Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim 3 has been amended.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.



Claim(s) 1 - 4, 6 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Tarasuk-Levin (US 2020/0036675 herein Tarasuk).

Regarding claim 1, Tarasuk teaches a system to advertise network addresses to routers in an availability zone, the system comprising:
 a set of route servers for receiving, from a plurality of routers in the availability zone (e.g. Fig. 1 “Data Center 102, 104”, “Router 124”, Host(s) 105”, “Remote Router 124R”, “Remote Host 105R”, “Controller 132”, “Remote Controller 132R”, [0030] “Router 124 provides VMs 120 and other components in data center 102 with connectivity to network 146 used to communicate with remote data center 104. As used herein , a “ router ” is a device that routes packets between networks … additional routers ( not shown ) may be present within data center 102 , and each device in data center 102— each device being present within its own subnet forwards its packets to the router closest to the device for further transmission of the packet . Such additional router ( s ) may be , for example , physical device ( s ) or may be implemented as virtual appliances within host 105 or within hypervisor 116 of host 105”, [0028] “controller 132 may be distributed such that copies of controller 132 are located throughout data center 102 or computer system 100”(Examiner Note: router servers is equivalent to controller 132),
 advertisements of a plurality of network addresses as being available in the availability zone and for advertising the plurality of available network addresses to other routers in the availability zone ([0038] “If remote data center 104 has its own controller, such as remote controller 132R , then controller 132 may indirectly update routing table of router 124R . Controller 132 may transmit its updated records, reflecting creation of VM 1201 , to remote controller 132R . Remote controller 132R would then update routing table of routers in remote data center 104 , such as remote router 124R , as per the update received from controller 132”, (Examiner Note: updated records, reflecting creation of VM 1201 is equivalent to advertisements));
 and a plurality of host computers each executing a router that (i) identifies network addresses available on the host computer ([0034] “At step 204 , controller 132 assigns VM 120 , to its own subnet or network , such as by assigning a / 32 IP address in an L3 protocol running over IPv4 . As shown in FIG . 1 , controller 132 may assign IP address of 10.0.0.1/32 to VM 120 ,. As part of step 204 , controller 132 updates its own records , such as tables , to reflect the creation of VM 120 , and the location of VM 120 , within data center 102 on host 105”),
 (ii) sends advertisements of the identified network addresses to the set of route servers ([0034] “As part of step 204 , controller 132 updates its own records , such as tables , to reflect the creation of VM 120 , and the location of VM 120 , within data center 102 on host 105 “, [0038] “If remote data center 104 has its own controller, such as remote controller 132R , then controller 132 may indirectly update routing table of router 124R . Controller 132 may transmit its updated records, reflecting creation of VM 1201 , to remote controller 132R . Remote controller 132R would then update routing table of routers in remote data center 104 , such as remote router 124R , as per the update received from controller 132”, [0028] “controller 132 may be distributed such that copies of controller 132 are located throughout data center 102 or computer system 100”, (Examiner Note: updated records, reflecting creation of VM 1201 is equivalent to advertisements, controller 132 reflects to other controllers in data center 102 or remote controller 132)) ),
 and (iii) receives advertisements from the set of route servers regarding network addresses available on other host computers ([0036] “After host 105 receives a packet with a destination IP of 10.0.0.1 , host 105 transmits the packet to destination VM 120 , through a virtual port ( not shown ) of hypervisor 116. Information as to what virtual port within hypervisor 116 is associated with destination VM 120 , is available within hypervisor 116 of destination host 105”).

Regarding claim 2, Tarasuk a set of controller computers that configure the plurality of host computers to each execute a distributed edge service instance to provide a distributed edge service for a virtual private cloud comprising a plurality of data compute nodes (DCNs) executing on the plurality of host computers ([0028] “. As used herein , the term " central controller ” means that controller 132 is a single service or application , but controller 132 may be distributed such that copies of controller 132 are located throughout data center 102 or computer system 100 , and the copies are synchronized through a synchronization mechanism . In an embodiment , to " centrally update ” routing tables means to update routing tables by a software entity ( i.e. , controller 132 ) that is aware of the composition of routing tables of substantially routers within data center 102 or computer system 100. In an embodiment , remote controller 132R is present in remote data center 104 , and remote controller 132R performs the same functions as controller 132 , but for remote data center 104. Controller 132 may be a virtual appliance , a physical device , or a software module running within host 105, [0027] “virtualization manager 130 includes a hybrid cloud management module ( not shown ) configured to manage and integrate virtualized computing resources provided by remote data center 104 with virtualized computing resources of data center 102 to form a unified computing platform . Hybrid cloud manager module”,
 wherein the distributed edge service is provided at a distributed logical router for data messages entering the virtual private cloud from external networks ([0027] “Hybrid cloud manager module is configured to deploy VMs in remote data center 104 , transfer VMs from data center 102 to remote data center 104 , and perform other “ cross - cloud ” administrative tasks . In one implementation , hybrid cloud manager module is a plug - in complement to virtualization manager 130”),
 and wherein the identified set of network addresses advertised by each host computer comprises a network address associated with a distributed edge service instance executing on the host computer ([0034] “At step 204 , controller 132 assigns VM 120 , to its own subnet or network , such as by assigning a / 32 IP address in an L3 protocol running over IPv4 . As shown in FIG . 1 , controller 132 may assign IP address of 10.0.0.1/32 to VM 120 ,. As part of step 204 , controller 132 updates its own records , such as tables , to reflect the creation of VM 120 , and the location of VM 120 , within data center 102 on host 105”).

Regarding claim 3, Tarasuk teaches a system to advertise network addresses to routers in an availability zone, the system comprising:
 a set of route servers for receiving, from a plurality of routers in the availability zone (e.g. Fig. 1 “Data Center 102, 104”, “Router 124”, Host(s) 105”, “Remote Router 124R”, “Remote Host 105R”, “Controller 132”, “Remote Controller 132R”, [0030] “Router 124 provides VMs 120 and other components in data center 102 with connectivity to network 146 used to communicate with remote data center 104. As used herein , a “ router ” is a device that routes packets between networks … additional routers ( not shown ) may be present within data center 102 , and each device in data center 102— each device being present within its own subnet forwards its packets to the router closest to the device for further transmission of the packet . Such additional router ( s ) may be , for example , physical device ( s ) or may be implemented as virtual appliances within host 105 or within hypervisor 116 of host 105”, [0028] “controller 132 may be distributed such that copies of controller 132 are located throughout data center 102 or computer system 100”(Examiner Note: router servers is equivalent to controller 132),
 advertisements of a plurality of network addresses as being available in the availability zone and for advertising the plurality of available network addresses to other routers in the availability zone ([0038] “If remote data center 104 has its own controller, such as remote controller 132R , then controller 132 may indirectly update routing table of router 124R . Controller 132 may transmit its updated records, reflecting creation of VM 1201 , to remote controller 132R . Remote controller 132R would then update routing table of routers in remote data center 104 , such as remote router 124R , as per the update received from controller 132”, (Examiner Note: updated records, reflecting creation of VM 1201 is equivalent to advertisements));
 and a plurality of host computers each executing a router that (i) identifies network addresses available on the host computer ([0034] “At step 204 , controller 132 assigns VM 120 , to its own subnet or network , such as by assigning a / 32 IP address in an L3 protocol running over IPv4 . As shown in FIG . 1 , controller 132 may assign IP address of 10.0.0.1/32 to VM 120 ,. As part of step 204 , controller 132 updates its own records , such as tables , to reflect the creation of VM 120 , and the location of VM 120 , within data center 102 on host 105”),
 (ii) sends advertisements of the identified network addresses to the set of route servers ([0034] “As part of step 204 , controller 132 updates its own records , such as tables , to reflect the creation of VM 120 , and the location of VM 120 , within data center 102 on host 105 “, [0038] “If remote data center 104 has its own controller, such as remote controller 132R , then controller 132 may indirectly update routing table of router 124R . Controller 132 may transmit its updated records, reflecting creation of VM 1201 , to remote controller 132R . Remote controller 132R would then update routing table of routers in remote data center 104 , such as remote router 124R , as per the update received from controller 132”, [0028] “controller 132 may be distributed such that copies of controller 132 are located throughout data center 102 or computer system 100”, (Examiner Note: updated records, reflecting creation of VM 1201 is equivalent to advertisements, controller 132 reflects to other controllers in data center 102 or remote controller 132)),
 and (iii) receives advertisements from the set of route servers regarding network addresses available on other host computers ([0036] “After host 105 receives a packet with a destination IP of 10.0.0.1 , host 105 transmits the packet to destination VM 120 , through a virtual port ( not shown ) of hypervisor 116. Information as to what virtual port within hypervisor 116 is associated with destination VM 120 , is available within hypervisor 116 of destination host 105”),
 wherein the identified set of network addresses advertised by each host computer further comprises a set of network addresses associated with a set of data compute nodes (DCNs) executing on the host computer ([0034] “At step 204 , controller 132 assigns VM 120 , to its own subnet or network , such as by assigning a / 32 IP address in an L3 protocol running over IPv4 . As shown in FIG . 1 , controller 132 may assign IP address of 10.0.0.1/32 to VM 120 ,. As part of step 204 , controller 132 updates its own records , such as tables , to reflect the creation of VM 120 , and the location of VM 120 , within data center 102 on host 105”, [0020] “each host 105 is on its own subnet or network . As shown in FIG . 1 , the three exemplary hosts may have IP addresses of 192.168.0.1/32 , 192.168.0.2/32 , and 192.168.0.3/32 , respectively , with each host 105 being on its own network of one . The network of each host 105 is capable of holding only a single node because the network of each host 105 has an IP address range of one . In another embodiment , each host 105 is not on its own subnet , and the subnet containing host 105 contains other nodes , such as other hosts 105”))
 and is used by the other routers in the availability zone to direct data messages to the set of DCNs ([0036] “After host 105 receives a packet with a destination IP of 10.0.0.1 , host 105 transmits the packet to destination VM 120 , through a virtual port ( not shown ) of hypervisor 116. Information as to what virtual port within hypervisor 116 is associated with destination VM 120 , is available within hypervisor 116 of destination host 105”).

 

Regarding claim 4, Tarasuk teaches the plurality of routers that receive advertisements from the set of route servers (e.g. Fig. 1 “Data Center 102, 104”, “Router 124”, Host(s) 105”, “Remote Router 124R”, “Remote Host 105R”, “Controller 132”, “Remote Controller 132R”, [0030] “Router 124 provides VMs 120 and other components in data center 102 with connectivity to network 146 used to communicate with remote data center 104. As used herein , a “ router ” is a device that routes packets between networks . In an embodiment , router 124 is the only router in data center 102 and each device in data center 102 - each device being present within its own subnet - forwards its packets to router 124 for further transmission . In another embodiment , additional routers ( not shown ) may be present within data center 102 , and each device in data center 102— each device being present within its own subnet forwards its packets to the router closest to the device for further transmission of the packet . Such additional router ( s ) may be , for example , physical device ( s ) or may be implemented as virtual appliances within host 105 or within hypervisor 116 of host 105”) comprises (1) a first set of gateway routers of the availability zone that provide access to external networks ([0031] “Router 124 may manage external public IP addresses for VMs 120 and route traffic incoming to and outgoing from data center 102 and provide networking services , such as firewalls , network address translation ( NAT ) , dynamic host configuration protocol ( DHCP ) , and load balancing”, [0032] “Router 124 and remote router 124R are each on their own subnet or network”))
 and (2) a second set of routers of the availability zone that provide connections between host computers in the availability zone ([0030] “forwards its packets to router 124 for further transmission . In another embodiment , additional routers ( not shown ) may be present within data center 102 , and each device in data center 102— each device being present within its own subnet forwards its packets to the router closest to the device for further transmission of the packet . Such additional router ( s ) may be , for example , physical device ( s ) or may be imple mented as virtual appliances within host 105 or within hypervisor 116 of host 105. One example of a router 124 is the NSX EdgeTM services gateway ( ESG ) product made available from VMware , Inc.”),
 and advertising the plurality of available network addresses to the plurality of routers in the availability zone ([0038] “If remote data center 104 has its own controller , such as remote controller 132R , then controller 132 may indirectly update routing table of router 124R . Controller 132 may transmit its updated records , reflecting creation of VM 1201 , to remote controller 132R . Remote controller 132R would then update routing table of routers in remote data center 104 , such as remote router 124R , as per the update received from controller 132”) comprises
 (1) advertising the network addresses associated with each distributed edge service instance executing on each host computer to the first set of gateway routers for processing data messages received from external networks ([0038] “If remote data center 104 has its own controller , such as remote controller 132R , then controller 132 may indirectly update routing table of router 124R . Controller 132 may transmit its updated records , reflecting creation of VM 1201 , to remote controller 132R . Remote controller 132R would then update routing table of routers in remote data center 104 , such as remote router 124R , as per the update received from controller 132”)
 and (2) advertising the network addresses associated with each set of DCNs executing on each host computer to the second set of routers to facilitate communication between DCNs in the virtual private cloud ([0034] “At step 204 , controller 132 assigns VM 120 , to its own subnet or network , such as by assigning a / 32 IP address in an L3 protocol running over IPv4 . As shown in FIG . 1 , controller 132 may assign IP address of 10.0.0.1/32 to VM 120 ,. As part of step 204 , controller 132 updates its own records , such as tables , to reflect the creation of VM 120 , and the location of VM 120 , within data center 102 on host 105”).

Regarding claim 6,  Tarasuk teaches wherein the identified network address advertised by a particular host computer for the service instance executing on the particular host computer is an internet protocol version 6 (IPv6) network address ([0017] “Each VM 120 is on its own subnet or network . Placing VM 120 on its own subnet may be accomplished by placing each VM 120 on its own network and limiting the address range of the network to one … On an L3 network that uses an L3 protocol ( e.g. , TCP ) running over IP version 6 , a subnet of one node may be created by assigning a “ / 128 ” IP address to that node . In IPv6 , each IP address is 128 bits long , and so a / 128 IP address creates a network with an IP address range of one”)
 that distinguishes the service instance executing on the particular host computer from service instances providing the distributed edge service executing on different host computers ([0017] “Each VM 120 is on its own subnet or network . Placing VM 120 on its own subnet may be accomplished by placing each VM 120 on its own network and limiting the address range of the network to one … On an L3 network that uses an L3 protocol ( e.g. , TCP ) running over IP version 6 , a subnet of one node may be created by assigning a “ / 128 ” IP address to that node . In IPv6 , each IP address is 128 bits long , and so a / 128 IP address creates a network with an IP address range of one”),
 and the IPv6 network address is based on at least one IP version 4 (IPv4) address associated with the distributed edge service ([0032] “remote router 124R may have an IP address of 192.168.1.1 , on a network using an L3 protocol ( e.g. , TCP ) running over IPv4”).



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Tarasuk in view of Suryanarayana et al.(US 20210385155 herein after Suryanarayana).

Regarding claim 5, Tarasuk does not teach wherein the advertisements made by the plurality of routers comprise an advertisement using a border gateway protocol (BGP).
Suryanarayana teaches wherein the advertisements made by the plurality of routers comprise an advertisement using a border gateway protocol (BGP) ([0075] “SDN controller 32 receives the messages and stores the virtual routes to overlay routing information, and may in turn advertise one or more of the overlay routes received from a first VR agent 36 to other VR agents 36 (via XMPP) and to SDN gateways 8 (e.g., via BGP)”.
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Tarasuk to incorporate the teachings of Suryanarayana. One of ordinary skill in the art would have been motivated to make this modification in order to increase the stability of the network.

Claims 7-11, 13, 17-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Tarasuk-Levin in view of Chanda et al.(US 20190238429 herein after Chanda).


Regarding claim 7, Tarasuk teaches  a distributed edge service instance providing the distributed edge service executes in one of a virtual machine, container, or pod executing in a user space of the host computer ([0028] “Controller 132 may be a virtual appliance , a physical device , or a software module running within host 105 . Controller 132 may be a virtual appliance such as one of VMs 120 , or a distributed service running on one or more virtual appliances such as on one or more VMs 120. In another embodiment , a single controller , such as controller 132 , is present among data center 102/104 and assigns IP addresses , tracks locations of devices , and centrally updates routing tables of each router or substantially all routers within both data center 102 and data center 104”).
Tarasuk does not teach wherein the distributed edge service utilizes information in the data message at layer 7 of the open systems interconnection (OSI) model to provide the distributed edge service.
However, Chanda teaches  wherein the distributed edge service utilizes information in the data message at layer 7 of the open systems interconnection (OSI) model to provide the distributed edge service ([0049] “store contextual attributes relating to the newly launched process. In some embodiments, these attributes include the name of the application associated with the launched process, the application version, the identifier (ID) of the user account that launched the process, the group ID associated with the user account (e.g., the LDAP group (e.g., Active Directory group) to which the user account belongs)”).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Tarasuk to incorporate the teachings of Chanda. One of ordinary skill in the art would have been motivated to make this modification in order to optimize data flow.

	Regarding claim 8, Tarasuk teaches wherein the distributed edge service is one of a distributed load balancing service (“Virtualization manager 130 communicates with hosts 105 via a network , shown as a management network 126 , and carries out administrative tasks for data center 102 such as managing hosts 105 , managing local VMs 120 running within each host 105 , provisioning VMs , migrating VMs from one host to another host , and load balancing between hosts 105. Virtualization manager 130 may be a computer program that resides and executes in a central server in data center 102 or , alternatively , virtualization manager 130 may run as a virtual appliance ( e.g. , a VM ) in one of hosts 105”), a distributed intrusion detection system (IDS) service, and a distributed intrusion protection system (IPS) service.

	Regarding claim 9, Tarasuk teaches wherein the identified network address advertised by a particular host computer for the service instance executing on the particular host computer is a first identified network address ([0036] “ if router 124 receives a packet with a destination IP of 10.0.0.1 ( VM 120 , ) , then router 124 should route this packet to IP address 192.168.0.1 , which is the IP address of host 105 containing VM 120”) ,
 and a second, IPv4 network address is identified as being associated with the service instance executing on the particular host computer ([0017] “Each VM 120 is on its own subnet or network . Placing VM 120 on its own subnet may be accomplished by placing each VM 120 on its own network and limiting the address range of the network to one address . For example , on an L3 network that uses an L3 protocol ( e.g. , TCP ) running over IP version 4 , a subnet of one node may be created by assigning a “ / 32 " IP address to that node . In IPv4 , each IP address is 32 bits long , and so a / 32 IP address creates a network with an IP address range of one”, [0036] “ if router 124 receives a packet with a destination IP of 10.0.0.1 ( VM 120 , ) , then router 124 should route this packet to IP address 192.168.0.1 , which is the IP address of host 105 containing VM 120”),
 the second network address being a network address of the virtual machine, container, or pod in which the service instant executes ([0036] “ if router 124 receives a packet with a destination IP of 10.0.0.1 ( VM 120 , ) , then router 124 should route this packet to IP address 192.168.0.1 , which is the IP address of host 105 containing VM 120”).

	Regarding claim 10, Tarasuk teaches wherein the distributed edge service is a first distributed edge load balancing service, the distributed edge service instance is a first distributed edge load balancing service instance ([0025] “Virtualization manager 130 communicates with hosts 105 via a network , shown as a management network 126 , and carries out administrative tasks for data center 102 such as managing hosts 105 , managing local VMs 120 running within each host 105 , provisioning VMs , migrating VMs from one host to another host , and load balancing between hosts 105”),
 the set of controller computers configures a particular host computer ([0028] “Controller 132 or central controller 132 assigns IP addresses to virtual and physical devices running in data center 102”) to execute a second distributed edge load balancing service instance to provide a second distributed edge load balancing service ([0031] “Router 124 may manage external public IP addresses for VMs 120 and route traffic incoming to and outgoing from data center 102 and provide networking services , such as firewalls , network address translation ( NAT ) , dynamic host configuration protocol ( DHCP ) , and load balancing “),
Tarasuk does not explicitly teach the second distributed edge load balancing service utilizes information in the data message at layer 4 of the OSI model to provide the second distributed edge load balancing service, and the second load balancing instance providing the second distributed edge load balancing service executes in a kernel space of the host computer.
 Chanda teaches the second distributed edge load balancing ([0025] “Examples of middlebox services that the service engines perform in some embodiments include firewall operations, load balancing operations”) service utilizes information in the data message at layer 4 of the OSI model to provide the second distributed edge load balancing service ([0033] “GI agents of the service-management system 100 capture these contextual attributes on the host computers in some embodiments. The service operations of the service engines/machines on the data messages can also be based on header values (e.g., L2-L4 header values)”),
 and the second load balancing instance providing the second distributed edge load balancing service executes in a kernel space of the host computer ([0039] “the service engines 137 operate in the kernel space of their associated hypervisors”, (Examiner Note: hypervisor analogous to host computer)).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Tarasuk to incorporate the teachings of Chanda. One of ordinary skill in the art would have been motivated to make this modification in order to optimize data flow.
	
	Regarding claim 11, Tarasuk teaches wherein the distributed edge service is a first distributed edge load balancing service of the availability zone (Fig. 1 “VM 1201-N” “Data Center 102-104”, [0025] “Virtualization manager 130 communicates with hosts 105 via a network , shown as a management network 126 , and carries out administrative tasks for data center 102 such as managing hosts 105 , managing local VMs 120 running within each host 105 , provisioning VMs , migrating VMs from one host to another host , and load balancing between hosts 105. Virtualization manager 130 may be a computer program that resides and executes in a central server in data center 102 or , alternatively , virtualization manager 130 may run as a virtual appliance ( e.g. , a VM ) in one of hosts 105.),
 the distributed edge service instance is a first distributed edge load balancing service instance (Fig. 1 “VM 1201-N” “Data Center 102-104”, [0025] “Virtualization manager 130 communicates with hosts 105 via a network , shown as a management network 126 , and carries out administrative tasks for data center 102 such as managing hosts 105 , managing local VMs 120 running within each host 105 , provisioning VMs , migrating VMs from one host to another host , and load balancing between hosts 105. Virtualization manager 130 may be a computer program that resides and executes in a central server in data center 102 or , alternatively , virtualization manager 130 may run as a virtual appliance ( e.g. , a VM ) in one of hosts 105.),
 the set of controller computers configures a particular host computer to execute a second distributed edge load balancing service instance to provide a second distributed edge load balancing service for the availability zone,
 and the second distributed edge load balancing instance providing the second distributed edge load balancing service executes in one of a virtual machine, container, or pod executing in the user space of the host computer.
	Tarasuk does not teach distributed edge load balancing service of a first tenant, second distributed edge load balancing service for a second tenant, the second distributed edge load balancing service utilizes information in the data message at layer 7 of the OSI model to provide the second distributed edge load balancing service
Chanda teaches distributed edge load balancing service of a first tenant (Fig. 1 “Service Engine 160”, [0031] “The tenant (i.e., the owner of the VM) can choose which applications to operate on top of the guest operating system. A bare metal server is a single tenant physical server in some embodiments … A bare-metal server in other embodiments can have a VM running on it but if so, it only has the VM of one tenant running on it.”, [0054] “he service engines 160 in some embodiments perform middlebox service operations, such firewall operations, load balancing operations”), second distributed edge load balancing service for a second tenant (“Fig. 1 “Service Engine 160”, [0031] “The tenant (i.e., the owner of the VM) can choose which applications to operate on top of the guest operating system. A bare metal server is a single tenant physical server in some embodiments … A bare-metal server in other embodiments can have a VM running on it but if so, it only has the VM of one tenant running on it.”, [0054] “he service engines 160 in some embodiments perform middlebox service operations, such firewall operations, load balancing operations”), the second distributed edge load balancing service utilizes information in the data message at layer 7 of the OSI model to provide the second distributed edge load balancing service ([0049] “store contextual attributes relating to the newly launched process. In some embodiments, these attributes include the name of the application associated with the launched process, the application version, the identifier (ID) of the user account that launched the process, the group ID associated with the user account (e.g., the LDAP group (e.g., Active Directory group) to which the user account belongs)”).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Tarasuk to incorporate the teachings of Chanda. One of ordinary skill in the art would have been motivated to make this modification in order to optimize data flow.

	Regarding claim 13, Tarasuk does not wherein the first and second distributed edge load balancing instances execute in different containers in a same pod.
However, Chanda teaches wherein the first and second distributed edge load balancing instances execute in different containers in a same pod (Fig. 1 “118 container”, “Service Engine 160”, [0031] “The tenant (i.e., the owner of the VM) can choose which applications to operate on top of the guest operating system. A bare metal server is a single tenant physical server in some embodiments … A bare-metal server in other embodiments can have a VM running on it but if so, it only has the VM of one tenant running on it.”, [0054] “the service engines 160 in some embodiments perform middlebox service operations, such firewall operations, load balancing operations”).

	Regarding claim 17, Tarasuk does not teach wherein the distributed edge service utilizes information in the data message at layer 4 of the open systems interconnection (OSI) model to provide the distributed edge service, and a distributed edge service instance providing the distributed edge service executes in a kernel space of the host computer.
	Chanda teaches wherein the distributed edge service utilizes information in the data message at layer 4 of the open systems interconnection (OSI) model to provide the distributed edge service ([0033] “GI agents of the service-management system 100 capture these contextual attributes on the host computers in some embodiments. The service operations of the service engines/machines on the data messages can also be based on header values (e.g., L2-L4 header values)”), and a distributed edge service instance providing the distributed edge service executes in a kernel space of the host computer ([0039] “the service engines 137 operate in the kernel space of their associated hypervisors”, (Examiner Note: hypervisor analogous to host computer)).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Tarasuk to incorporate the teachings of Chanda. One of ordinary skill in the art would have been motivated to make this modification in order to optimize data flow.

	Regarding claim 18, Tarasuk teaches wherein the distributed edge service is one of one of a distributed firewall service, a distributed network address translation service, or a distributed load balancing service (“Virtualization manager 130 communicates with hosts 105 via a network , shown as a management network 126 , and carries out administrative tasks for data center 102 such as managing hosts 105 , managing local VMs 120 running within each host 105 , provisioning VMs , migrating VMs from one host to another host , and load balancing between hosts 105. Virtualization manager 130 may be a computer program that resides and executes in a central server in data center 102 or , alternatively , virtualization manager 130 may run as a virtual appliance ( e.g. , a VM ) in one of hosts 105”).
	
	Regarding claim 19, Tarasuk wherein the distributed edge service is applied at a virtual interface of a data compute node ([0034] “At step 204 , controller 132 assigns VM 120 , to its own subnet or network , such as by assigning a / 32 IP address in an L3 protocol running over IPv4 . As shown in FIG . 1 , controller 132 may assign IP address of 10.0.0.1/32 to VM 120 ,. As part of step 204 , controller 132 updates its own records , such as tables , to reflect the creation of VM 120 , and the location of VM 120 , within data center 102 on host 105”) that receives a data message that entered the virtual private cloud from an external network ([0031] “Router 124 may manage external public IP addresses for VMs 120 and route traffic incoming to and outgoing from data center 102 and provide networking services , such as firewalls , network address translation ( NAT ) , dynamic host configuration protocol ( DHCP ) , and load balancing”, [0032] “Router 124 and remote router 124R are each on their own subnet or network”)).

Claim 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Tarasuk in view of Chanda as applied to claims 7-11, 13, 17-19  above, and further in view of McGrath et al. (US 2020/0296155 herein after McGrath).

Regarding claim 12, Tarasuk teaches wherein the first and second distributed edge load balancing.
Tarasuk and Chanda does not teach instances execute in one of a same virtual machine, container, or pod.
McGrath teaches instances execute in one of a same virtual machine, container, or pod (Fig. 7 “730”, [0094] “This arrangement is adapted for use by multiple tenants in system arrangement 730”).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Tarasuk and Chanda to incorporate the teachings of McGrath. One of ordinary skill in the art would have been motivated to make this modification in order to maximize resource usage.

Claims 14-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Tarasuk in view of Chanda as applied to claim 7-11, 13, 17-19  above, and further in view of Suryanarayana et al.(US 20210385155 herein after Suryanarayana).


Regarding claim 14, Tarasuk and Chanda does not teach wherein the router executing in the particular host computer is a multi-tenant router comprising first and second virtual routing and forwarding tables for the first and second tenants 
Suryanarayana teaches wherein the router executing in the particular host computer is a multi-tenant router comprising first and second virtual routing and forwarding tables for the first and second tenants (Fig 5B “Tenant A”, “Tenant B”, “Tenant C”, [0072] “virtual routers 42 maintain routing information, such as one or more routing and/or forwarding tables”).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Tarasuk and Chanda to incorporate the teachings of Suryanarayana. One of ordinary skill in the art would have been motivated to make this modification in order to reduce cost.
	Regarding claim 15, Tarasuk and Chanda does not teach wherein the multi-tenant router is a multi-protocol border gateway protocol (MP-BGP) instance that uses a first set of route distinguisher and route target values for the first tenant and a second set of route distinguisher and route target values for the second tenant to differentiate routes for each tenant that are advertised by the plurality of host computers.
	Suryanarayana teaches wherein the multi-tenant router (Fig 5B “Tenant A”, “Tenant B”, “Tenant C”, [0072] “virtual routers 42 maintain routing information, such as one or more routing and/or forwarding tables”) is a multi-protocol border gateway protocol (MP-BGP) instance ([0169] “In this example, MP-BGP sessions run between the SDN gateway/spine switch and each control node VM of the SDN controller. The MP-BGP sessions may be used to communicate underlay network routes propagated through the IP fabric, as described herein”) that uses a first set of route distinguisher  and route target values for the first tenant ([0075] “A virtual route may include a Route Distinguisher (RD), [0164] “Spine switch for L3 address family (VPNv6/VPNv4/Route Target”, Fig. 19 “MP-BGP”) and a second set of route distinguisher and route target values for the second tenant to differentiate routes for each tenant ([0075] “A virtual route may include a Route Distinguisher (RD), [0164] “Spine switch for L3 address family (VPNv6/VPNv4/Route Target”, Fig. 19 “MP-BGP”) that are advertised by the plurality of host computers ([0075] “A virtual route may include a Route Distinguisher (RD), [0164] “Spine switch for L3 address family (VPNv6/VPNv4/Route Target”, Fig. 19 “MP-BGP”, “server 1-3”).
	It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Tarasuk and Chanda to incorporate the teachings of Suryanarayana. One of ordinary skill in the art would have been motivated to make this modification in order to reduce cost.

Claim 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Tarasuk in view of Chanda in view of Suryanarayana as applied to claim 14-15 above, and further in view of Potter et al. (The integration of Ethernet Virtual Private Network in Kubernetes).


	Regarding claim 16, Tarasuk and Chanda does not teach wherein the multi-tenant router  executes a free range routing daemon to send and receive multi-protocol border gateway protocol (MP-BGP) advertisements.
	Suryanarayana teaches wherein the multi-tenant router (Fig 5B “Tenant A”, “Tenant B”, “Tenant C”, [0072] “virtual routers 42 maintain routing information, such as one or more routing and/or forwarding tables”) executes routing daemon ([0165] “The introduction of routing daemon integration generates more complexity at link subnet provisioning”) to send and receive multi-protocol border gateway protocol (MP-BGP) advertisements ([0169] “MP-BGP sessions run between the SDN gateway/spine switch and each control node VM of the SDN controller. The MP-BGP sessions may be used to communicate underlay network routes propagated through the IP fabric”, [0061] “advertisement of one or more of the routes for the at least one virtual network of the overlay network”).
	It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Tarasuk and Chanda to incorporate the teachings of Suryanarayana. One of ordinary skill in the art would have been motivated to make this modification in order to reduce cost.
	Suryanarayana does not teach executes a free range routing daemon.
	Potter teaches executes a free range routing daemon (page 2 [005] “EVPN has been adopted by Free Range Routing (FRR) in version 4.0, page 15 [001] “FRR advertises the IP prefix through an EVPN RT-5 to the same EVPN VRF instance on different nodes”).
	It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Tarasuk, Chanda, Suryanarayana to incorporate the teachings of Potter. One of ordinary skill in the art would have been motivated to make this modification in order to reduce cost.

Response to Arguments
Applicant's arguments filed 07/28/2022 have been fully considered but they are not persuasive.
Applicant’s Argument 1
Tarasuk-Levin does not disclose (1) multiple routers in an availability zone sending advertisements of multiple network addresses as being available in the availability zone to a set of routing servers and (2) the set of routing servers advertising the multiple available network addresses to other routers in the availability zone.

Examiner’s Response 1
	Examiner respectfully disagrees with applicant. Tarasuk teaches advertisements of a plurality of network addresses as being available in the availability zone and for advertising the plurality of available network addresses to other routers in the availability zone ([0038] “If remote data center 104 has its own controller, such as remote controller 132R , then controller 132 may indirectly update routing table of router 124R . Controller 132 may transmit its updated records, reflecting creation of VM 1201 , to remote controller 132R . Remote controller 132R would then update routing table of routers in remote data center 104 , such as remote router 124R , as per the update received from controller 132”, (Examiner Note: updated records, reflecting creation of VM 1201 is equivalent to advertisements));
 and a plurality of host computers each executing a router that (i) identifies network addresses available on the host computer ([0034] “At step 204 , controller 132 assigns VM 120 , to its own subnet or network , such as by assigning a / 32 IP address in an L3 protocol running over IPv4 . As shown in FIG . 1 , controller 132 may assign IP address of 10.0.0.1/32 to VM 120 ,. As part of step 204 , controller 132 updates its own records , such as tables , to reflect the creation of VM 120 , and the location of VM 120 , within data center 102 on host 105”),
 (ii) sends advertisements of the identified network addresses to the set of route servers ([0034] “As part of step 204 , controller 132 updates its own records , such as tables , to reflect the creation of VM 120 , and the location of VM 120 , within data center 102 on host 105 “, [0038] “If remote data center 104 has its own controller, such as remote controller 132R , then controller 132 may indirectly update routing table of router 124R . Controller 132 may transmit its updated records, reflecting creation of VM 1201 , to remote controller 132R . Remote controller 132R would then update routing table of routers in remote data center 104 , such as remote router 124R , as per the update received from controller 132”, [0028] “controller 132 may be distributed such that copies of controller 132 are located throughout data center 102 or computer system 100”, (Examiner Note: updated records, reflecting creation of VM 1201 is equivalent to advertisements, controller 132 reflects to other controllers in data center 102 or remote controller 132)) ),
 and (iii) receives advertisements from the set of route servers regarding network addresses available on other host computers ([0036] “After host 105 receives a packet with a destination IP of 10.0.0.1 , host 105 transmits the packet to destination VM 120 , through a virtual port ( not shown ) of hypervisor 116. Information as to what virtual port within hypervisor 116 is associated with destination VM 120 , is available within hypervisor 116 of destination host 105”).
	More specifically, according [0016] VM 120 is represents multiple VM. The updated records, reflecting creation of VM 1201 is equivalent to advertisements. According to [0034] the network identifies network address on the host computer in step 204. Reflecting creation of VM 1201 is equivalent to advertisements, controller 132 reflects to other controllers in data center 102 or remote controller 132.

Applicant’s Argument 2
Tarasuk-Levin does not render claim 3 unpatentable for the reasons described above for claim 1. In addition, Tarasuk-Levin does not disclose that the network addresses (advertised by the route servers) are associated with a set of data compute nodes (DCNs) executing on the set of host computers along with the routers, and are used by routers that received advertisements to direct data messages to the set of DCNs.

Examiner’s Response 2
	Examiner respectfully disagrees. Tarasuk teaches wherein the identified set of network addresses advertised by each host computer further comprises a set of network addresses associated with a set of data compute nodes (DCNs) executing on the host computer ([0034] “At step 204 , controller 132 assigns VM 120 , to its own subnet or network , such as by assigning a / 32 IP address in an L3 protocol running over IPv4 . As shown in FIG . 1 , controller 132 may assign IP address of 10.0.0.1/32 to VM 120 ,. As part of step 204 , controller 132 updates its own records , such as tables , to reflect the creation of VM 120 , and the location of VM 120 , within data center 102 on host 105”, [0020] “each host 105 is on its own subnet or network . As shown in FIG . 1 , the three exemplary hosts may have IP addresses of 192.168.0.1/32 , 192.168.0.2/32 , and 192.168.0.3/32 , respectively , with each host 105 being on its own network of one . The network of each host 105 is capable of holding only a single node because the network of each host 105 has an IP address range of one . In another embodiment , each host 105 is not on its own subnet , and the subnet containing host 105 contains other nodes , such as other hosts 105”))
 and is used by the other routers in the availability zone to direct data messages to the set of DCNs ([0036] “After host 105 receives a packet with a destination IP of 10.0.0.1 , host 105 transmits the packet to destination VM 120 , through a virtual port ( not shown ) of hypervisor 116. Information as to what virtual port within hypervisor 116 is associated with destination VM 120 , is available within hypervisor 116 of destination host 105”).

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEITH TRAN-DANH FOLLANSBEE whose telephone number is (571)272-3071. The examiner can normally be reached 10am -6 pm M-Th.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Derrick Ferris can be reached on 571-272-3123. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/K.T.F./Examiner, Art Unit 2411   

/DERRICK W FERRIS/Supervisory Patent Examiner, Art Unit 2411