DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant's arguments filed 6/21/22 have been fully considered but they are not persuasive.
For claim 1, Applicant argues:
1) “Hooda is silent with respect to making a copy of the packet (in response to determining that the at least one service is to be applied to the packet), let alone forwarding the copy of the packet (not the original) toward the destination in response to determining that the packet is to be forwarded toward the packet destination. As such, Applicant respectfully submits that Hooda fails to describe or suggest at least the features of "in response to determining that the packet is to be forwarded toward the packet destination, deleting or overwriting the packet and forwarding, by the service inserter, the copy of the packet toward the packet destination; and in response to determining that the packet is to be dropped, deleting, by the service inserter, the copy of the packet and deleting or overwriting the packet", as recited in independent Claim 1”;
2) “Applicant submits that the Office provide a reference that describes or suggest the recitations of Claim 1 or provide a proper rejection based on Official Notice”;
In response, Examiner respectfully disagrees:
1) It was well known in the art that a copy of a transmitted packet is deleted/overwritten. Examiner took an official notice on this statement and provided a reference (US Patent No. 8320313, which teaches that each incoming packet are deleted/overwritten, regardless if the packet is transmitted or dropped). the official notice is considered as the admitted prior art  because Applicant did not comment on the official statement in response. It would have been obvious to OOSA that each incoming packet is deleted/overwritten whether the packet is transmitted or dropped. 
2) Examiner already provided a reference (US Patent No. 8320313) to support the official notice in the previous non-final office action (dated on 1/21/22), to which Applicant did not make any comments. Therefore, the official notice is considered as the admitted prior art. 
For independent Claims 8 and 15, Applicant makes same arguments as to claim 1, to which Examiner’s response is the same as to claim 1.
For dependent Claims, Applicant makes same arguments as to the corresponding independent claims , to which Examiner’s response is the same as to the independent claims.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Hooda (US 20180159957 A1 ) in view of Behera (US 20160191361 A1).
	For claim 1, Hooda discloses a computer-implemented method for enabling multitenancy for service virtual machines to provide one or more services for a plurality of tenants (“Multitenancy is an important feature for IP fabric”, [0042] and “For multitenancy embodiments, the forwarding table can identify a tenant and corresponding routing information”, [0034] in view of FIG. 1, secure fabric), the method comprising:
	detecting a packet by a service insertion module (“FIG. 2 is a schematic diagram of a network service header of a packet”, [0006]) by a service inserter (“Dynamic Fabric Automation (“DFA”), also referred to as “Vinci,” is one exemplary architecture for facilitating data center networking. The physical topology of DFA is based on a two-tier fat tree, also known as a Clos network, in which a plurality of leaf nodes (which may be implemented as Top of Rack (“ToR”) switches or routers) connects to each of a plurality of spine nodes (implemented as switches or routers) and vice versa. To support data forwarding, IP fabric is used in one embodiment of DFA. While embodiments of the present disclosure are described with reference to DFA, as illustrated with the IP fabrics shown in FIGS. 1A and 1B, these embodiments are applicable to a broader scope of any VXLAN-based IP fabric, beyond DFA”, [0041]); 
	based on metadata received along with the packet, determining a tenant identifier of a tenant that sent the packet (“FIG. 2 is a schematic diagram of a header 202 of a packet 200”, [0031] and “Context information can include group information, client identification information, session information, such as service set identifier (SSID), or other context information for the client1 130”, [0024]), by the service insertion module (the insertion module included in a spine node (“[0046] The service classification function 508 can process a packet of a traffic flow and determine whether the packet requires servicing and correspondingly which service path to follow to apply the appropriate service. The determination can be performed based on business policies and/or rules stored in memory 506. Once the determination of the service path is made, service header encapsulator 510 generates an appropriate NSH having identification information for the service path and adds the NSH to the packet. The service header encapsulator 510 provides an outer encapsulation to forward the packet to the start of the service path. Other SFC-aware network elements are thus able to process the NSH while other non-SFC-aware network elements would simply forward the encapsulated packets as is. Besides inserting an NSH, network element 502 can also remove the NSH if the service classification function 508 determines the packet does not require servicing”); 
	determining, by the service insertion module, a plurality of attributes of the packet (“FIG. 2 is a schematic diagram of a header 202 of a packet 200 … the AP1 104 can augment the packet header 202 with a group_ID and with virtual network identifier information. Other context information can also be added to the packet header 202, such as SSID, client identifier, destination router IP address, and the IP address of the client device. The data packet 200 can also include an inner packet 204 that can include packet payload, source IP information, as well as other packet information”, [0031]) in a software layer that supports an execution of the service virtual machine ([0028] “In VXLAN, each overlay is referred to as a VXLAN segment. VMs within the same VXLAN segment are within the same L2 domain”); 
	based on the tenant identifier and the plurality of attributes of the packet, retrieving an action for the packet from a rule table (“The forwarding table 152 can include context information that includes an identifier of a tenant. In the example shown in FIG. 1B, three tenants are shown in the forwarding table: Company1, Company2, and Company3. Each context entry (i.e., company identifier) corresponds to a destination network location”, [0032]);
making a copy of the packet by the service inserter; storing the copy of the packet (“[0046] The service classification function 508 can process a packet of a traffic flow and determine whether the packet requires servicing and correspondingly which service path to follow to apply the appropriate service. The determination can be performed based on business policies and/or rules stored in memory 506. Once the determination of the service path is made, service header encapsulator 510 generates an appropriate NSH having identification information for the service path and adds the NSH to the packet. The service header encapsulator 510 provides an outer encapsulation to forward the packet to the start of the service path. Other SFC-aware network elements are thus able to process the NSH while other non-SFC-aware network elements would simply forward the encapsulated packets as is. Besides inserting an NSH, network element 502 can also remove the NSH if the service classification function 508 determines the packet does not require servicing” in view of FIG. 5; note FIG. 5 shows that the encapsulated packets to be forwarded is considered as a copy of the packet and is stored in memory before transmission);
	based on the action, determining whether at least one service is to be applied to the packet (“The forwarding table 106 can identify a context for client1 130 and for each context, can identify a next-hop destination, and a virtual network identifier”, [0025]); 
	in response to determining that at least one service is to be applied to the packet (“FIG. 2 is a schematic diagram of a network service header of a packet”, [0006]);
	generating an encapsulated packet by encapsulating the packet with the tenant identifier (“The virtual network identifier information can inform the AP1 104 how to encapsulate the packet from client1 130 for transmission through the fabric overlay 102”, [0025] in view of FIG. 2); 
	redirecting the encapsulated packet to a service machine that is configured to provide the at least one service to the packet (“FIG. 2 is a schematic diagram of a network service header of a packet”, [0006]);
	upon receiving, by the service insertion module, a result from the service machine, determining, based on the result, whether to forward the packet toward a packet destination (“Based on the information in the base header, a service function of a service node can derive policy selection from the NSH”, [0048]); and
	in response to determining that the packet is to be forwarded toward the packet destination (““The forwarding table 152 can include context information that includes an identifier of a tenant. In the example shown in FIG. 1B, three tenants are shown in the forwarding table: Company1, Company2, and Company3. Each context entry (i.e., company identifier) corresponds to a destination network location”, [0032]), deleting or overwriting the packet and forwarding the packet toward the packet destination (It was well known in that dropping suggests deleting, Examiner takes an official notice on this statement.  For example, Singh et al. (US8320313 discloses it in c6/l 44-49 “RAN scheduler 305 may instead drop (delete) these incoming packets”. Note that each incoming packet are deleted/overwritten, regardless if the packet is transmitted or dropped. The official statement is considered the admitted prior art since Applicant did not comment on it in the response); and
in response to determining that the packet is to be dropped, deleting, by the service inserter, the copy of the packet and deleting or overwriting the packet (It was well known in that dropping suggests deleting, Examiner takes an official notice on this statement.  For example, Singh et al. (US8320313 discloses it in c6/l 44-49 “RAN scheduler 305 may instead drop (delete) these incoming packets”. Note that each incoming packet are deleted/overwritten, regardless if the packet is transmitted or dropped. The official statement is considered the admitted prior art since Applicant did not comment on it in the response).
	Hooda is silent on the service insertion module is implemented in a hypervisor. Behera, in the same field of endeavor of network virtualization, discloses hypervisor (“The host 101 includes virtualization software (sometimes referred to as a hypervisor)”, [0027]). Therefore, “the virtual network infrastructure” in Hooda ([0027]) such as VXLAN segment that includes VMs) can be considered as a hypervisor. 
	Therefore, it would be obvious to an ordinary skilled in the art at the time when the application was filed to combine Hooda and Behera for the benefit of implementing virtual networks ([0003] of Behera).
	Independent claims 8 and 15 are rejected because they are the corresponding non-transitory computer-readable storage media and hypervisor claims that perform the method of claim 1, and each has the same subject matter of claim 1.
	As to claims 2, 9 and 16, Hooda in view of Behera discloses claims 1, 8 and 15, Behera further discloses the tenant identifier uniquely identifies a tenant in a plurality of tenants (“The LFEID is also referred to as a tenant identifier, a network identifier, a virtual extensible local area network (VXLAN) identifier, or a tunnel key”, [0027]); and wherein the tenant identifier is determined based on a port identifier of a port on which the packet was received (“each flow associated with the machine 630 has been tagged with a logical port identifier”, [0073]).
	As to claims 3, 10 and 17, Hooda in view of Behera discloses claims 1, 8 and 15, Behera further discloses the tenant identifier is determined based on a property table maintained by a virtual network interface card (“VNIC”) that received the packet (“wherein a logical interface comprises one of a virtual network interface card (VNIC) connecting a data compute node (DCN) to physical or logical forwarding element”, claim 9); and wherein the metadata that includes the tenant identifier is added to the packet once the packet is detected in the hypervisor (“the logical view 295 shows the LFE 275. In some embodiments, the LFE is defined to create a virtual network for several network hosts that are related to one another. The network hosts may be related because they belong to (or used by) the same user, department, tenant, or enterprise. The LFE is defined at least partially by several flows that allow the related network hosts to communicate with one another. In some embodiments, the LFE is also defined by a logical forwarding element identifier (LFEID) that is added to headers of packets belong to one entity, such as a user, department, tenant, or enterprise. The LFEID is also referred to as a tenant identifier, a network identifier, a virtual extensible local area network (VXLAN) identifier, or a tunnel key, in some embodiments. The virtual LAN (VLAN) tag is used as the LFEID in some embodiments”, [0050]).
	As to claims 4, 11 and 18, Hooda in view of Behera discloses claims 1, 8 and 15, Behera further discloses the plurality of attributes of the packet comprises a source address, a destination address, and a protocol identifier; wherein the action for the packet is retrieved from a rule table maintained by the service insertion module; and wherein the action for the packet indicates any of: forward the packet to the service machine, route/allow the packet, or drop the packet  (“To process packets, the PFE (215 or 220) of some embodiments maintains a number of flows in a flow table, memory (e.g., content-addressable memory (CAM) or ternary CAM (TCAM)), or a datapath cache (245 or 250). Each flow is essentially a rule that specifies how the PFE should process each packet with certain header field values. The flow includes a set of match fields and at least one action to perform on each packet that has a set of header values that match the set of match field values. Typically, the action specifies dropping the packet or outputting the packet to one or more of the PFE's output ports. For instance, when the PFE 215 receives a packet, it performs a packet classification operation (e.g., a hash-based lookup operation) to find a matching flow from the datapath cache 245, and outputs the packet to a particular port (e.g., port 1 or port 2) according to the matching flow's action”, [0040]).
	As to claims 5, 12 and 19, Hooda in view of Behera discloses claims 1, 8 and 15, Hooda further discloses redirecting the encapsulated packet to a service machine that is configured to provide the at least one service to the packet causes the service machine to perform: parsing the encapsulated packet to extract, from the encapsulated packet, the tenant identifier, the source address, the destination address, and the protocol identifier (“”, [0027]); 	determining the result for the packet based on the tenant identifier, the source address, the destination address, the protocol identifier, and based on service profiles maintained by the service machine (“”, [0027]); and providing the result to the service insertion module (“To process packets, the PFE (215 or 220) of some embodiments maintains a number of flows in a flow table, memory (e.g., content-addressable memory (CAM) or ternary CAM (TCAM)), or a datapath cache (245 or 250). Each flow is essentially a rule that specifies how the PFE should process each packet with certain header field values. The flow includes a set of match fields and at least one action to perform on each packet that has a set of header values that match the set of match field values. Typically, the action specifies dropping the packet or outputting the packet to one or more of the PFE's output ports. For instance, when the PFE 215 receives a packet, it performs a packet classification operation (e.g., a hash-based lookup operation) to find a matching flow from the datapath cache 245, and outputs the packet to a particular port (e.g., port 1 or port 2) according to the matching flow's action”, [0040]). 
	As to claims 6, 13 and 20, Hooda in view of Behera discloses claims 1, 8 and 15, Behera further discloses a software defined networking (“SDN”) manager provides data for generating a property table that includes the tenant identifier for packets detected by the VNIC, and that is maintained by the VNIC; wherein the SDN manager provides data for generating the rule table that includes actions to be performed on packets, that is indexed using a plurality of tenant identifiers and attributes of packets, and that is maintained by the service insertion module; and wherein the SDN manager provides data for generating the service profiles that include rules for servicing packets, that are indexed using a plurality of tenant identifiers and attributes of the packets, and that are maintained by the service machine ([0077]-[0096], such as “the NVP manager 805 of some embodiments provides a user interface to access various services that the NVP controller provides. The NVP manager can also include logic that is not included in the NVP controller”, [0093] and  “8 illustrates an example system 800 with such a scalable framework. As shown, the system includes a network virtualization platform (NVP) 895 and a physical forwarding element (PFE) 815. The main components of the framework is the flow stats explorer 825 that operates on the PFE 815 and the aggregator 810 that operates on the NVP 895”, [0077]). 
	As to claims 7 and 14, Hooda in view of Behera discloses claims 1 and 8, Behera further discloses: 
	in response to determining that no service is to be applied to the packet: determining whether the packet is to be dropped; in response to determining that the packet is to be dropped: the service insertion module dropping the packet; in response to determining that the packet is not to be dropped, determining whether the packet is to be allowed; and in response to determining that the packet is to be allowed, routing the packet toward its destination (“To process packets, the PFE (215 or 220) of some embodiments maintains a number of flows in a flow table, memory (e.g., content-addressable memory (CAM) or ternary CAM (TCAM)), or a datapath cache (245 or 250). Each flow is essentially a rule that specifies how the PFE should process each packet with certain header field values. The flow includes a set of match fields and at least one action to perform on each packet that has a set of header values that match the set of match field values. Typically, the action specifies dropping the packet or outputting the packet to one or more of the PFE's output ports. For instance, when the PFE 215 receives a packet, it performs a packet classification operation (e.g., a hash-based lookup operation) to find a matching flow from the datapath cache 245, and outputs the packet to a particular port (e.g., port 1 or port 2) according to the matching flow's action”, [0040]).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JIANYE WU whose telephone number is (571)270-1665.  The examiner can normally be reached on M-TH 8am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yemane Mesfin can be reached on (571) 272-3927.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/JIANYE WU/Primary Examiner, Art Unit 2462