DETAILED ACTION

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 5/25/2022 has been entered.

Response to Arguments 
Applicant’s arguments, see Applicant’s response, filed 12/28/2021, with respect to the rejection(s) of claim(s) under 35 U.S.C. 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made using Carrie (US 7693158 B1) in view of McDonald (US 20180343210 A1), further in view of Yin (US 20120072567 A1), and further in view of Clemm (US 20200396320 A1).



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1-5, 7-11, and 13-20 are rejected under 35 U.S.C. 103 as being unpatentable over Carrie (US 7693158 B1) in view of McDonald (US 20180343210 A1), further in view of Yin (US 20120072567 A1), and further in view of Clemm (US 20200396320 A1).
Regarding Claim 1, 7, 15

Carrie teaches:

A system for implementing a plurality of policies in a software defined network (SDN) of a virtual computing environment, the system configured to disaggregate enforcement of the plurality of policies of the SDN from hosts of the virtual computing environment (col 2 lines 60-67 frame that arrives at a port of a layer 2 switch is classified (disaggregate enforcement of the plurality of policies of the SDN) according to its VLAN identifier and the port identifier,  fig.2 col 4 lines 50-67 Classification engine 200 performs packet classification functions, such as determining the output port to which a packet should be forwarded, determining the quality of service (enforcement of the plurality of policies of the SDN from hosts of the virtual computing environment) that should be given to a packet, determining output ports to which a packet should be flooded), the system comprising: one or more processors (fig.2 col 4 lines 50-67 processor 204); a plurality of floating network interfaces configured to provide a virtual port connection from the system to an endpoint of a virtual network instantiated on a host computer remote from the system (col 2 lines 60-67 fig. 1 col 4 lines 20-50  switch 100 includes a plurality of ports numbered 1-n (providing virtual port connection from system to an endpoint of a virtual network instantiated on a host computer remote from the system), the port identifier (virtual port connection) may be used in combination with a VLAN identifier to allow customers to flexibly assign VLAN identifiers (identifiers for plurality of floating network interfaces)): and 

a memory in communication with the one or more processors, the memory having computer-readable instructions stored thereupon that, when executed by the one or more processors, cause the system to perform operations comprising (fig.2 col 4 lines 50-67 processor 204): 

attaching the floating network interface to the endpoint of the virtual network (col 2 lines 60-67 fig. 1 col 4 lines 20-50  switch 100 includes a plurality of ports numbered 1-n (providing virtual port connection from system to an endpoint of a virtual network instantiated on a host computer remote from the system), the port identifier (virtual port connection) may be used in combination with a VLAN identifier to allow customers to flexibly assign VLAN identifiers (identifiers for plurality of floating network interfaces)), 

wherein the floating network interface is attachable and detachable and enable concurrent connections to a plurality of different virtual networks or subnets having different ones of the plurality of policies (col 2 lines 60-67 fig. 1 col 4 lines 20-50  switch 100 includes a plurality of ports numbered 1-n (providing virtual port connection, the plurality of ports allowing the ability to attach and detach VLANs, and also the plurality of ports enabling concurrent connections to a plurality of different VLANs or subnets) may be used in combination with a VLAN identifier to allow customers to flexibly assign VLAN identifiers (identifiers for plurality of floating network interfaces)); 

Carrie does not teach:

receiving, via the floating network interface from a device that is remote from system, a data packet addressed to the endpoint in the virtual network, the data packet comprising a combination of programmatically defined identifiers that uniquely identify data flows and associated policies of the plurality of policies; based on the identifier; based on the combination of programmatically defined identifiers determining that the data packet is associated with the virtual network; based on determining that the data packet is associated with the virtual network, matching one of the plurality of policies to a data flow of the virtual network; and modifying the packet in accordance with the matched policy of the plurality of policies.

McDonald teaches:

receiving, via the floating network interface from a device that is remote from system, a data packet addressed to the endpoint in the virtual network, the data packet comprising a combination of programmatically defined identifiers that uniquely identify data flows and associated policies of the plurality of policies (¶17-18 fig.1 step 101 a packet is received at a particular input port (receiving packet via an interface of the floating network) of a network device of the network ¶29 the packet 201 may be received at the network device 200 through one of its input ports 208 and may be decoded by the routing engine 205 to extract the identifier 203 of the destination network device (packet address to an endpoint device in the network)),  

based on the identifier; based on the combination of programmatically defined identifiers determining that the data packet is associated with the virtual network (¶29 The identifier 203 of the destination network device indexes the routing table 211 to determine the specific output port 209 to be used and the VC action 214 to perform for that packet 201, defines the valid VC of the network (determining associated virtual network) that may be used by the packet 201 to reach the destination network device using the output port and performing the VC action obtained from the routing table, ¶7 "VC action" may refer to an action that states how a packet is to transition from one VC to another VC given a specific network hop between two network devices, ¶9 VC actions (mapped policy) to be performed by the packets flowing through the network)); and 

Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Carrie in light of McDonald in order to provide Virtual Channels (VCs) in a computing network that may create multiple logical data paths across a single physical link or connection in the computing network such that a physical channel may support several virtual channels multiplexed across the physical channel (McDonald ¶1).

Carrie -McDonald does not teach:

based on determining that the data packet is associated with the virtual network, matching one of the plurality of policies to a data flow of the virtual network; and modifying the packet in accordance with the matched policy of the plurality of policies.

Yin teaches:

based on determining that the data packet is associated with the virtual network, matching one of the plurality of policies to a data flow of the virtual network (¶106 ¶68 receives packets (for example, ARP packets or DHCP packets) from the server, and learns the MAC address of the virtual port of the new VM ¶13 ¶121 receiving unit 122 is configured to receive the MAC address of the virtual port and a mapping between the MAC address and the virtual network policy group, where the MAC address and the mapping are synchronized from the server management center, and obtain the virtual network policy group and the MAC address of the virtual port; and 
Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Carrie -McDonald in light of Yin in order for establishing a mapping locally by using the MAC address of the virtual port of the new VM as the index, and associating the MAC address of the virtual port of the VM and the network policy group of the virtual port of the VM to form a virtual port policy association table (Yin ¶106).

Carrie -McDonald-Yin does not teach:

modifying the packet in accordance with the matched policy of the plurality of policies.
Clemm teaches:

modifying the packet in accordance with the matched policy of the plurality of policies (¶46 group of interconnected network components controlled by a common set of networking policies, edge nodes 108 are network devices that encapsulate packets or modify packet headers to facilitate processing of the packets as they are transferred through the network, the packet headers may be modified to include commands that facilitate guiding the packet through the network);  

Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Carrie -McDonald-Yin in light of Clemm in order to measure and validate service levels of production flows, which may use context about prior packets and custom flow statistics observed on devices in the network (Clemm ¶3).

Regarding Claim 2, 8

Carrie -McDonald-Yin-Clemm teaches:

The system of claim 1.

Clemm teaches:

The system of claim 1, wherein the plurality of policies is dynamically adjustable further based on a networking environment (¶46 the edge nodes 108 may implement security policies (plurality of policies) for the network domain 104, change network addresses of the data packet 102 according to network domain 104 addressing schemes, manage the data flow 112 through the network domain 104 based on the state of the network as maintained in the statelet storages 107 of the network nodes, monitor network performance (in order to dynamically adjustable based on network performance).
Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Carrie -McDonald-Yin in light of Clemm in order to measure and validate service levels of production flows, which may use context about prior packets and custom flow statistics observed on devices in the network (Clemm ¶3).



Regarding Claim 3, 10, 19

Carrie -McDonald-Yin-Clemm teaches:

The system of claim 1.

Clemm teaches:

The system of claim 1, wherein the combination of programmatically defined identifiers comprises one or more of a Virtual Local Area Network (VLAN), Media Access Control (MAC), or Internet Protocol (IP) address. (¶42 7-tuple comprises: 1) source IP address, 2) source port ID, 3) destination IP address (identifier is IP address of the destination device/endpoint)) application IP protocol. Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Carrie -McDonald-Yin in light of Clemm in order to measure and validate service levels of production flows, which may use context about prior packets and custom flow statistics observed on devices in the network (Clemm ¶3).

Regarding Claim 4, 11, 20

Carrie -McDonald-Yin-Clemm teaches:

The system of claim 1.

McDonald teaches:

The system of claim 1, wherein portions of the matched policy are applied to the data flow at a plurality of points in the virtual network (¶7 "VC action" (policy) may refer to an action that states how a packet is to transition from one VC to another VC given a specific network hop between two network devices (plurality of points in the network)). Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Carrie in light of McDonald in order to provide Virtual Channels (VCs) in a computing network that may create multiple logical data paths across a single physical link or connection in the computing network such that a physical channel may support several virtual channels multiplexed across the physical channel (McDonald ¶1).



Regarding Claim 5, 9

Carrie -McDonald-Yin-Clemm teaches:

The system of claim 2.

Clemm teaches:

The system of claim 2, wherein the matched is dynamically adjustable further based on one or more criteria (¶46 the edge nodes 108 may implement security policies for the network domain 104 (criteria), change network addresses of the data packet 102 according to network domain 104 addressing schemes, manage the data flow 112 through the network domain 104 based on the state of the network as maintained in the statelet storages 107 of the network nodes, monitor network performance (in order to dynamically adjustable based on network performance).
Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Carrie -McDonald-Yin in light of Clemm in order to measure and validate service levels of production flows, which may use context about prior packets and custom flow statistics observed on devices in the network (Clemm ¶3).

Regarding Claim 13, 16

Carrie -McDonald-Yin-Clemm teaches:

The system of claim 7.

McDonald teaches:

The method of claim 7, wherein the matched policy is applied at selectively placed network hops in the virtual network (¶7 "VC action" (policy) may refer to an action that states how a packet is to transition from one VC to another VC given a specific network hop between two network devices (plurality of points in the network)). Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Carrie in light of McDonald in order to provide Virtual Channels (VCs) in a computing network that may create multiple logical data paths across a single physical link or connection in the computing network such that a physical channel may support several virtual channels multiplexed across the physical channel (McDonald ¶1).
Regarding Claim 14, 17

Carrie -McDonald-Yin-Clemm teaches:

The system of claim 7.

McDonald teaches:
The method of claim 7, wherein the SDN appliance is configured to apply the plurality of policies of the virtual computing system to data traffic on the virtual network after the data traffic leaves the source and before the data traffic reaches its destination (¶7 "VC action" (policy) may refer to an action that states how a packet is to transition from one VC to another VC given a specific network hop between two network devices (plurality of points in the network)). Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Carrie in light of McDonald in order to provide Virtual Channels (VCs) in a computing network that may create multiple logical data paths across a single physical link or connection in the computing network such that a physical channel may support several virtual channels multiplexed across the physical channel (McDonald ¶1).

Regarding Claim 18
Carrie -McDonald-Yin-Clemm teaches:

The system of claim 15.

Clemm teaches:

The device of claim 15, wherein: the plurality of policies is dynamically adjustable further based on a networking environment (¶46 the edge nodes 108 may implement security policies for the network domain 104, change network addresses of the data packet 102 according to network domain 104 addressing schemes, manage the data flow 112 through the network domain 104 based on the state of the network as maintained in the statelet storages 107 of the network nodes, monitor network performance (in order to dynamically adjustable based on network performance); and the plurality of policies is dynamically adjustable further based on one or more criteria (¶46 the edge nodes 108 may implement security policies for the network domain 104 (criteria), change network addresses of the data packet 102 according to network domain 104 addressing schemes, manage the data flow 112 through the network domain 104 based on the state of the network as maintained in the statelet storages 107 of the network nodes, monitor network performance (in order to dynamically adjustable based on network performance).
Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Carrie -McDonald-Yin in light of Clemm in order to measure and validate service levels of production flows, which may use context about prior packets and custom flow statistics observed on devices in the network (Clemm ¶3).

Claims 6 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Carrie -McDonald-Yin-Clemm as applied to claim 5 above, and further in view of Riddle (US 20110182180 A1).

Regarding Claim 6, 12

Carrie -McDonald-Yin-Clemm teaches:

The system of claim 5.

Carrie -McDonald-Yin-Clemm does not teach:

The system of claim 5, wherein the criteria include age of the data flow, rate of the data flow, total bytes transferred on the data flow, or total number of data flows in use at a correspondent host.

Riddle teaches:

The system of claim 5, wherein the criteria include age of the data flow, rate of the data flow, total bytes transferred on the data flow, or total number of data flows in use at a correspondent host (¶79 per-flow rate policies applied to a 
given partition can also affect the bandwidth allocated to the flows, flow 
control module 94 applies a process directed to the per-flow rate enforcement, the per-flow target rate is enforced by mapping the 
target rate to an advertised TCP window size).

Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Carrie -McDonald-Yin-Clemm in light of Riddle in order for enhancing the predictability of partition hierarchies that use weighting values and fixed rate guarantees (Riddle ¶36).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to OLUWATOSIN M GIDADO whose telephone number is (571)272-4227.  The examiner can normally be reached on Monday -Friday 8:00 - 4:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar Louie can be reached on (571) 270-1684.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/OLUWATOSIN M GIDADO/Examiner, Art Unit 2445                                                                                                                                                                                                        
/OSCAR A LOUIE/Supervisory Patent Examiner, Art Unit 2445