recited by claim 1.
Kempf is relied on identifying a virtual machine connection to a port of a virtual switch and identifying a tenant of a plurality of tenants. Madapurath in Fig.2, ¶0072, ¶0076  consequentially teaches the creation of a new tunnel for virtual machine associated with a new tenant. In Madapurath the switch becomes a tunnel endpoint when it performs the tunnel mapping. As suggested in Fig.2 of Madapurath, dynamic orchestration of overlay tunnel are embodied and ¶0072 specifically describes creating  an entry in a forwarding mapping by mapping MAC address 252, VLAN 112, and tenant 1 to tunnel 162 and VNI 222 based on the mappings received from overlay module 172. In other words, tunnel mapping maps a tuple comprising MAC address 252, VLAN 112, and tenant 1 to another tuple comprising tunnel 162 and VNI 222. The determination of establishing a tunnel is further described in Madapurath ¶0076- where overlay module updates tunnel mapping  202 to map VLAN 112 and tenant 2 to tunnel 162 and VNI 228, thereby associating VNI 228 with tunnel 162. Madapurath combined with Kempf makes obvious the host virtual switch of Kempf being a tunnel endpoint by initiating a tunnel for the virtual machine.      
The Appellant further argues that even if Madapurath did initiate a new tunnel endpoint, the tunnel endpoint is not initiated on the same host with the virtual machine. However Kempf initially identifies this scenario of a virtual machine connection to a port of a virtual switch on a host. The combination of Kempf in view of Madapurath provides obviousness for a virtual switch of a host to initiate a tunnel and become a tunnel endpoint for a virtual machine of the host. 
With regard to the Appellants arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
Based on this analysis it believed that the combined references teaches all elements of Independent claims 1, 9 and 18 and henceforth their respective dependents.
 

(6) Conclusion
For the above reasons above it is believed that the rejection should be sustained.
Respectfully submitted,
/DERRICK V ROSE/            Examiner, Art Unit 2462                                                                                                                                                                                            

Conferees:
/KEVIN C. HARPER/Primary Examiner, Art Unit 2462

/YEMANE MESFIN/Supervisory Patent Examiner, Art Unit 2462                                                                                                                                                                                                              
                                                                                                                                                                                                  
Requirement to pay appeal forwarding fee.  In order to avoid dismissal of the instant appeal in any application or ex parte reexamination proceeding, 37 CFR 41.45 requires payment of an appeal forwarding fee within the time permitted by 37 CFR 41.45(a), unless appellant had timely paid the fee for filing a brief required by 37 CFR 41.20(b) in effect on March 18, 2013.