DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Summary
This action is in reply to Applicant’s Amendments and Remarks filed on 07/14/2022.
Claims 1-16 and 18-24 are pending.
Claim 17 has been cancelled.
Claim 24 has been added new.

Response to Arguments
Applicant’s arguments dated 07/14/2022 with respect to claims 1-12 and 24 have been considered but they are moot as they are not applicable for the combination of references used in this office action.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 2-4, 6-8 and 12 are rejected under 35 U.S.C. 102 a(2) as being anticipated by Wan et al. (US 20210359939 A1, with priority of Chinese Patent Application No. CN 201910272143, of record, hereinafter ‘WAN’) in view of McKeown et al. ("OpenFlow: Enabling Innovation in Campus Networks", hereinafter ‘McKEOWN’).
Regarding claim 2, WAN teaches a method for programming a content addressable memory (CAM) of a network device (Fig. 7, S701-S703, [0126] the current network node may store the traffic profile in a TCAM):
obtaining an access control list (ACL) configuration ([0060] The network node usually uses the ACL (obtains a proposed ACL) to identify the service flow);
generating a CAM profile associated with the ACL configuration ([0065] Different types of ACLs may be used to classify packets. A feature used to match a classification may be a 2-tuple, a 3-tuple, a 4-tuple, a 5-tuple (a source IP address, a source port number, a protocol number, a destination IP address, and a destination port number), or the like of a packet. [0068] As shown in FIG. 3, a complex traffic classification process generally includes the following steps: create a profile (S301), deliver a rule (S302). [0069] In step S301, a network node may create a traffic profile for a specific flow. The traffic profile may be used to record the matching rule of traffic classification and a corresponding traffic behavior. The traffic profile may include a traffic policy profile (or referred to as a traffic behavior profile) and a traffic classification profile. [0070] In step S302, the network node may deliver and store the created traffic profile in a ternary content addressable memory (TCAM) table of the network node));
parsing the ACL configuration to identify one or more configuration features, each of the one or more configuration features based upon one or more entries of the ACL configuration comprising a routing context and a direction of packet flow ([0060] The network node usually uses the ACL (parsing the configuration of ACL) to identify the service flow. [0061] a corresponding packet can be permitted or denied to pass through based on a preset policy, uses the access control list (ACL) to implement the foregoing functions (routing context based on ACL based Policy) [0062] The ACL classifies packets based on a series of matching conditions (construed as configuration features). These conditions may be one or more features of the packets. The feature of the packet may include, for example, a source media access control (SMAC) address, a destination media access control (DMAC) address, a service provider virtual local area network (SVLAN), a customer virtual local area network (CVLAN), a priority (PRI), a source IP address, and a destination IP address of the packet. [0065] Different types of ACLs may be used to classify packets. A feature used to match a classification may be a 2-tuple, a 3-tuple, a 4-tuple, a 5-tuple (a source IP address, a source port number, a protocol number, a destination IP address, and a destination port number), or the like of a packet. (construed as one or more entries of the ACL configuration comprising a routing context and a direction of packet flow based on source-destination IP addresses, and a source-destination port numbers) [0069] The traffic profile may be used to record the matching rule of traffic classification and a corresponding traffic behavior. [0076] parse a UDP/TCP header of the packet to obtain a port number UDP/TCP ports (an interface type));
based upon identifying each of the one or more configuration features ([0065] Different types of ACLs may be used to classify packets):
generating a corresponding profile feature in the CAM profile ([0065] Different types of ACLs may be used to classify packets. A feature used to match a classification may be a 2-tuple, a 3-tuple, a 4-tuple, a 5-tuple (a source IP address, a source port number, a protocol number, a destination IP address, and a destination port number), or the like of a packet. [0069] In step S301, a network node may create a traffic profile for a specific flow. The traffic profile may be used to record the matching rule of traffic classification and a corresponding traffic behavior. The traffic profile may include a traffic policy profile (or referred to as a traffic behavior profile) and a traffic classification profile. [0070] In step S302, the network node may deliver and store the created traffic profile in a ternary content addressable memory (TCAM) table of the network node. [122] The current network node may allocate flow identifications to different flows according to a pre-agreed or preset rule. The pre-agreed or preset rule may be one or more features of the packet, for example, may be a 5-tuple, a 3-tuple, or layer 2 information of the packet);
parsing the ACL configuration to identify an entry for  at least one qualifier associated with the respective configuration feature ([0065] Different types of ACLs may be used to classify packets. A feature used to match a classification may be a 2-tuple, a 3-tuple, a 4-tuple, a 5-tuple, or the like of a packet (configuration feature includes packet tuple classification for matching, construed as qualifiers));
parsing the ACL configuration to identify an entry for  at least one action associated with the respective configuration feature  ([0060] Flow identification is also referred to as traffic classification. The network node usually uses the ACL to identify the service flow. [0061] The network node may filter a packet (construed as one action) that passes through the network node. To filter a packet, a series of matching rules need to be configured for the network node to identify a packet that needs to be filtered (parsing the ACL configuration for matching rules to identify an entry for at least one action for filtering). After identifying a specific packet, a corresponding packet can be permitted or denied to pass through (indicating forward or drop filtering actions) based on a preset policy. [0066] The network node may also perform a corresponding traffic behavior (or referred to as a traffic action) based on a classifier result (construed as filtering action associated matching rule or qualifiers based on classification using ACL). [0072] The network node may also process the packet based on a corresponding traffic action, for example, perform a corresponding traffic behavior); and
in response to identifying an entry for at least one qualifier and an entry for  at least one action, linking the at least one qualifier and the at least one action in the profile with the corresponding feature ([0065] Different types of ACLs may be used to classify packets (a qualifier). A feature used to match a classification may be a 2-tuple, a 3-tuple, a 4-tuple, a 5-tuple (a source IP address, a source port number, a protocol number, a destination IP address, and a destination port number), or the like of a packet. [0066] The network node may also perform a corresponding traffic behavior (or referred to as a traffic action) based on a classifier result (classification based on ACL configuration includes qualifier and action). [0072] The network node may also process the packet based on a corresponding traffic action, for example, perform a corresponding traffic behavior (linking the at least one qualifier and at least one action in response to identifying an entry for at least one qualifier and an entry for at least one action in ACL configurations));
programming the CAM profile in a forwarding table of the CAM ([0061] The network node may filter a packet that passes through the network node. To filter a packet, a series of matching rules need to be configured for the network node to identify a packet that needs to be filtered. After identifying a specific packet, a corresponding packet can be permitted or denied to pass through (forwarded according to ACL based matching rules programmed in a forwarding table of the CAM used to forward or drop the packet, as obvious).[0069] In step S301, a network node may create a traffic profile for a specific flow. The traffic profile may be used to record the matching rule of traffic classification and a corresponding traffic behavior.  [0070] In step S302, the network node may deliver and store the created traffic profile in a ternary content addressable memory (TCAM) table (a CAM profile in forwarding table for corresponding traffic behavior) of the network node); and
executing at least one computer networking action based upon performing a lookup from the CAM profile programmed in the CAM ([0061] The network node may filter a packet that passes through the network node. …After identifying a specific packet, a corresponding packet can be permitted or denied to pass through based on a preset policy. [0071] In step S303, after a packet of the flow enters an interface of the network node, the network node may perform matching according to the rule by using the TCAM table. [0072] After the matching succeeds, The network node may also process the packet based on a corresponding traffic action, for example, perform a corresponding traffic behavior. (packet dropped or forwarded in the transmission path based on filtering action, therefore the TCAM Table is construed as a forwarding table)).
WAN does not expressly disclose parsing the ACL configuration to identify an entry for  at least one qualifier associated with the respective configuration feature, parsing the ACL configuration to identify an entry for  at least one action associated with the respective configuration feature, and in response to identifying an entry for at least one qualifier and an entry for  at least one action, linking the at least one qualifier and the at least one action in the profile with the corresponding feature.
In an analogous art, McKEOWN teaches parsing the ACL configuration to identify an entry for  at least one qualifier associated with the respective configuration feature, parsing the ACL configuration to identify an entry for  at least one action associated with the respective configuration feature, and in response to identifying an entry for at least one qualifier and an entry for  at least one action, linking the at least one qualifier and the at least one action in the profile with the corresponding feature (Page 71 Left col Para 5-7) Each flow-entry (ACL configuration) has a simple action associated with it (linking the at least one qualifier and the at least one action in the profile with the corresponding feature); the three basic ones (that all dedicated OpenFlow switches must support) are::
	1. Forward this flow’s packets to a given port (or ports).
	2. Encapsulate and forward this flow’s packets to a controller.
	3. Drop this flow’s packets.
An entry in the Flow-Table has three fields: (1) A packet header that defines the flow, (to identify an entry for  at least one qualifier associated with the respective configuration feature) (2) The action, which defines how the packets should be processed (to identify an entry for  at least one action associated with the respective configuration feature), and (3) Statistics.
In the first generation “Type 0” switches, the flow header is a 10-tuple (Qualifiers) shown in Table 1. 
(Page 71 Right Col Para 2) the Flow Table will re-use existing hardware, such as a TCAM) 
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to take the technique of packet forwarding Flow-Table of McKEOWN to the system of performing traffic behavior based on CAM profile of WAN in order to take the advantage of a method for security curbing denial of service attacks, or to reduce spurious broadcast discovery traffic from end-hosts (McKEOWN: Page 71 Left col Para 5-6).
  
Regarding claim 3, WAN teaches wherein the routing context of packet flow comprises a network interface type, or a network routing configuration type ([0060] The network node usually uses the ACL (parsing the configuration of ACL) to identify the service flow. [0061] a corresponding packet can be permitted or denied to pass through based on a preset policy, uses the access control list (ACL) to implement the foregoing functions (routing configuration type for a routing context based on ACL based Policy) [0062] The ACL classifies packets based on a series of matching conditions. These conditions may be one or more features of the packets. The feature of the packet may include, for example, a source media access control (SMAC) address, a destination media access control (DMAC) address, a service provider virtual local area network (SVLAN), a customer virtual local area network (CVLAN), a priority (PRI), a source IP address, and a destination IP address of the packet (indicating a network interface type). A layer 2 header of the packet may include the layer 2 information, a layer 3 header of the packet may include the layer 3 information, and a layer 4 header of the packet may include the layer 4 information (construed as network interface type or network routing configuration type based on customer network id, priority and corresponding routing information).

Regarding claim 4, WAN teaches wherein the routing context comprises at least one of a routed port, a network sub-interface, a control plane, and a virtual local area network (VLAN) ([0060] The network node usually uses the ACL (parsing the configuration of ACL) to identify the service flow. [0061] a corresponding packet can be permitted or denied to pass through based on a preset policy, uses the access control list (ACL) to implement the foregoing functions [0062] The ACL classifies packets based on a series of matching conditions. These conditions may be one or more features of the packets. The feature of the packet may include, for example, a source media access control (SMAC) address, a destination media access control (DMAC) address, a service provider virtual local area network (SVLAN), a customer virtual local area network (CVLAN), a priority (PRI), a source IP address, and a destination IP address of the packet. (network interface type). [0063] The layer 3 information may include, for example, a source IP address and a destination IP address. The advanced ACL can define rules based on layer 3 and layer 4 information of a data packet. The layer 4 information may include, for example, a protocol type and a protocol feature, for example, information of the UDP or TCP header ([0076] parse a UDP/TCP header of the packet to obtain a port number UDP/TCP ports, an interface type), of an IP bearer. The layer 2 ACL defines rules based on layer 2 information. The layer 2 information may include a source MAC address, a destination MAC address, a VLAN priority, a layer 2 protocol type, and the like. [0065] Different types of ACLs may be used to classify packets. A feature used to match a classification may be a 2-tuple, a 3-tuple, a 4-tuple, a 5-tuple (a source IP address, a source port number, a protocol number, a destination IP address, and a destination port number), or the like of a packet).

Regarding claim 6, WAN teaches wherein the CAM comprises a ternary content addressable memory (TCAM) ([0070] In step S302, the network node may deliver and store the created traffic profile in a ternary content addressable memory (TCAM) table of the network node).  

Regarding claim 7, WAN teaches wherein the at least one qualifier associated with the respective configuration feature comprises one or more of a source or destination network address, a source or destination network port, a network protocol, a packet length, a priority designation, and a quality of service (QoS) designation ([0063] The layer 3 information may include, for example, a source IP address and a destination IP address. The advanced ACL can define rules based on layer 3 and layer 4 information of a data packet. The layer 4 information may include, for example, a protocol type and a protocol feature, for example, information of the UDP or TCP header ([0076] parse a UDP/TCP header of the packet to obtain a port number UDP/TCP ports, an interface type), of an IP bearer. The layer 2 ACL defines rules based on layer 2 information. The layer 2 information may include a source MAC address, a destination MAC address, a VLAN priority, a layer 2 protocol type, and the like. [0065] Different types of ACLs may be used to classify packets. A feature used to match a classification may be a 2-tuple, a 3-tuple, a 4-tuple, a 5-tuple (a source IP address, a source port number, a protocol number, a destination IP address, and a destination port number), or the like of a packet).  

Regarding claim 8, WAN teaches wherein the at least one action associated with the respective ACL feature comprises one or more of a packet forwarding function, packet routing function, mirroring function, unicast reverse path forwarding function, or quality of service (QoS) function ([0061] The network node may filter a packet (construed as one action) that passes through the network node. To filter a packet, a series of matching rules need to be configured for the network node to identify a packet that needs to be filtered. After identifying a specific packet, a corresponding packet can be permitted or denied to pass through (indicating forward or drop filtering actions) based on a preset policy. [0070] In step S302, the network node may deliver and store the created traffic profile in a ternary content addressable memory (TCAM) table of the network node. [0071] In step S303, after a packet of the flow enters an interface of the network node, the network node may perform matching according to the rule by using the TCAM table. [0072] After the matching succeeds, The network node may also process the packet based on a corresponding traffic action, for example, perform a corresponding traffic behavior. (packet forwarded in the transmission path, therefore the TCAM Table is construed as a forwarding table for forwarding function)
WAN does not expressly disclose wherein the at least one action associated with the respective ACL feature comprises one or more of a packet forwarding function, packet routing function, mirroring function, unicast reverse path forwarding function, or quality of service (QoS) function.
McKEOWN teaches wherein the at least one action associated with the respective ACL feature comprises one or more of a packet forwarding function, packet routing function, mirroring function, unicast reverse path forwarding function, or quality of service (QoS) function (Page 71 Left col Para 5-7) Each flow-entry (ACL feature) has a simple action associated with it; the three basic ones (that all dedicated OpenFlow switches must support) are::
	1. Forward this flow’s packets to a given port (or ports).
	2. Encapsulate and forward this flow’s packets to a controller.
	3. Drop this flow’s packets.
An entry in the Flow-Table has three fields: (1) A packet header that defines the flow, (to identify an entry for  at least one qualifier associated with the respective configuration feature) (2) The action, which defines how the packets should be processed (to identify an entry for  at least one action associated with the respective configuration feature), and (3) Statistics.
In the first generation “Type 0” switches, the flow header is a 10-tuple (Qualifiers) shown in Table 1) 
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to take the technique of packet forwarding Flow-Table of McKEOWN to the system of performing traffic behavior based on CAM profile of WAN in order to take the advantage of a method for security curbing denial of service attacks, or to reduce spurious broadcast discovery traffic from end-hosts (McKEOWN: Page 71 Left col Para 5-6).

Regarding claim 12, WAN teaches operating a network device having a CAM programmed with a table based upon the profile (Fig. 3, [0070] In step S302, the network node may deliver and store the created traffic profile in a ternary content addressable memory (TCAM) table of the network node. [0071] In step S303, after a packet of the flow enters an interface of the network node, the network node may perform matching according to the rule by using the TCAM table).

Claims 1, 9 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Wan et al. (US 20210359939 A1, with priority of Chinese Patent Application No. CN 201910272143, of record, hereinafter ‘WAN’) in view of McKeown et al. ("OpenFlow: Enabling Innovation in Campus Networks", hereinafter ‘McKEOWN’) and with further in view of Bhattacharya et al. (US 2017085488A1, of record, hereinafter ‘BHATTACHARYA’).
Regarding claim 1, WAN teaches a computer-implemented method for generating a ternary content addressable memory (TCAM) profile (Fig.3, S301-S302, [0070] In step S302, the network node may deliver and store the created traffic profile in a ternary content addressable memory (TCAM) table of the network node. (Fig. 7, S701-S703, [0126]) the current network node may store the traffic profile in a TCAM):
obtaining a proposed access control list (ACL) configuration ([0060] The network node usually uses the ACL (obtains a proposed ACL) to identify the service flow); 
generating a CAM profile associated with the ACL configuration ([0065] Different types of ACLs may be used to classify packets. A feature used to match a classification may be a 2-tuple, a 3-tuple, a 4-tuple, a 5-tuple (a source IP address, a source port number, a protocol number, a destination IP address, and a destination port number), or the like of a packet. [0068] As shown in FIG. 3, a complex traffic classification process generally includes the following steps: create a profile (S301), deliver a rule (S302). [0069] In step S301, a network node may create a traffic profile for a specific flow. The traffic profile may be used to record the matching rule of traffic classification and a corresponding traffic behavior. The traffic profile may include a traffic policy profile (or referred to as a traffic behavior profile) and a traffic classification profile. [0070] In step S302, the network node may deliver and store the created traffic profile in a ternary content addressable memory (TCAM) table of the network node)) by:
parsing the ACL configuration to identify one or more configuration features, each of the one or more configuration features based upon entries for a context and direction of packet flow identified in the ACL configuration, the context including an interface type and a routing configuration type ([0060] The network node usually uses the ACL (parsing the configuration of ACL) to identify the service flow. [0061] a corresponding packet can be permitted or denied to pass through based on a preset policy, uses the access control list (ACL) to implement the foregoing functions (routing context based on ACL based Policy) [0062] The ACL classifies packets based on a series of matching conditions (construed as configuration features). These conditions may be one or more features of the packets. The feature of the packet may include, for example, a source media access control (SMAC) address, a destination media access control (DMAC) address, a service provider virtual local area network (SVLAN), a customer virtual local area network (CVLAN), a priority (PRI), a source IP address, and a destination IP address of the packet. [0065] Different types of ACLs may be used to classify packets. A feature used to match a classification may be a 2-tuple, a 3-tuple, a 4-tuple, a 5-tuple (a source IP address, a source port number, a protocol number, a destination IP address, and a destination port number), or the like of a packet. (construed as one or more entries of the ACL configuration comprising a routing context and a direction of packet flow based on source-destination IP addresses, and a source-destination port numbers) [0069] The traffic profile may be used to record the matching rule of traffic classification and a corresponding traffic behavior. [0076] parse a UDP/TCP header of the packet to obtain a port number UDP/TCP ports (an interface type));
based upon identifying each of the one or more configuration features ([0065] Different types of ACLs may be used to classify packets):
generating a corresponding profile feature in the TCAM profile  ([0065] Different types of ACLs may be used to classify packets. A feature used to match a classification may be a 2-tuple, a 3-tuple, a 4-tuple, a 5-tuple (a source IP address, a source port number, a protocol number, a destination IP address, and a destination port number), or the like of a packet. [0069] In step S301, a network node may create a traffic profile for a specific flow. The traffic profile may be used to record the matching rule of traffic classification and a corresponding traffic behavior. The traffic profile may include a traffic policy profile (or referred to as a traffic behavior profile) and a traffic classification profile. [0070] In step S302, the network node may deliver and store the created traffic profile in a ternary content addressable memory (TCAM) table of the network node. [122] The current network node may allocate flow identifications to different flows according to a pre-agreed or preset rule. The pre-agreed or preset rule may be one or more features of the packet, for example, may be a 5-tuple, a 3-tuple, or layer 2 information of the packet);
 1320002-NP-001 (000163-1103-101)parsing the ACL configuration to identify at least one qualifier and at least one action associated with the respective configuration feature ([0060] Flow identification is also referred to as traffic classification. The network node usually uses the ACL to identify the service flow. [0061] The network node may filter a packet (construed as one action) that passes through the network node. To filter a packet, a series of matching rules need to be configured for the network node to identify a packet that needs to be filtered (parsing the ACL configuration for matching rules to identify an entry for at least one action for filtering). After identifying a specific packet, a corresponding packet can be permitted or denied to pass through (indicating forward or drop filtering actions) based on a preset policy. ([0065] Different types of ACLs may be used to classify packets. A feature used to match a classification may be a 2-tuple, a 3-tuple, a 4-tuple, a 5-tuple, or the like of a packet (configuration feature includes packet tuple classification for matching rule, construed as qualifiers). [0066] The network node may also perform a corresponding traffic behavior (or referred to as a traffic action) based on a classifier result (construed as filtering action associated matching rule or qualifiers based on classification using ACL). [0072] The network node may also process the packet based on a corresponding traffic action, for example, perform a corresponding traffic behavior); and
in response to identifying the at least one qualifier and the at least one action, joining the at least one qualifier and the at least one action in the TCAM profile with the corresponding profile feature ([0065] Different types of ACLs may be used to classify packets (a qualifier). A feature used to match a classification may be a 2-tuple, a 3-tuple, a 4-tuple, a 5-tuple (a source IP address, a source port number, a protocol number, a destination IP address, and a destination port number), or the like of a packet. [0066] The network node may also perform a corresponding traffic behavior (or referred to as a traffic action) based on a classifier result (classification based on ACL configuration includes qualifier and action). [0072] The network node may also process the packet based on a corresponding traffic action, for example, perform a corresponding traffic behavior (joining the at least one qualifier and at least one action in response to identifying an entry for at least one qualifier and an entry for at least one action in ACL configurations))
programming the TCAM profile into a switch hardware ([0061] The network node may filter a packet that passes through the network node. To filter a packet, a series of matching rules need to be configured for the network node to identify a packet that needs to be filtered. After identifying a specific packet, a corresponding packet can be permitted or denied to pass through (forwarded according to ACL based matching rules programmed in a forwarding table of the CAM or drop, as obvious).[0069] In step S301, a network node may create a traffic profile for a specific flow. The traffic profile may be used to record the matching rule of traffic classification and a corresponding traffic behavior.  [0070] In step S302, the network node may deliver and store the created traffic profile in a ternary content addressable memory (TCAM) table (a CAM profile in forwarding table for corresponding traffic behavior) of the network node).  
WAN does not expressly disclose parsing the ACL configuration to identify at least one qualifier and at least one action associated with the respective configuration feature, in response to identifying the at least one qualifier and the at least one action, joining the at least one qualifier and the at least one action in the TCAM profile with the corresponding profile feature, and testing the TCAM profile against one or more TCAM constraints; and denying the proposed ACL configuration when one or more of the TCAM constraints are not met; programming the TCAM profile into a switch hardware when the TCAM profile passes the test.
In an analogous art, McKEOWN teaches parsing the ACL configuration to identify at least one qualifier and at least one action associated with the respective configuration feature, in response to identifying the at least one qualifier and the at least one action, joining the at least one qualifier and the at least one action in the TCAM profile with the corresponding profile feature (Page 71 Left col Para 5-7) Each flow-entry (ACL configuration) has a simple action associated with it (linking the at least one qualifier and the at least one action in the profile with the corresponding feature); the three basic ones (that all dedicated OpenFlow switches must support) are::
	1. Forward this flow’s packets to a given port (or ports).
	2. Encapsulate and forward this flow’s packets to a controller.
	3. Drop this flow’s packets.
An entry in the Flow-Table has three fields: (1) A packet header that defines the flow, (to identify an entry for  at least one qualifier associated with the respective configuration feature) (2) The action, which defines how the packets should be processed (to identify an entry for  at least one action associated with the respective configuration feature), and (3) Statistics.
In the first generation “Type 0” switches, the flow header is a 10-tuple (Qualifiers) shown in Table 1. 
(Page 71 Right Col Para 2) the Flow Table will re-use existing hardware, such as a TCAM) 
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to take the technique of packet forwarding Flow-Table of McKEOWN to the system of performing traffic behavior based on CAM profile of WAN in order to take the advantage of a method for security curbing denial of service attacks, or to reduce spurious broadcast discovery traffic from end-hosts (McKEOWN: Page 71 Left col Para 5-6).
WAN and McKEOWN are silent about testing the TCAM profile against one or more TCAM constraints; and denying the proposed ACL configuration when one or more of the TCAM constraints are not met; programming the TCAM profile into a switch hardware when the TCAM profile passes the test.
In analogous art, BHATTACHARYA teaches testing the TCAM profile against one or more TCAM constraints; and denying the proposed ACL configuration when one or more of the TCAM constraints are not met, programming the TCAM profile into a switch hardware when the TCAM profile passes the test ([0101] Each member CB device and PE device can notify the master CB device, as part of a topology discovery extension, the capabilities of the TCAM processor of the device (e.g., a number of ACL rules the device can support). When the master CB device sends ACL programming requests to member CB devices and PE devices, the free space of the TCAM processors on such devices are utilized to program the new ACL rules. In response to such requests, each of the member CB devices and PE devices then notifies the master CB device of its respective remaining available free space of the TCAM processor. Based on the global snapshot view of available TCAM processor capabilities of the CB devices and PE devices in the extended bridge system, the master CB device determines whether to accept or reject ACL service provisioning requests from network management administrators or internally from other routing/switching applications in the extended bridge system (obviously indicating testing the TCAM profile against one or more TCAM constraints of available memory, denying the proposed ACL configuration when one or more of the TCAM constraints are not met due to memory requirement for ACL configuration exceeding the free space, programming the TCAM profile into a switch hardware when the TCAM profile passes the test with available free space meets the memory requirement for ACL configuration)).
 Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to take the technique of BHATTACHARYA to the system of WAN and McKEOWN in order to take the advantage of a method for enabling network nodes to have sufficient resources and processing capabilities to perform optimal forwarding of user traffic with service level agreement (SLA) guarantees, ensuring a high level of network quality of service, service availability, and overall performance and throughput (BHATTACHARYA: [0004]).

Regarding claim 9, WAN teaches wherein, based upon identifying the at least one qualifier associated with the respective configuration feature: a CAM table entry to program a lookup of the at least one qualifier or at least one action ([0062] The ACL classifies packets based on a series of matching conditions. These conditions may be one or more features of the packets. The feature of the packet may include, for example, a source media access control (SMAC) address, a destination media access control (DMAC) address, a service provider virtual local area network (SVLAN), a customer virtual local area network (CVLAN), a priority (PRI), a source IP address, and a destination IP address of the packet. (network interface type) [0063] The layer 3 information may include, for example, a source IP address and a destination IP address. The advanced ACL can define rules based on layer 3 and layer 4 information of a data packet. The layer 4 information may include, for example, a protocol type and a protocol feature, for example, information of the UDP or TCP header ([0076] parse a UDP/TCP header of the packet to obtain a port number UDP/TCP ports, an interface type), of an IP bearer. The layer 2 ACL defines rules based on layer 2 information. The layer 2 information may include a source MAC address, a destination MAC address, a VLAN priority, a layer 2 protocol type, and the like. [0065] Different types of ACLs may be used to classify packets. A feature used to match a classification may be a 2-tuple, a 3-tuple, a 4-tuple, a 5-tuple (a source IP address, a source port number, a protocol number, a destination IP address, and a destination port number), or the like of a packet. [0069] In step S301, a network node may create a traffic profile for a specific flow. The traffic profile may be used to record the matching rule of traffic classification and a corresponding traffic behavior (an action). The traffic profile may include a traffic policy profile (or referred to as a traffic behavior profile) and a traffic classification profile. [0070] In step S302, the network node may deliver and store the created traffic profile in a ternary content addressable memory (TCAM) table of the network node).
WAN and McKEOWN are silent about calculating a memory space needed in a CAM table entry to program a lookup of the at least one qualifier or the at least one action, and in response to determining that the calculated memory space exceeds a space available in the CAM table entry, performing at least one of terminating or modifying the generation of the corresponding feature in the CAM profile.
In analogous art, BHATTACHARYA teaches calculating a memory space needed in a CAM table entry to program a lookup of the at least one qualifier or the at least one action, and in response to determining that the calculated memory space exceeds a space available in the CAM table entry, performing at least one of terminating or modifying the generation of the corresponding feature in the CAM profile ([0101] Each member CB device and PE device can notify the master CB device, as part of a topology discovery extension, the capabilities of the TCAM processor of the device (e.g., a number of ACL rules the device can support). When the master CB device sends ACL programming requests to member CB devices and PE devices, the free space of the TCAM processors on such devices are utilized to program the new ACL rules. In response to such requests, each of the member CB devices and PE devices then notifies the master CB device of its respective remaining available free space of the TCAM processor (calculating a memory space). Based on the global snapshot view of available TCAM processor capabilities of the CB devices and PE devices in the extended bridge system, the master CB device determines whether to accept or reject ACL service provisioning requests (calculating a memory space needed in a CAM table entry to program a lookup of the at least one qualifier, and in response to determining that the calculated memory space exceeds the space available in the CAM table entry, performing at least one of terminating or modifying the generation of the corresponding feature in the profile) from network management administrators or internally from other routing/switching applications in the extended bridge system).
 Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to take the technique of BHATTACHARYA to the system of WAN and McKEOWN in order to take the advantage of a method for enabling network nodes to have sufficient resources and processing capabilities to perform optimal forwarding of user traffic with service level agreement (SLA) guarantees, ensuring a high level of network quality of service, service availability, and overall performance and throughput (BHATTACHARYA: [0004]).

Regarding claim 10, WAN teaches based upon generating each corresponding feature in the profile: a CAM table to program a lookup for each corresponding feature in the CAM profile ([0062] The ACL classifies packets based on a series of matching conditions. These conditions may be one or more features of the packets. The feature of the packet may include, for example, a source media access control (SMAC) address, a destination media access control (DMAC) address, a service provider virtual local area network (SVLAN), a customer virtual local area network (CVLAN), a priority (PRI), a source IP address, and a destination IP address of the packet. (network interface type). [0069] In step S301, a network node may create a traffic profile for a specific flow. The traffic profile may be used to record the matching rule of traffic classification and a corresponding traffic behavior (an action). The traffic profile may include a traffic policy profile (or referred to as a traffic behavior profile) and a traffic classification profile. [0070] In step S302, the network node may deliver and store the created traffic profile in a ternary content addressable memory (TCAM) table of the network node).
WAN and McKEOWN are silent about calculating the memory space needed in a CAM table to program a lookup for each corresponding feature in the profile, and in response to determining that the calculated memory space exceeds the space available in the CAM table, (performing) at least one of terminating or modifying the generating a CAM profile. 
In analogous art, BHATTACHARYA teaches calculating a memory space needed in a CAM table to program a lookup for each corresponding feature in the CAM profile, and in response to determining that the calculated memory space exceeds the space available in the CAM table, performing at least one of terminating or modifying the generation of the CAM profile ([0101] Each member CB device and PE device can notify the master CB device, as part of a topology discovery extension, the capabilities of the TCAM processor of the device (e.g., a number of ACL rules the device can support). When the master CB device sends ACL programming requests to member CB devices and PE devices, the free space of the TCAM processors on such devices are utilized to program the new ACL rules. In response to such requests, each of the member CB devices and PE devices then notifies the master CB device of its respective remaining available free space of the TCAM processor (calculating the memory space). Based on the global snapshot view of available TCAM processor capabilities of the CB devices and PE devices in the extended bridge system, the master CB device determines whether to accept or reject ACL service provisioning requests (calculating a memory space needed in a CAM table to program a lookup for each corresponding feature in the CAM profile, and in response to determining that the calculated memory space exceeds the space available in the CAM table, performing at least one of terminating or modifying the generation of the CAM profile) from network management administrators or internally from other routing/switching applications in the extended bridge system).
 Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to take the technique of BHATTACHARYA to the system of WAN and McKEOWN in order to take the advantage of a method for enabling network nodes to have sufficient resources and processing capabilities to perform optimal forwarding of user traffic with service level agreement (SLA) guarantees, ensuring a high level of network quality of service, service availability, and overall performance and throughput (BHATTACHARYA: [0004]).

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Wan et al. (US 20210359939 A1, with priority of Chinese Patent Application No. CN 201910272143, of record, hereinafter ‘WAN’) in view of McKeown et al. ("OpenFlow: Enabling Innovation in Campus Networks", hereinafter ‘McKEOWN’) and with further in view of Gai et al. (US 6651096 B1, of record, hereinafter ‘GAI’).
Regarding claim 11, WAN and McKEOWN are silent about wherein, prior to generating each corresponding feature in the profile: determining if the corresponding configuration feature is already present in the profile, in response to determining that the configuration feature is already present in the profile, omitting the incorporation of a cumulative configuration feature in the profile.
In an analogous art, GAI teaches wherein, prior to generating each corresponding feature in the profile: determining if the corresponding configuration feature is already present in the profile, in response to determining that the configuration feature is already present in the profile, omitting the incorporation of a cumulative configuration feature in the profile (Col 9 Lines 27-31: The ACL converter 424 then merges all of the ACLs assigned to each interface into a single, unified ACL and stores these single, unified ACLs in the TCAM 410 for subsequent use by the forwarding entity 404. (Fig. 12, Col 18 Lines 33-52, 59-64) If additional optimization is to be performed, an optimization technique is applied, as indicated at block 1212. This additional optimization is preferably performed using the Espresso boolean minimization program. The Espresso program basically takes as its input an un-optimized SOP function and produces, as its output, an optimized SOP function. Following the additional optimization step, the ACL converter preferably translates the optimized ACL from SOP to text-based ASCII format, as indicated at block 1214. Since the Espresso program is computational intensive to perform, it is preferably applied only to those ACLs that are relatively stable and critical to the network. The Espresso program is also described in R. Brayton, G. Hachtel, C. McMullen, A. Sangiovanni, Vincentelli Logic Minimization Algorithms for VLSI Synthesis (Kluwer Academic Publishers 1984). As shown, the off-line ACL optimization aspect of the present invention is able to eliminate redundant ACE statements in existing ACLs (in response to determining that the configuration feature is already present in the profile, omitting the incorporation of a cumulative configuration feature in the profile). Once optimized, the text-based ACLs can be evaluated by network devices more efficiently, thereby conserving memory and processor resources).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to take the technique of GAI to the system of WAN and McKEOWN in order to take the advantage of a method for evaluating text-based ACLs by network devices more efficiently, thereby conserving memory and processor resources (GAI: Col 18 Lines 61-64).

Claim 5, 13-16, 18-19 and 23-24 is rejected under 35 U.S.C. 103 as being unpatentable over Wan et al. (US 20210359939 A1, with priority of Chinese Patent Application No. CN 201910272143, of record, hereinafter ‘WAN’) in view of McKeown et al. ("OpenFlow: Enabling Innovation in Campus Networks", hereinafter ‘McKEOWN’) and with further in view of Wu et al. (WO 2018045862 A1, machine translation, hereinafter ‘WU’).
Regarding claim 5, WAN and McKEOWN are silent about wherein the direction of packet flow comprises at least one of an ingress or egress of the flow from or to at least a portion of a network.
In an analogous art, WU teaches wherein the direction of packet flow comprises at least one of an ingress or egress of the flow from or to at least a portion of a network (Page 2 Para 1: an access control list (ACL) access control list is a traffic classification tool. The high-end router uses ACLs to classify and control port traffic, traffic mirroring, routing policies, and policy routing. Features. The ACL can filter and filter packets according to the fields in the packet. The most common filtering field is the quintuple in the data packet, that is, the source IP address, destination IP address, protocol number, source port number, and destination port number.
(Page 7 Para 13) When a port is created, a buffer is allocated to the port. The information related to the ACL in the cache includes: (1) IPV4, IPV6, (2) Ingress, Egress, (3) ACL NUM, and (4) ACL correlation …if both the inbound and outbound interfaces are bound to ACL-related services, an inbound binding count and an outgoing binding count are generated respectively; for example, IPV4 and IPV6 are bound.).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to take the technique of packet forwarding of WU to the system of WAN and McKEOWN in order to take the advantage of a method for packet filtering based on port ACL to control router processing load (WU: Page 2 Para 1 and 4).

Regarding claim 13, WAN teaches a system for processing network communications (Fig. 1 Network, [0046] A packet usually passes through many network nodes during transmission on a network. FIG. 1 is used as an example. …The network node may be a router or a switch.), the system comprising:
one or more processors programmed ([0177] FIG. 15 is a schematic structural diagram of a communications apparatus according to an embodiment of this application. The communications apparatus 1500 shown in FIG. 15 may correspond to the user equipment or the network device described above. The communications apparatus 1500 may include at least one processor 1501 and a communications interface 1502. The communications interface 1502 may be used by the communications apparatus 1500 to exchange information with another communications apparatus, and when program instructions are executed by the at least one processor 1501, the communications apparatus 1500 is enabled to implement the foregoing steps, methods, operations, or functions performed by the network device.
[0178] According to an embodiment of this application, a communications system is further provided, including one or more of the foregoing network devices) and configured to perform:
obtaining an access control list (ACL) configuration ([0060] The network node usually uses the ACL (obtains a proposed ACL) to identify the service flow);
generating a TCAM profile associated with the ACL configuration (([0065] Different types of ACLs may be used to classify packets. A feature used to match a classification may be a 2-tuple, a 3-tuple, a 4-tuple, a 5-tuple (a source IP address, a source port number, a protocol number, a destination IP address, and a destination port number), or the like of a packet. [0068] As shown in FIG. 3, a complex traffic classification process generally includes the following steps: create a profile (S301), deliver a rule (S302). [0069] In step S301, a network node may create a traffic profile for a specific flow. The traffic profile may be used to record the matching rule of traffic classification and a corresponding traffic behavior. The traffic profile may include a traffic policy profile (or referred to as a traffic behavior profile) and a traffic classification profile. [0070] In step S302, the network node may deliver and store the created traffic profile in a ternary content addressable memory (TCAM) table of the network node));
parsing the ACL configuration to identify one or more configuration features, each of the features based upon one or more entries of the ACL configuration comprising a routing context and a direction of packet flow ([0060] The network node usually uses the ACL (parsing the configuration of ACL) to identify the service flow. [0061] a corresponding packet can be permitted or denied to pass through based on a preset policy, uses the access control list (ACL) to implement the foregoing functions (routing context based on ACL based Policy) [0062] The ACL classifies packets based on a series of matching conditions (construed as configuration features). These conditions may be one or more features of the packets. The feature of the packet may include, for example, a source media access control (SMAC) address, a destination media access control (DMAC) address, a service provider virtual local area network (SVLAN), a customer virtual local area network (CVLAN), a priority (PRI), a source IP address, and a destination IP address of the packet. [0065] Different types of ACLs may be used to classify packets. A feature used to match a classification may be a 2-tuple, a 3-tuple, a 4-tuple, a 5-tuple (a source IP address, a source port number, a protocol number, a destination IP address, and a destination port number), or the like of a packet. (construed as one or more entries of the ACL configuration comprising a routing context and a direction of packet flow based on source-destination IP addresses, and a source-destination port numbers) [0069] The traffic profile may be used to record the matching rule of traffic classification and a corresponding traffic behavior. [0076] parse a UDP/TCP header of the packet to obtain a port number UDP/TCP ports (an interface type));
based upon identifying each of the one or more configuration features ([0065] Different types of ACLs may be used to classify packets):
generating a corresponding profile feature in the TCAM profile ([0065] Different types of ACLs may be used to classify packets. A feature used to match a classification may be a 2-tuple, a 3-tuple, a 4-tuple, a 5-tuple (a source IP address, a source port number, a protocol number, a destination IP address, and a destination port number), or the like of a packet. [0069] In step S301, a network node may create a traffic profile for a specific flow. The traffic profile may be used to record the matching rule of traffic classification and a corresponding traffic behavior. The traffic profile may include a traffic policy profile (or referred to as a traffic behavior profile) and a traffic classification profile. [0070] In step S302, the network node may deliver and store the created traffic profile in a ternary content addressable memory (TCAM) table of the network node. [122] The current network node may allocate flow identifications to different flows according to a pre-agreed or preset rule. The pre-agreed or preset rule may be one or more features of the packet, for example, may be a 5-tuple, a 3-tuple, or layer 2 information of the packet);
1320002-NP-001 (000163-1103-101)parsing the ACL configuration to identify an entry for at least one qualifier associated with the respective configuration feature ([0065] Different types of ACLs may be used to classify packets. A feature used to match a classification may be a 2-tuple, a 3-tuple, a 4-tuple, a 5-tuple, or the like of a packet (configuration feature includes packet tuple classification for matching, construed as qualifiers));
parsing the ACL configuration to identify an entry for at least one action associated with the respective configuration feature ([0060] Flow identification is also referred to as traffic classification. The network node usually uses the ACL to identify the service flow. [0061] The network node may filter a packet (construed as one action) that passes through the network node. To filter a packet, a series of matching rules need to be configured for the network node to identify a packet that needs to be filtered (parsing the ACL configuration for matching rules to identify an entry for at least one action for filtering). After identifying a specific packet, a corresponding packet can be permitted or denied to pass through (indicating forward or drop filtering actions) based on a preset policy. [0066] The network node may also perform a corresponding traffic behavior (or referred to as a traffic action) based on a classifier result (construed as filtering action associated matching rule or qualifiers based on classification using ACL). [0072] The network node may also process the packet based on a corresponding traffic action, for example, perform a corresponding traffic behavior);
in response to identifying the entry for the at least one qualifier and the entry for the at least one action, linking the at least one qualifier and the at least one action in the TCAM profile with the corresponding feature ([0065] Different types of ACLs may be used to classify packets (a qualifier). A feature used to match a classification may be a 2-tuple, a 3-tuple, a 4-tuple, a 5-tuple (a source IP address, a source port number, a protocol number, a destination IP address, and a destination port number), or the like of a packet. [0066] The network node may also perform a corresponding traffic behavior (or referred to as a traffic action) based on a classifier result (classification based on ACL configuration includes qualifier and action). [0072] The network node may also process the packet based on a corresponding traffic action, for example, perform a corresponding traffic behavior (linking the at least one qualifier and at least one action in response to identifying an entry for at least one qualifier and an entry for at least one action in ACL configurations));
a network device having a ternary content addressable memory (TCAM) programmed with the TCAM profile, the network device programmed and configured to execute at least one networking action based upon performing a lookup from the TCAM profile programmed in the TCAM ([0060] Flow identification is also referred to as traffic classification. The network node usually uses the ACL to identify the service flow. [0061] The network node may filter a packet (construed as one action) that passes through the network node. To filter a packet, a series of matching rules need to be configured for the network node to identify a packet that needs to be filtered. After identifying a specific packet, a corresponding packet can be permitted or denied to pass through (forwarded according to ACL based matching rules programmed in a forwarding table of the CAM used to forward or drop the packet, as obvious) [0069] In step S301, a network node may create a traffic profile for a specific flow. The traffic profile may be used to record the matching rule of traffic classification and a corresponding traffic behavior.  [0070] In step S302, the network node may deliver and store the created traffic profile in a ternary content addressable memory (TCAM) table (a CAM profile in forwarding table for corresponding traffic behavior) of the network node. [0071] In step S303, after a packet of the flow enters an interface of the network node, the network node may perform matching according to the rule by using the TCAM table. [0072] After the matching succeeds, The network node may also process the packet based on a corresponding traffic action, for example, perform a corresponding traffic behavior).
WAN does not expressly disclose parsing the ACL configuration to identify an entry for  at least one qualifier associated with the respective configuration feature, parsing the ACL configuration to identify an entry for  at least one action associated with the respective configuration feature, and in response to identifying an entry for at least one qualifier and an entry for  at least one action, linking the at least one qualifier and the at least one action in the profile with the corresponding feature, wherein the at least one action associated with the respective ACL feature comprises a unicast reverse path forwarding function.
In an analogous art, McKEOWN teaches parsing the ACL configuration to identify an entry for  at least one qualifier associated with the respective configuration feature, parsing the ACL configuration to identify an entry for  at least one action associated with the respective configuration feature, and in response to identifying an entry for at least one qualifier and an entry for  at least one action, linking the at least one qualifier and the at least one action in the profile with the corresponding feature (Page 71 Left col Para 5-7) Each flow-entry (ACL configuration) has a simple action associated with it (linking the at least one qualifier and the at least one action in the profile with the corresponding feature); the three basic ones (that all dedicated OpenFlow switches must support) are::
	1. Forward this flow’s packets to a given port (or ports).
	2. Encapsulate and forward this flow’s packets to a controller.
	3. Drop this flow’s packets.
An entry in the Flow-Table has three fields: (1) A packet header that defines the flow, (to identify an entry for  at least one qualifier associated with the respective configuration feature) (2) The action, which defines how the packets should be processed (to identify an entry for  at least one action associated with the respective configuration feature), and (3) Statistics.
In the first generation “Type 0” switches, the flow header is a 10-tuple (Qualifiers) shown in Table 1. 
(Page 71 Right Col Para 2) the Flow Table will re-use existing hardware, such as a TCAM) 
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to take the technique of packet forwarding Flow-Table of McKEOWN to the system of performing traffic behavior based on CAM profile of WAN in order to take the advantage of a method for security curbing denial of service attacks, or to reduce spurious broadcast discovery traffic from end-hosts (McKEOWN: Page 71 Left col Para 5-6).
WAN and McKEOWN are silent about wherein the at least one action associated with the respective ACL feature comprises a unicast reverse path forwarding function.
In an analogous art, WU teaches wherein the at least one action associated with the respective ACL feature comprises a unicast reverse path forwarding function (Page 2 Para 1-4: an access control list (ACL) access control list is a traffic classification tool. The high-end router uses ACLs to classify and control port traffic, traffic mirroring, routing policies, and policy routing. Features. The ACL can filter and filter packets according to the fields in the packet. The most common filtering field is the quintuple in the data packet, that is, the source IP address, destination IP address, protocol number, source port number, and destination port number.
An ACL list can have multiple rules (ACL features - Qualifiers), each of which describes a certain matching condition. For a given message, the interpretation begins with the first rule. Once the rule is matched, the action (permit/deny) set in the rule is executed and returned. 
ACL-related services include port ACL, Unicast Reverse Path Forwarding (URPF), policy-route-route-flow, traffic mirroring, and flow sampling. All services reference the rules (ACL features) in the ACL list. (ACL-related-services, indicating actions include URPF)).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to take the technique of packet forwarding of WU to the system of WAN and McKEOWN in order to take the advantage of a method for packet filtering based on port ACL to control router processing load (WU: Page 2 Para 1 and 4).

Regarding claim 14, WAN teaches wherein the routing context of packet flow comprises a network interface type, or a network routing configuration type ([0060] The network node usually uses the ACL (parsing the configuration of ACL) to identify the service flow. [0061] a corresponding packet can be permitted or denied to pass through based on a preset policy, uses the access control list (ACL) to implement the foregoing functions (routing configuration type for a routing context based on ACL based Policy) [0062] The ACL classifies packets based on a series of matching conditions. These conditions may be one or more features of the packets. The feature of the packet may include, for example, a source media access control (SMAC) address, a destination media access control (DMAC) address, a service provider virtual local area network (SVLAN), a customer virtual local area network (CVLAN), a priority (PRI), a source IP address, and a destination IP address of the packet (indicating a network interface type). A layer 2 header of the packet may include the layer 2 information, a layer 3 header of the packet may include the layer 3 information, and a layer 4 header of the packet may include the layer 4 information (construed as network interface type or network routing configuration type based on customer network id, priority and corresponding routing information).

Regarding claim 15, WAN teaches wherein the routing context comprises at least one of a routed port, a network sub-interface, a control plane, and a virtual local area network (VLAN) ([0060] The network node usually uses the ACL (parsing the configuration of ACL) to identify the service flow. [0061] a corresponding packet can be permitted or denied to pass through based on a preset policy, uses the access control list (ACL) to implement the foregoing functions [0062] The ACL classifies packets based on a series of matching conditions. These conditions may be one or more features of the packets. The feature of the packet may include, for example, a source media access control (SMAC) address, a destination media access control (DMAC) address, a service provider virtual local area network (SVLAN), a customer virtual local area network (CVLAN), a priority (PRI), a source IP address, and a destination IP address of the packet. (network interface type). [0063] The layer 3 information may include, for example, a source IP address and a destination IP address. The advanced ACL can define rules based on layer 3 and layer 4 information of a data packet. The layer 4 information may include, for example, a protocol type and a protocol feature, for example, information of the UDP or TCP header ([0076] parse a UDP/TCP header of the packet to obtain a port number UDP/TCP ports, an interface type), of an IP bearer. The layer 2 ACL defines rules based on layer 2 information. The layer 2 information may include a source MAC address, a destination MAC address, a VLAN priority, a layer 2 protocol type, and the like. [0065] Different types of ACLs may be used to classify packets. A feature used to match a classification may be a 2-tuple, a 3-tuple, a 4-tuple, a 5-tuple (a source IP address, a source port number, a protocol number, a destination IP address, and a destination port number), or the like of a packet).

Regarding claim 16, WAN and McKEOWN are silent about wherein the direction of packet flow comprises at least one of an ingress or egress of the flow from or to at least a portion of a network.
In an analogous art, WU teaches wherein the direction of packet flow comprises at least one of an ingress or egress of the flow from or to at least a portion of a network (Page 2 Para 1: an access control list (ACL) access control list is a traffic classification tool. The high-end router uses ACLs to classify and control port traffic, traffic mirroring, routing policies, and policy routing. Features. The ACL can filter and filter packets according to the fields in the packet. The most common filtering field is the quintuple in the data packet, that is, the source IP address, destination IP address, protocol number, source port number, and destination port number.
(Page 7 Para 13) When a port is created, a buffer is allocated to the port. The information related to the ACL in the cache includes: (1) IPV4, IPV6, (2) Ingress, Egress, (3) ACL NUM, and (4) ACL correlation …if both the inbound and outbound interfaces are bound to ACL-related services, an inbound binding count and an outgoing binding count are generated respectively; for example, IPV4 and IPV6 are bound.).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to take the technique of packet forwarding of WU to the system of WAN and McKEOWN in order to take the advantage of a method for packet filtering based on port ACL to control router processing load (WU: Page 2 Para 1 and 4).

Regarding claim 18, WAN teaches the system of claim 13, wherein the at least one qualifier associated with the respective configuration feature comprises one or more of a source or destination network address, a source or destination network port, a network protocol, a packet length, a priority designation, and a quality of service (QoS) designation ([0063] The layer 3 information may include, for example, a source IP address and a destination IP address. The advanced ACL can define rules based on layer 3 and layer 4 information of a data packet. The layer 4 information may include, for example, a protocol type and a protocol feature, for example, information of the UDP or TCP header ([0076] parse a UDP/TCP header of the packet to obtain a port number UDP/TCP ports, an interface type), of an IP bearer. The layer 2 ACL defines rules based on layer 2 information. The layer 2 information may include a source MAC address, a destination MAC address, a VLAN priority, a layer 2 protocol type, and the like. [0065] Different types of ACLs may be used to classify packets. A feature used to match a classification may be a 2-tuple, a 3-tuple, a 4-tuple, a 5-tuple (a source IP address, a source port number, a protocol number, a destination IP address, and a destination port number), or the like of a packet).  

Regarding claim 19, WAN teaches wherein the at least one action associated with the respective ACL feature comprises one or more of a packet forwarding function, packet routing function, mirroring function, or quality of service (QoS) function ([0061] The network node may filter a packet (construed as one action) that passes through the network node. To filter a packet, a series of matching rules need to be configured for the network node to identify a packet that needs to be filtered. After identifying a specific packet, a corresponding packet can be permitted or denied to pass through (indicating forward or drop filtering actions) based on a preset policy. [0070] In step S302, the network node may deliver and store the created traffic profile in a ternary content addressable memory (TCAM) table of the network node. [0071] In step S303, after a packet of the flow enters an interface of the network node, the network node may perform matching according to the rule by using the TCAM table. [0072] After the matching succeeds, The network node may also process the packet based on a corresponding traffic action, for example, perform a corresponding traffic behavior. (packet forwarded in the transmission path, therefore the TCAM Table is construed as a forwarding table for forwarding function)
WAN does not expressly disclose wherein the at least one action associated with the respective ACL feature comprises one or more of a packet forwarding function, packet routing function, mirroring function, or quality of service (QoS) function.
McKEOWN teaches wherein the at least one action associated with the respective ACL feature comprises one or more of a packet forwarding function, packet routing function, mirroring function, unicast reverse path forwarding function, or quality of service (QoS) function (Page 71 Left col Para 5-7) Each flow-entry (ACL feature) has a simple action associated with it; the three basic ones (that all dedicated OpenFlow switches must support) are::
	1. Forward this flow’s packets to a given port (or ports).
	2. Encapsulate and forward this flow’s packets to a controller.
	3. Drop this flow’s packets.
An entry in the Flow-Table has three fields: (1) A packet header that defines the flow, (to identify an entry for  at least one qualifier associated with the respective configuration feature) (2) The action, which defines how the packets should be processed (to identify an entry for  at least one action associated with the respective configuration feature), and (3) Statistics.
In the first generation “Type 0” switches, the flow header is a 10-tuple (Qualifiers) shown in Table 1) 
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to take the technique of packet forwarding Flow-Table of McKEOWN to the system of performing traffic behavior based on CAM profile of WAN in order to take the advantage of a method for security curbing denial of service attacks, or to reduce spurious broadcast discovery traffic from end-hosts (McKEOWN: Page 71 Left col Para 5-6).

Regarding claim 23, WAN teaches operating a network device having a CAM programmed with a table based upon the profile (Fig. 3, [0070] In step S302, the network node may deliver and store the created traffic profile in a ternary content addressable memory (TCAM) table of the network node. [0071] In step S303, after a packet of the flow enters an interface of the network node, the network node may perform matching according to the rule by using the TCAM table).

Regarding claim 24, WAN and McKEOWN are silent about the method of claim 2, wherein the at least one action associated with the respective ACL feature comprises a unicast reverse path forwarding function.
In an analogous art, WU teaches wherein the at least one action associated with the respective ACL feature comprises a unicast reverse path forwarding function (Page 2 Para 1-4: an access control list (ACL) access control list is a traffic classification tool. The high-end router uses ACLs to classify and control port traffic, traffic mirroring, routing policies, and policy routing. Features. The ACL can filter and filter packets according to the fields in the packet. The most common filtering field is the quintuple in the data packet, that is, the source IP address, destination IP address, protocol number, source port number, and destination port number.
An ACL list can have multiple rules (ACL features - Qualifiers), each of which describes a certain matching condition. For a given message, the interpretation begins with the first rule. Once the rule is matched, the action (permit/deny) set in the rule is executed and returned. 
ACL-related services include port ACL, Unicast Reverse Path Forwarding (URPF), policy-route-route-flow, traffic mirroring, and flow sampling. All services reference the rules (ACL features) in the ACL list. (ACL-related-services, indicating actions include URPF)).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to take the technique of packet forwarding of WU to the system of WAN and McKEOWN in order to take the advantage of a method for packet filtering based on port ACL to control router processing load (WU: Page 2 Para 1 and 4).


Claims 20-21 are rejected under 35 U.S.C. 103 as being unpatentable over Wan et al. (US 20210359939 A1, with priority of Chinese Patent Application No. CN 201910272143, of record, hereinafter ‘WAN’) in view of McKeown et al. ("OpenFlow: Enabling Innovation in Campus Networks", hereinafter ‘McKEOWN’) in view of Wu et al. (WO 2018045862 A1, machine translation, hereinafter ‘WU’) and with further in view of Bhattacharya et al. (Claim A1, hereinafter ‘BHATTACHARYA’).
Regarding claim 20, WAN teaches wherein, based upon identifying the at least one qualifier associated with the respective configuration feature: a CAM table entry to program a lookup of the at least one qualifier or at least one action ([0062] The ACL classifies packets based on a series of matching conditions. These conditions may be one or more features of the packets. The feature of the packet may include, for example, a source media access control (SMAC) address, a destination media access control (DMAC) address, a service provider virtual local area network (SVLAN), a customer virtual local area network (CVLAN), a priority (PRI), a source IP address, and a destination IP address of the packet. (network interface type) [0063] The layer 3 information may include, for example, a source IP address and a destination IP address. The advanced ACL can define rules based on layer 3 and layer 4 information of a data packet. The layer 4 information may include, for example, a protocol type and a protocol feature, for example, information of the UDP or TCP header ([0076] parse a UDP/TCP header of the packet to obtain a port number UDP/TCP ports, an interface type), of an IP bearer. The layer 2 ACL defines rules based on layer 2 information. The layer 2 information may include a source MAC address, a destination MAC address, a VLAN priority, a layer 2 protocol type, and the like. [0065] Different types of ACLs may be used to classify packets. A feature used to match a classification may be a 2-tuple, a 3-tuple, a 4-tuple, a 5-tuple (a source IP address, a source port number, a protocol number, a destination IP address, and a destination port number), or the like of a packet. [0069] In step S301, a network node may create a traffic profile for a specific flow. The traffic profile may be used to record the matching rule of traffic classification and a corresponding traffic behavior (an action). The traffic profile may include a traffic policy profile (or referred to as a traffic behavior profile) and a traffic classification profile. [0070] In step S302, the network node may deliver and store the created traffic profile in a ternary content addressable memory (TCAM) table of the network node).
WAN, McKEOWN and WU are silent about calculating a memory space needed in a CAM table entry to program a lookup of the at least one qualifier or the at least one action, and in response to determining that the calculated memory space exceeds a space available in the CAM table entry, performing at least one of terminating or modifying the generation of the corresponding feature in the CAM profile.
In analogous art, BHATTACHARYA teaches calculating a memory space needed in a CAM table entry to program a lookup of the at least one qualifier or the at least one action, and in response to determining that the calculated memory space exceeds a space available in the CAM table entry, performing at least one of terminating or modifying the generation of the corresponding feature in the CAM profile ([0101] Each member CB device and PE device can notify the master CB device, as part of a topology discovery extension, the capabilities of the TCAM processor of the device (e.g., a number of ACL rules the device can support). When the master CB device sends ACL programming requests to member CB devices and PE devices, the free space of the TCAM processors on such devices are utilized to program the new ACL rules. In response to such requests, each of the member CB devices and PE devices then notifies the master CB device of its respective remaining available free space of the TCAM processor (calculating a memory space). Based on the global snapshot view of available TCAM processor capabilities of the CB devices and PE devices in the extended bridge system, the master CB device determines whether to accept or reject ACL service provisioning requests (calculating a memory space needed in a CAM table entry to program a lookup of the at least one qualifier, and in response to determining that the calculated memory space exceeds the space available in the CAM table entry, performing at least one of terminating or modifying the generation of the corresponding feature in the profile) from network management administrators or internally from other routing/switching applications in the extended bridge system).
 Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to take the technique of BHATTACHARYA to the system of WAN, McKEOWN and WU in order to take the advantage of a method for enabling network nodes to have sufficient resources and processing capabilities to perform optimal forwarding of user traffic with service level agreement (SLA) guarantees, ensuring a high level of network quality of service, service availability, and overall performance and throughput (BHATTACHARYA: [0004]).

Regarding claim 21, WAN teaches based upon generating each corresponding feature in the profile: a CAM table to program a lookup for each corresponding feature in the CAM profile ([0062] The ACL classifies packets based on a series of matching conditions. These conditions may be one or more features of the packets. The feature of the packet may include, for example, a source media access control (SMAC) address, a destination media access control (DMAC) address, a service provider virtual local area network (SVLAN), a customer virtual local area network (CVLAN), a priority (PRI), a source IP address, and a destination IP address of the packet. (network interface type). [0069] In step S301, a network node may create a traffic profile for a specific flow. The traffic profile may be used to record the matching rule of traffic classification and a corresponding traffic behavior (an action). The traffic profile may include a traffic policy profile (or referred to as a traffic behavior profile) and a traffic classification profile. [0070] In step S302, the network node may deliver and store the created traffic profile in a ternary content addressable memory (TCAM) table of the network node).
WAN, McKEOWN and WU are silent about calculating the memory space needed in a CAM table to program a lookup for each corresponding feature in the profile, and in response to determining that the calculated memory space exceeds the space available in the CAM table, (performing) at least one of terminating or modifying the generating a CAM profile. 
In analogous art, BHATTACHARYA teaches calculating a memory space needed in a CAM table to program a lookup for each corresponding feature in the CAM profile, and in response to determining that the calculated memory space exceeds the space available in the CAM table, performing at least one of terminating or modifying the generation of the CAM profile ([0101] Each member CB device and PE device can notify the master CB device, as part of a topology discovery extension, the capabilities of the TCAM processor of the device (e.g., a number of ACL rules the device can support). When the master CB device sends ACL programming requests to member CB devices and PE devices, the free space of the TCAM processors on such devices are utilized to program the new ACL rules. In response to such requests, each of the member CB devices and PE devices then notifies the master CB device of its respective remaining available free space of the TCAM processor (calculating the memory space). Based on the global snapshot view of available TCAM processor capabilities of the CB devices and PE devices in the extended bridge system, the master CB device determines whether to accept or reject ACL service provisioning requests (calculating a memory space needed in a CAM table to program a lookup for each corresponding feature in the CAM profile, and in response to determining that the calculated memory space exceeds the space available in the CAM table, performing at least one of terminating or modifying the generation of the CAM profile) from network management administrators or internally from other routing/switching applications in the extended bridge system).
 Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to take the technique of BHATTACHARYA to the system of WAN, McKEOWN and WU in order to take the advantage of a method for enabling network nodes to have sufficient resources and processing capabilities to perform optimal forwarding of user traffic with service level agreement (SLA) guarantees, ensuring a high level of network quality of service, service availability, and overall performance and throughput (BHATTACHARYA: [0004]).


Claim 22 is rejected under 35 U.S.C. 103 as being unpatentable over Wan et al. (US 20210359939 A1, with priority of Chinese Patent Application No. CN 201910272143, of record, hereinafter ‘WAN’) in view of McKeown et al. ("OpenFlow: Enabling Innovation in Campus Networks", hereinafter ‘McKEOWN’) in view of Wu et al. (WO 2018045862 A1, machine translation, hereinafter ‘WU’) and with further in view of Gai et al. (US 6651096 B1, of record, hereinafter ‘GAI’).
Regarding claim 22, WAN, McKEOWN and WU are silent about wherein, prior to generating each corresponding feature in the profile: determining if the corresponding configuration feature is already present in the profile, in response to determining that the configuration feature is already present in the profile, omitting the incorporation of a cumulative configuration feature in the profile.
In an analogous art, GAI teaches wherein, prior to generating each corresponding feature in the profile: determining if the corresponding configuration feature is already present in the profile, in response to determining that the configuration feature is already present in the profile, omitting the incorporation of a cumulative configuration feature in the profile (Col 9 Lines 27-31: The ACL converter 424 then merges all of the ACLs assigned to each interface into a single, unified ACL and stores these single, unified ACLs in the TCAM 410 for subsequent use by the forwarding entity 404. (Fig. 12, Col 18 Lines 33-52, 59-64) If additional optimization is to be performed, an optimization technique is applied, as indicated at block 1212. This additional optimization is preferably performed using the Espresso boolean minimization program. The Espresso program basically takes as its input an un-optimized SOP function and produces, as its output, an optimized SOP function. Following the additional optimization step, the ACL converter preferably translates the optimized ACL from SOP to text-based ASCII format, as indicated at block 1214. Since the Espresso program is computational intensive to perform, it is preferably applied only to those ACLs that are relatively stable and critical to the network. The Espresso program is also described in R. Brayton, G. Hachtel, C. McMullen, A. Sangiovanni, Vincentelli Logic Minimization Algorithms for VLSI Synthesis (Kluwer Academic Publishers 1984). As shown, the off-line ACL optimization aspect of the present invention is able to eliminate redundant ACE statements in existing ACLs (in response to determining that the configuration feature is already present in the profile, omitting the incorporation of a cumulative configuration feature in the profile). Once optimized, the text-based ACLs can be evaluated by network devices more efficiently, thereby conserving memory and processor resources).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to take the technique of GAI to the system of WAN, McKEOWN and WU in order to take the advantage of a method for evaluating text-based ACLs by network devices more efficiently, thereby conserving memory and processor resources (GAI: Col 18 Lines 61-64).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Gupta et al. (US 7904642 B1), describing Method For Combining And Storing Access Control Lists

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAH M RAHMAN whose telephone number is (571)272-8951. The examiner can normally be reached 9:30AM-5:30PM PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, UN C CHO can be reached on 571-272-7919. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAH M RAHMAN/Primary Examiner, Art Unit 2413