Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
	The IDS filed 5/19/2021 has been considered.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1, 2, 8, 9, 15, 16 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 3, 8, 10, 15 and 17 of U.S. Patent No. 11,019,035 in view of U.S. Patent No. 10,356,048. 
Regarding claim 1, both the instant application and ‘035 patent recites a method, comprising: identifying, by a device, a container associated with a first portion of a first network, wherein the container includes a first interface that is configured for directing network traffic between the first portion of the first network and one or more applications operating in a second portion of the first network; configuring, by the device, a second interface of the container for directing network traffic between a second network and the container; and routing second network traffic between the one or more applications operating in the second portion of the first network and the second network.. 
However, the ‘035 patent does not teach advertising, by the device, information associated with a route for directing first network traffic between the second network and the container; and routing, by the device and based on advertising the information associated with the route, second network traffic between the one or more applications operating in the second portion of the first network and the second network.
Nevertheless, this is taught by ‘048 patent (see claim 16). Before the effective filing date of the invention, one of ordinary skill in the art would have been motivated to advertise information associated with the route in order to force traffic to be directed with a specific path, therefore ensuring that traffic is directed as intended.  
Regarding claim 2, both the patent and the instant application recites advertising the information associated with the route is based on transmitting a notification associated with the route to a border gateway protocol (BGP) controller.
Claims 8 and 9 are device version of claims 1 and 2, which correspond to claims 8 and 10 of ‘035 patent, therefore are rejected under the same rationale.
Claims 15 and 16 are non-transitory computer-readable medium version of claims 1 and 2, which correspond to claims 8 and 10 of ‘035 patent, therefore are rejected under the same rationale. 

Claims 1, 3, 6-9, 13 and 15 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 16, 18, 20, 17, 1, 3, 4, 10, respectively, of U.S. Patent No. 10,356,048. See corresponding table. Although the claims at issue are not identical, they are not patentably distinct from each other because the current application is fully disclosed by the patent. The only difference is that the patent is more specific. One of ordinary skill would have been motivated to broaden the claims in order to seek broader patent protection. 

Current Application
US Patent No. 10,356,048
1. A method, comprising: identifying, by a device, a container associated with a first portion of a first network, wherein the container includes a first interface that is configured for directing network traffic between the first portion of the first network and one or more applications operating in a second portion of the first network; configuring, by the device, a second interface of the container for directing network traffic between a second network and the container; advertising, by the device, information associated with a route for directing first network traffic between the second network and the container; and routing, by the device and based on advertising the information associated with the route, second network traffic between the one or more applications operating in the second portion of the first network and the second network.



3. The method of claim 1, wherein advertising the information associated with the route comprises: advertising the information associated with the route to a switch device to permit the switch device to route the first network traffic.

6. The method of claim 1, further comprising: removing, based on detecting a trigger to remove the container, the container from the first network, wherein removing the container includes at least one of reconfiguring a firewall or removing the information associated with the route.

7. The method of claim 1, further comprising: configuring a firewall of the first portion of the first network to permit routing of the first network traffic.



8. A device, comprising: one or more processors configured to: identify a container associated with a first portion of a first network, wherein the container includes a first interface that is configured for directing network traffic between the first portion of the first network and one or more applications operating in a second portion of the first network; configure a second interface of the container for directing network traffic between a second network and the container; advertise information associated with a route for directing first network traffic between the second network and the container; and route, based on advertising the information associated with the route, second network traffic between the one or more applications operating in the second portion of the first network and the second network.








9. The device of claim 8, wherein advertising the information associated with the route is based on transmitting a notification associated with the route to a border gateway protocol (BGP) controller.

13. The device of claim 8, wherein the one or more processors are further configured to: remove, based on detecting a trigger to remove the container, the container from the first network, wherein the removal of the container includes at least one of reconfiguring a firewall or removing the information associated with the route.

15. A non-transitory computer-readable medium storing a set of instructions, the set of instructions comprising: one or more instructions that, when executed by one or more processors of a device, cause the device to: identify a container associated with a first portion of a first network, wherein the container includes a first interface that is configured for directing network traffic between the first portion of the first network and one or more applications operating in a second portion of the first network; configure a second interface of the container for directing network traffic between a second network and the container; advertise information associated with a route for directing first network traffic between the second network and the container; and route, based on advertising the information associated with the route, second network traffic between the one or more applications operating in the second portion of the first network and the second network.


16. A method, comprising: obtaining, by one or more computing resources of a network, a container for deployment in the network; the container including a self-contained execution environment, the container including an interface that is configured for directing network traffic between a front-end of the network and one or more other containers operating in a back-end of the network; configuring, by the one or more computing resources and based on obtaining the container, the container by configuring connectivity between another interface of the container, which is to direct network traffic between an external network and the front-end of the network, and the interface of the container; and performing, by the one or more computing resources and using the container, routing of network traffic between the one or more other containers operating in the back-end of the network and the external network.

18. The method of claim 16, where configuring the container comprises: advertising a route for directing network traffic between the external network and the container to a set of network devices of the network.

20. The method of claim 16, further comprising: detecting a trigger to remove the container from the network; and causing removal of the container from the network.





17. The method of claim 16, where configuring the container comprises: configuring a firewall functionality of the front-end of the network to permit network traffic to be routed between the external network and the front-end of the network.

1. A device, comprising: one or more memories; and one or more processors, communicatively coupled to the one or more memories, to: determine that a container is deployed in a front-end of a private network, the container including a self-contained execution environment, the container including a first interface that is configured for directing network traffic between the front-end of the private network and one or more applications operating in a back-end of the private network; configure a second interface of the container for directing network traffic between an external network and the container; configure a firewall of the front-end of the private network to permit routing of network traffic between the external network and the container; advertise a route for directing network traffic between the external network and the container; and perform routing of network traffic between the one or more applications operating in the back-end of the private network and the external network using the container based on advertising the route.

3. The device of claim 1, where the one or more processors, when advertising the route, are to: advertise the route using border gateway protocol.




4. The device of claim 1, where the one or more processors are further to: detect a trigger to remove the container from the private network; and cause removal of the container from the private network, the removal of the container from the private network including reconfiguring the firewall and removing the route.


10. A non-transitory computer-readable medium storing instructions, the instructions comprising: one or more instructions that, when executed by one or more processors, cause the one or more processors to: receive a proxy container for deployment in a front-end of a private network, the proxy container including a first interface that is configured for directing network traffic between the front-end of the private network and one or more applications operating in a back-end of the private network; configure connectivity between the first interface and a second interface of the proxy container, the second interface to direct network traffic between a client device of an external network and the proxy container; configure a firewall of the front-end of the private network to permit routing of network traffic between the external network and the second interface of the proxy container; advertise a route for directing network traffic between the external network and the second interface of the proxy container; and perform routing of network traffic between the one or more applications operating in the back-end of the private network and the external network using the first interface and the second interface of the proxy container and based on configuring the firewall and advertising the route.



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Johnson et al. (US 2008/0123536, hereinafter referred to as “Johnson”) in view of Tubaltsev et al., hereinafter referred to as “Tubaltsev”).

Regarding claim 1, Johnson teaches a method, comprising: 
identifying, by a device, a container associated with a first portion of a first network, wherein the container includes a first interface that is configured for directing network traffic between the first portion of the first network and one or more applications operating in a second portion of the first network (figure 5: container 505 interfacing internal network 525); configuring, by the device, a second interface of the container for directing network traffic between a second network and the container (figure 5: container 505 interfacing external network 530).
Johnson does not teach advertising, by the device, information associated with a route for directing first network traffic between the second network and the container; and routing, by the device and based on advertising the information associated with the route, second network traffic between the one or more applications operating in the second portion of the first network and the second network.
Tubaltsev teaches advertising, by the device, information associated with a route for directing first network traffic between the second network and the container (abstract - The network system includes a first set of host machines hosting virtual machines that connect to each other through a logical network. The network system includes a second set of host machines hosting virtualized containers that operate as gateways to process packets entering the logical network from external sources. Each of the virtualized containers advertises itself to an external router as a next hop for packets entering the logical network such that the external router uses equal-cost multi-path forwarding to distribute the packets across the virtualized containers on the second set of host machines.); and routing, by the device and based on advertising the information associated with the route, second network traffic between the one or more applications operating in the second portion of the first network and the second network ([0039] Some embodiments provide a network control system that enables logical networks operating in a network managed by the network control system to peer with and advertise routing information to physical routers outside of the managed network. In some embodiments, the logical networks contain logical routers at least partially implemented in managed gateways, and these gateways use a routing protocol (e.g., Border Gateway Protocol) to peer with the external physical routers. When multiple managed gateways implement the logical router (or at least the portion of the logical router that interfaces with the external network), these multiple gateways may separately advertise the same routes to an external router in some embodiments, thereby allowing the external router to distribute traffic for the advertised destinations across the multiple gateways.).
Before the effective filing date of the invention, one of ordinary skill in the art would have been motivated to advertise information associated with the route in order to force traffic to be directed with a specific path, therefore ensuring that traffic is directed as intended.

Regarding claim 2, Johnson does not teach the method of claim 1, wherein advertising the information associated with the route is based on transmitting a notification associated with the route to a border gateway protocol (BGP) controller. Tubaltsev teaches transmitting a notification to a border gateway protocol (BGP) controller, the notification including data that causes the BGP controller to configure a host route for directing other network traffic between the container and the second network ([0049] [0049] As shown, the L3 gateways 250-260 each include a Border Gateway Protocol (BGP) daemon 280-290. These daemons 280-290 peer with the external physical router 275 and advertise routes to this router for the logical router 115. In some embodiments, the BGP daemons 280-290 operates in the same way as a traditional physical router in terms of its exchange of information with its neighbors.). Before the effective filing date of the invention, one of ordinary skill in the art would have been motivated to transmit a notification to a BGP controller because BGP is a standardized protocol controller that exchanges routing and reachability information, thus it ensures data reaches its intended destination.

Regarding claim 3, Johnson does not teach the method of claim 1, wherein advertising the information associated with the route comprises: advertising the information associated with the route to a switch device to permit the switch device to route the first network traffic. 
Tubaltsev teaches wherein advertising the information associated with the route comprises: advertising the information associated with the route to a switch device to permit the switch device to route the first network traffic ([0006] The selected gateways peer with the external routers using a routing protocol, such as Border Gateway Protocol (BGP). In some embodiments, the controller generates routing protocol data based on the logical network configuration. For each port of the logical router that faces the external network, the controller identifies (i) the set of external routers with which the gateway implementing the port will peer (that is, its neighbors) and (ii) the set of routes that the gateway implementing the port will advertise. These routes may be simply the IP prefixes representing the logical switches that connect to the logical router, or may additionally include other routes input by the user or dynamically generated by processes that implement the logical router. In some embodiments, different ports of the logical router may advertise their routes to different external network routers. Once the network controller generates this data, along with the routing table data for the logical router implementation in the gateway, the network controller distributes the data to the gateways (e.g., through a hierarchy of network controllers).
Before the effective filing date of the invention, one of ordinary skill in the art would have been motivated to employ BGP in order to allow routers to exchange information advertising available routes or routes that are no longer available ([0001] A primary functionality of BGP is to allow two routers to exchange information advertising available routes or routes that are no longer available. That is, a first router may use this protocol to inform a second router that packets for a given IP address or IP prefix can be sent to the first router. The second router can then use this information to calculate routes.).

Regarding claim 4, Johnson teaches the method of claim 1, further comprising: receiving a request for a particular service associated with the container; obtaining, based on the particular service, the container from a repository of containers; and deploying the container based on the request ([0055] For example, a packet may be received by a host containing an entire virtual network through one or more physical NICs connected to an external network, such as the Internet. The packet is then sent through one or more virtual NICs, virtual network stacks, and possibly through one or more virtual switches before arriving at its destination container. The packet's destination container may then process the packet and send a reply back to the external network, or forward the packet and/or additional data to other containers on the host).

Regarding claim 5, Johnson teaches the method of claim 1, further comprising: detecting, based on monitoring a state of the container, that the container has been exited; and removing, based on detecting that the container has been exited, the route ([0035] containers may be removed).

Regarding claim 6, Johnson teaches the method of claim 1, further comprising: removing, based on detecting a trigger to remove the container, the container from the first network, wherein removing the container includes at least one of reconfiguring a firewall or removing the information associated with the route ([0033] [0033] In one or more embodiments of the invention, one or more containers (e.g., container 1 (118), container 2 (120), container 3 (122)) within the virtual network may, optionally, provide services to the internal network (125) and/or the external network (130). These services may include email, web server functionality, database, and DNS lookup utilities. In addition, the containers (e.g., container 1 (118), container 2 (120), container N (122)) may implement application-layer firewalls, such as Extensible Markup Language (XML) firewalls.).

Regarding claim 7, Johnson teaches tmhe method of claim 1, further comprising: configuring a firewall of the first portion of the first network to permit routing of the first network traffic ([0024] firewall routing).

Claims 8-14 are device version of claims 1 -7, respectively, therefore are rejected under the same rationale.

Claims 15-20 are non-transitory computer-readable medium version of claims 1-7 (with claims 5 combined with 6), therefore are rejected under the same rationale. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
1. Saxena, US 20180205652 A1 – running user space network inside a docker container.
2. Kristiansson, US 20180152534 – agent service container.
3. Kumar, US 20170214550 – container virtual network.
4. Shen, US 20170180249 -  container forwarding elements.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALINA N BOUTAH whose telephone number is (571)272-3908. The examiner can normally be reached M-F 7:00 AM - 3:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Trost can be reached on 571-272-7872. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

ALINA BOUTAH
Primary Examiner
Art Unit 2442



/ALINA A BOUTAH/           Primary Examiner, Art Unit 2442