DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This office action is in response to Applicant’s communication filed on 10/29/2021. Claims 1-20 have been examined.  

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 10/29/2021 was filed. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Objections
Claim 4 is objected to because of the following informalities: 
With regards to claim 4, the claim recites “ a requested to a database”. The examiner suggests amending the claim to recite  “a request to a database”. Appropriate correction is required.
Allowable Subject Matter
Claims 12-13 are  objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

	
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1,2,5,7,8,14,15,19,20 are rejected under 35 U.S.C. 102 (a1) as being anticipated by Zhuang et al. Patent No. US 8,289,968 B1 ( Zhuang hereinafter).

Regarding claim 1,

Zhuang teaches a method comprising: 
2receiving, by a network device configured to perform network address translation (NAT) 3operations, a packet that comprises a header, wherein the header indicates a source address of a 4first computing resource in a first network and a destination address of a second computing 5resource in a second network (Col.2, lines 10-15 The NAT modules may then receive packets. Each of these packets includes a new network address, which NAT modules translate using network address translation – Col.6, lines 25-35 - Once the IP addresses are allocated to end-user devices 16 using, for example, an address allocation protocol referred to as a dynamic host configuration protocol (DHCP), end-user devices 16 may access public network 14. To access public network 14, end-user devices 16 form L3 packets that include their respectively allocated IP address in a source address field of a header of the L3 packet and a destination address associated with a destination located in public network 14 in a destination address field in the header); 

6determining, by the network device, a pool of identifiers allocated for the first network 7and the second computing resource;  8identifying, by the network device and based on the header, a packet flow;  9determining, by the network device, that no identifier from the pool of identifiers has 10been allocated for the packet flow ((Col.2, lines 12-20 - To perform network address translation, the NAT modules allocate one of the NAT resources from its respective pre-allocated pool of NAT resources - Col.13, lines 35-70 - Distributed NAT module 22A receives the packet and again parses the above-noted five-tuple from this packet and performs a lookup in local NAT resource pool 26A using this five-tuple as a session identifier to determine whether NAT has been previously configured for this session – Assuming this is a new session, distributed NAT module 22A determines that NAT has not been previously configured for this session and thereby initiates first path operations to configure and perform NAT for this session. To configure NAT, distributed NAT module 22A attempts to allocate a NAT resource from its local NAT resource pool 26A to the session for use in obscuring the source network address and source port in the packet. Obscuring the source network address and source port refers to replacing the current source network address and source port specified in the header of the packet with the allocated NAT resource);


 11determining, by the network device, an identifier available to allocate for the packet flow 12from the pool of identifiers (Col.13, lines 35-70 - To allocate one of these NAT resources, distributed NAT module 22A first determines whether there are any NAT resources available for allocation in local NAT resource pool 26A. If there is an available NAT resource, distributed NAT module 22A updates an entry in local NAT resource pool corresponding to this available NAT resource to associate this available NAT resource with the parsed five-tuple, which again may represent a session identifier. Distributed NAT module 22A then performs network address translation to replace the source address and source port specified in the
header of the packet with the allocated NAT resource); and 


13performing, by the network device, a NAT operation on the packet based on the 14identifier, wherein performing the NAT operation comprises replacing at least a portion of the 15header of the packet with the identifier (Col.13, lines 35-70 -  Distributed NAT module 22A then performs network address translation to replace the source address and source port specified in the header of the packet with the allocated NAT resource, i.e., an 65 IP address assigned to router 18 and one of the 65536 ports in this example. As noted above, the combination of the source address and port uniquely identifies the session initiated by this one of end-user devices 16 that originated the packet so that upon receiving return traffic destined for this end-user devices 16 specifying this NAT resource, distributed NAT module 22A may resolve this NAT resource uniquely to this session initiated by the one of end-user devices 16, e.g., end-user device 16A. After performing network address translation to generate a modified packet, router 18 forwards this modified packet to its intended destination via one of IFCs 30 and its corresponding outbound link 40). 








Regarding claim 2,

Zhuang further teaches
wherein the identifier comprises at least one of a NAT source port or a NAT source internet protocol (IP) address (Abstract -  The NAT resources each include a network address and a network port number -  Col.2, lines 45-60 - defining a local pool of two or more unallocated NAT resources for use in performing network address translation but that have not yet been allocated for use in performing network address translation, wherein each of the NAT resources of the local pool of NAT resources includes a network address and a network port number).

Regarding claim 5,

Zhuang further teaches
storing, by the network device in one or more data structures, identifiers available to allocate from the pool of identifiers, the one or more data structures stored in a memory of the network device; and updating, by the network device, the one or more data structures to indicate that the identifier is allocated for the packet flow (Col.2,lines 50- 60 - storing, with one of the plurality of NAT modules executing in a network device, data defining a local pool of two or more unallocated NAT resources for use in performing network address translation but that have not yet been allocated for use in performing network address translation, wherein each of the NAT resources of the local pool of NAT resources includes a network address and a network port number – Col.15, lines 40-55 - distributed NAT module 22A typically secures one or more additional NAT resources and updates local NAT resource pool 26A, e.g., creates an entry in local NAT resource pool 26A corresponding to each of the one or more additional NAT resources. Distributed 45 NAT module 22A then allocates one of these additional NAT resources to the session, updates local NAT resource pool 26A to reflect the allocation of this additional NAT resource to this session and performs network address translation using the allocated NAT resources to obscure the source address and port specified in the header of the packet in the manner described above to generate a modified packet. Router 18 then forwards this modified packet via one of IFCs and outbound links 40 to its intended destination identified by the destination address in the header of the packet). 



Regarding claim 7,

Zhuang further teaches
storing, by the network device in a first data structure, first information indicating an allocation of the pool for packet flows between the first network and the second computing resource, the first data structure stored in a memory of the network device; and storing, by the network device in a second data structure, second information indicating an allocation of the identifier for the packet flow, the second data structure stored in the memory of the network device(Col.2,lines 50- 60 - storing, with one of the plurality of NAT modules executing in a network device, data defining a local pool of two or more unallocated NAT resources for use in performing network address translation but that have not yet been allocated for use in performing network address translation, wherein each of the NAT resources of the local pool of NAT resources includes a network address and a network port number – Col.15, lines 40-55 - distributed NAT module 22A typically secures one or more additional NAT resources and updates local NAT resource pool 26A, e.g., creates an entry in local NAT resource pool 26A corresponding to each of the one or more additional NAT resources. Distributed 45 NAT module 22A then allocates one of these additional NAT resources to the session, updates local NAT resource pool 26A to reflect the allocation of this additional NAT resource to this session and performs network address translation using the allocated NAT resources to obscure the source address and port specified in the header of the packet in the manner described above to generate a modified packet. Router 18 then forwards this modified packet via one of IFCs and outbound links 40 to its intended destination identified by the destination address in the header of the packet). 

Regarding claim 8,

Zhuang further teaches
storing, by the network device in one or more data structures, information indicating allocations of first identifiers from the pool to packet flows and a mapping of the first identifiers to corresponding NAT information; and 5determining, by the network device, NAT information mapped to the identifier based on the one or more data structures, wherein the NAT operation is performed based on the NAT information(Col.2,lines 50- 60 - storing, with one of the plurality of NAT modules executing in a network device, data defining a local pool of two or more unallocated NAT resources for use in performing network address translation but that have not yet been allocated for use in performing network address translation, wherein each of the NAT resources of the local pool of NAT resources includes a network address and a network port number – Col.15, lines 40-55 - distributed NAT module 22A typically secures one or more additional NAT resources and updates local NAT resource pool 26A, e.g., creates an entry in local NAT resource pool 26A corresponding to each of the one or more additional NAT resources. Distributed 45 NAT module 22A then allocates one of these additional NAT resources to the session, updates local NAT resource pool 26A to reflect the allocation of this additional NAT resource to this session and performs network address translation using the allocated NAT resources to obscure the source address and port specified in the header of the packet in the manner described above to generate a modified packet. Router 18 then forwards this modified packet via one of IFCs and outbound links 40 to its intended destination identified by the destination address in the header of the packet). 

Regarding claim 14,

Zhuang teaches a network device comprising:
2 one or more processors; and one or more memories storing computer-readable instructions that upon execution by the one or more processors, configure the network device to: receive a packet that comprises a header, wherein the header indicates a source address of a first computing resource in a first network and a destination address of a second computing resource in a second network (Col.2, lines 10-15 The NAT modules may then receive packets. Each of these packets includes a new network address, which NAT modules translate using network address translation – Col.6, lines 25-35 - Once the IP addresses are allocated to end-user devices 16 using, for example, an address allocation protocol referred to as a dynamic host configuration protocol (DHCP), end-user devices 16 may access public network 14. To access public network 14, end-user devices 16 form L3 packets that include their respectively allocated IP address in a source address field of a header of the L3 packet and a destination address associated with a destination located in public network 14 in a destination address field in the header); 

6 determine a pool of identifiers allocated for the first network and the second computing resource; identify a packet flow based on the header; determine that no identifier from the pool of identifiers has been allocated for the packet flow ((Col.2, lines 12-20 - To perform network address translation, the NAT modules allocate one of the NAT resources from its respective pre-allocated pool of NAT resources - Col.13, lines 35-70 - Distributed NAT module 22A receives the packet and again parses the above-noted five-tuple from this packet and performs a lookup in local NAT resource pool 26A using this five-tuple as a session identifier to determine whether NAT has been previously configured for this session – Assuming this is a new session, distributed NAT module 22A determines that NAT has not been previously configured for this session and thereby initiates first path operations to configure and perform NAT for this session. To configure NAT, distributed NAT module 22A attempts to allocate a NAT resource from its local NAT resource pool 26A to the session for use in obscuring the source network address and source port in the packet. Obscuring the source network address and source port refers to replacing the current source network address and source port specified in the header of the packet with the allocated NAT resource);


 11determine an identifier available to allocate for the packet flow 12from the pool of identifiers (Col.13, lines 35-70 - To allocate one of these NAT resources, distributed NAT module 22A first determines whether there are any NAT resources available for allocation in local NAT resource pool 26A. If there is an available NAT resource, distributed NAT module 22A updates an entry in local NAT resource pool corresponding to this available NAT resource to associate this available NAT resource with the parsed five-tuple, which again may represent a session identifier. Distributed NAT module 22A then performs network address translation to replace the source address and source port specified in the header of the packet with the allocated NAT resource); and 


13perform a NAT operation on the packet based on the 14identifier, wherein performing the NAT operation comprises replacing at least a portion of the 15header of the packet with the identifier (Col.13, lines 35-70 -  Distributed NAT module 22A then performs network address translation to replace the source address and source port specified in the header of the packet with the allocated NAT resource, i.e., an 65 IP address assigned to router 18 and one of the 65536 ports in this example. As noted above, the combination of the source address and port uniquely identifies the session initiated by this one of end-user devices 16 that originated the packet so that upon receiving return traffic destined for this end-user devices 16 specifying this NAT resource, distributed NAT module 22A may resolve this NAT resource uniquely to this session initiated by the one of end-user devices 16, e.g., end-user device 16A. After performing network address translation to generate a modified packet, router 18 forwards this modified packet to its intended destination via one of IFCs 30 and its corresponding outbound link 40). 

Regarding claim 15

Zhuang teaches 
wherein the identifier is determined by at least determining, based on a lookup of a database, that the identifier is allocable to the packet flow, wherein the database maintains information about identifiers allocated for packet flows processed by a plurality of network devices, the plurality of network devices including the network device receiving the packet(Col.2,lines 50- 60 - storing, with one of the plurality of NAT modules executing in a network device, data defining a local pool of two or more unallocated NAT resources for use in performing network address translation but that have not yet been allocated for use in performing network address translation, wherein each of the NAT resources of the local pool of NAT resources includes a network address and a network port number – Col.15, lines 40-55 - distributed NAT module 22A typically secures one or more additional NAT resources and updates local NAT resource pool 26A, e.g., creates an entry in local NAT resource pool 26A corresponding to each of the one or more additional NAT resources. Distributed 45 NAT module 22A then allocates one of these additional NAT resources to the session, updates local NAT resource pool 26A to reflect the allocation of this additional NAT resource to this session and performs network address translation using the allocated NAT resources to obscure the source address and port specified in the header of the packet in the manner described above to generate a modified packet. Router 18 then forwards this modified packet via one of IFCs and outbound links 40 to its intended destination identified by the destination address in the header of the packet). 
Regarding claim 19,

Zhuang teaches a system comprising: 
2 a first network device comprising: first one or more processors; and first one or more memories storing first computer-readable instructions that upon execution by the first one or more processors, configure the first network device to: receive a first packet that comprises a first header, wherein the first header indicates a source address of a first computing resource in a first network and a destination address of a second computing resource in a second network (Col.2, lines 10-15 The NAT modules may then receive packets. Each of these packets includes a new network address, which NAT modules translate using network address translation – Col.6, lines 25-35 - Once the IP addresses are allocated to end-user devices 16 using, for example, an address allocation protocol referred to as a dynamic host configuration protocol (DHCP), end-user devices 16 may access public network 14. To access public network 14, end-user devices 16 form L3 packets that include their respectively allocated IP address in a source address field of a header of the L3 packet and a destination address associated with a destination located in public network 14 in a destination address field in the header); 

6determine  a pool of identifiers allocated for the first network 7and the second computing resource;  8identify and based on the header, a packet flow;  9determine  that no identifier from the pool of identifiers has 10been allocated for the packet flow ((Col.2, lines 12-20 - To perform network address translation, the NAT modules allocate one of the NAT resources from its respective pre-allocated pool of NAT resources - Col.13, lines 35-70 - Distributed NAT module 22A receives the packet and again parses the above-noted five-tuple from this packet and performs a lookup in local NAT resource pool 26A using this five-tuple as a session identifier to determine whether NAT has been previously configured for this session – Assuming this is a new session, distributed NAT module 22A determines that NAT has not been previously configured for this session and thereby initiates first path operations to configure and perform NAT for this session. To configure NAT, distributed NAT module 22A attempts to allocate a NAT resource from its local NAT resource pool 26A to the session for use in obscuring the source network address and source port in the packet. Obscuring the source network address and source port refers to replacing the current source network address and source port specified in the header of the packet with the allocated NAT resource);


 11determine an identifier available to allocate for the packet flow 12from the pool of identifiers (Col.13, lines 35-70 - To allocate one of these NAT resources, distributed NAT module 22A first determines whether there are any NAT resources available for allocation in local NAT resource pool 26A. If there is an available NAT resource, distributed NAT module 22A updates an entry in local NAT resource pool corresponding to this available NAT resource to associate this available NAT resource with the parsed five-tuple, which again may represent a session identifier. Distributed NAT module 22A then performs network address translation to replace the source address and source port specified in the header of the packet with the allocated NAT resource); and 


13perform a NAT operation on the packet based on the 14identifier, wherein performing the NAT operation comprises replacing at least a portion of the 15header of the packet with the identifier (Col.13, lines 35-70 -  Distributed NAT module 22A then performs network address translation to replace the source address and source port specified in the header of the packet with the allocated NAT resource, i.e., an 65 IP address assigned to router 18 and one of the 65536 ports in this example. As noted above, the combination of the source address and port uniquely identifies the session initiated by this one of end-user devices 16 that originated the packet so that upon receiving return traffic destined for this end-user devices 16 specifying this NAT resource, distributed NAT module 22A may resolve this NAT resource uniquely to this session initiated by the one of end-user devices 16, e.g., end-user device 16A. After performing network address translation to generate a modified packet, router 18 forwards this modified packet to its intended destination via one of IFCs 30 and its corresponding outbound link 40). 







Regarding claim 20,

Zhuang teaches a system comprising: 
a second network device comprising: second one or more processors; and 4second one or more memories storing second computer-readable instructions that upon execution by the second one or more processors, configure the second network device to: receive a second packet that comprises a second header, wherein the second header indicates the source address of the first computing resource and the destination 9address of the second computing resource Fig.1, Col.2, lines 10-15 The NAT modules may then receive packets. Each of these packets includes a new network address, which NAT modules translate using network address translation – Col.6, lines 25-35 - Once the IP addresses are allocated to end-user devices 16 using, for example, an address allocation protocol referred to as a dynamic host configuration protocol (DHCP), end-user devices 16 may access public network 14. To access public network 14, end-user devices 16 form L3 packets that include their respectively allocated IP address in a source address field of a header of the L3 packet and a destination address associated with a destination located in public network 14 in a destination address field in the header); 


 identify the packet flow based on the second header; determine, based on a database, that the identifier has been allocated for the  packet flow, wherein the database is communicatively coupled with the first network device and the second network device((Col.2, lines 12-20 - To perform network address translation, the NAT modules allocate one of the NAT resources from its respective pre-allocated pool of NAT resources - Col.13, lines 35-70 - Distributed NAT module 22A receives the packet and again parses the above-noted five-tuple from this packet and performs a lookup in local NAT resource pool 26A using this five-tuple as a session identifier to determine whether NAT has been previously configured for this session – Assuming this is a new session, distributed NAT module 22A determines that NAT has not been previously configured for this session and thereby initiates first path operations to configure and perform NAT for this session. To configure NAT, distributed NAT module 22A attempts to allocate a NAT resource from its local NAT resource pool 26A to the session for use in obscuring the source network address and source port in the packet. Obscuring the source network address and source port refers to replacing the current source network address and source port specified in the header of the packet with the allocated NAT resource);


perform a second NAT operation on the second packet based on the identifier Col.13, lines 35-70 -  Distributed NAT module 22A then performs network address translation to replace the source address and source port specified in the header of the packet with the allocated NAT resource, i.e., an 65 IP address assigned to router 18 and one of the 65536 ports in this example. As noted above, the combination of the source address and port uniquely identifies the session initiated by this one of end-user devices 16 that originated the packet so that upon receiving return traffic destined for this end-user devices 16 specifying this NAT resource, distributed NAT module 22A may resolve this NAT resource uniquely to this session initiated by the one of end-user devices 16, e.g., end-user device 16A. After performing network address translation to generate a modified packet, router 18 forwards this modified packet to its intended destination via one of IFCs 30 and its corresponding outbound link 40). 




Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 3,4 are rejected under 35 U.S.C. 103 as being unpatentable over  Zhuang in view of Paunikar et al. Publication No. US 2020/0076765 A1 ( Paunikar hereinafter)

Regarding claim 3,

Zhuang further teaches
wherein determining the identifier comprises: selecting, by the network device, the identifier from the pool of identifiers; and determining, by the network device, that the identifier is allocable to the packet flow (Col.2, lines 12-20 - To perform network address translation, the NAT modules allocate one of the NAT resources from its respective pre-allocated pool of NAT resources - Col.13, lines 35-70 - Distributed NAT module 22A receives the packet and again parses the above-noted five-tuple from this packet and performs a lookup in local NAT resource pool 26A using this five-tuple as a session identifier to determine whether NAT has been previously configured for this session – Assuming this is a new session, distributed NAT module 22A determines that NAT has not been previously configured for this session and thereby initiates first path operations to configure and perform NAT for this session. To configure NAT, distributed NAT module 22A attempts to allocate a NAT resource from its local NAT resource pool 26A to the session for use in obscuring the source network address and source port in the packet. Obscuring the source network address and source port refers to replacing the current source network address and source port specified in the header of the packet with the allocated NAT resources)

wherein the database maintains information about identifiers allocated for packet flows processed by a plurality of network devices, the plurality of network devices including the network device receiving the packet Col. 8, lines 40-50 - For each received L3 packet, router 18 extracts the five-tuple from the header of the received L3 packet and performs a lookup in a table to determine whether it has previously configured NAT for the session identified by the extracted five-tuple. If router 18 has not previously configured NAT for this session – Col.12,lines 5-20 -Data plane 32B also include a session allocation module 34 that stores data defining a session mapping table 36 and maintains or otherwise edits, updates, deletes and creates entries within session mapping table 36 associating different ones of distributed NAT modules 22 with sessions for which NAT has been configured. In this sense, session allocation module 34 represents a module that maintains associations between distributed NAT modules 22 and sessions for which NAT has been previously configured. Session allocation module 34 Control unit 28 may be divided into three logical or physical also, in some instances, allocates sessions for which NAT has not yet been configured to one of distributed NAT modules);

However, Zhuang does not explicitly teach  

 determining, by the network device, that the identifier is allocable to the packet flow based on a request to a database and a response from the database, 

Paunikar teaches 


determining, by the network device, that the identifier is allocable to the packet flow based on a request to a database and a response from the database; wherein the database maintains information about identifiers allocated for packet flows processed by a plurality of network devices, the plurality of network devices including the network device receiving the packet (¶0037 -If the address selector module 150 determines that the packet type requires assigning a public IP address from the pool of available addresses then the address selector module will determine the data packet's destination address. The address selector module communicates with the address storage 170 to retrieve a public IP address. The destination address is then used to determine if the address-selection binding table 160 has an entry that corresponds to the destination address and the retrieved public IP address. If an entry does exist for the destination address, it means that the corresponding public IP address is being used for another session to the same destination by another network user and therefore this public IP address cannot be used for the current new data packet. In this instance, the address selector module will access the address storage for another public IP address. If no entry exists in the binding table for the destination address then the address selector module assigns the new public IP address to this destination address. Upon assignment of the new IP address, an entry is placed in the binding table to signify that the IP address corresponds to the destination address of the data packet) .

It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zhuang to include the teachings of Paunikar.  The motivation for doing so is to allow system to map assigned public IP addresses to destination addresses and only denies re-using the same public IP address if subsequent network users are connecting to the same destination address. Another advantage is that translation address allocation does not depend on the order in which a network host accesses the system and the order of entry does not determine if a network host is capable of creating a connection (¶ 0015 – Paunikar). 

Regarding claim 4,

Zhuang further teaches
wherein the identifier is a first identifier, wherein determining the identifier comprises:  selecting, by the network device, a second identifier from the pool of identifiers(Col.2, lines 12-20 - To perform network address translation, the NAT modules allocate one of the NAT resources from its respective pre-allocated pool of NAT resources - Col.13, lines 35-70 - Distributed NAT module 22A receives the packet and again parses the above-noted five-tuple from this packet and performs a lookup in local NAT resource pool 26A using this five-tuple as a session identifier to determine whether NAT has been previously configured for this session – Assuming this is a new session, distributed NAT module 22A determines that NAT has not been previously configured for this session and thereby initiates first path operations to configure and perform NAT for this session. To configure NAT, distributed NAT module 22A attempts to allocate a NAT resource from its local NAT resource pool 26A to the session for use in obscuring the source network address and source port in the packet. Obscuring the source network address and source port refers to replacing the current source network address and source port specified in the header of the packet with the allocated NAT resources)

However, Zhuang does not explicitly teach 


 sending, by the network device, a request to a database about the second identifier, wherein the database maintains information about identifiers allocated for packet flows processed by a plurality of network devices, the plurality of network devices including the network device receiving the packet; and receiving, by the network device from the database, a response indicating that the second identifier is unusable and indicating that the first identifier is allocable for the packet flow.  


Paunikar teaches 


sending, by the network device, a request to a database about the second identifier, wherein the database maintains information about identifiers allocated for packet flows processed by a plurality of network devices, the plurality of network devices including the network device receiving the packet; and receiving, by the network device from the database, a response indicating that the second identifier is unusable and indicating that the first identifier is allocable for the packet flow (¶ 0037 -If the address selector module 150 determines that the packet type requires assigning a public IP address from the pool of available addresses then the address selector module will determine the data packet's destination address. The address selector module communicates with the address storage 170 to retrieve a public IP address. The destination address is then used to determine if the address-selection binding table 160 has an entry that corresponds to the destination address and the retrieved public IP address. If an entry does exist for the destination address, it means that the corresponding public IP address is being used for another session to the same destination by another network user and therefore this public IP address cannot be used for the current new data packet. In this instance, the address selector module will access the address storage for another public IP address. If no entry exists in the binding table for the destination address then the address selector module assigns the new public IP address to this destination address. Upon assignment of the new IP address, an entry is placed in the binding table to signify that the IP address corresponds to the destination address of the data packet) .

It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zhuang to include the teachings of Paunikar.  The motivation for doing so is to allow system to map assigned public IP addresses to destination addresses and only denies re-using the same public IP address if subsequent network users are connecting to the same destination address. Another advantage is that translation address allocation does not depend on the order in which a network host accesses the system and the order of entry does not determine if a network host is capable of creating a connection (¶ 0015 – Paunikar). 

Claims 6,9,10  are rejected under 35 U.S.C. 103 as being unpatentable over  Zhuang in view of Takahashi et al. Publication No. US 2009/0103537 A1 (Takahashi hereinafter)


Regarding claim 6,

Zhuang further teaches
storing, by the network device in one or more data structures, the pool, first information indicating allocations of first identifiers from the pool to packet flows, second information indicating allocating second identifiers that are available from the pool and that have not been allocated yet; selecting, by the network device, the identifier based on the second information; and updating, by the network device, the one or more data structures to indicate that the identifier is allocated for the packet flow(Col.2,lines 50- 60 - storing, with one of the plurality of NAT modules executing in a network device, data defining a local pool of two or more unallocated NAT resources for use in performing network address translation but that have not yet been allocated for use in performing network address translation, wherein each of the NAT resources of the local pool of NAT resources includes a network address and a network port number – Col.15, lines 40-55 - distributed NAT module 22A typically secures one or more additional NAT resources and updates local NAT resource pool 26A, e.g., creates an entry in local NAT resource pool 26A corresponding to each of the one or more additional NAT resources. Distributed 45 NAT module 22A then allocates one of these additional NAT resources to the session, updates local NAT resource pool 26A to reflect the allocation of this additional NAT resource to this session and performs network address translation using the allocated NAT resources to obscure the source address and port specified in the header of the packet in the manner described above to generate a modified packet. Router 18 then forwards this modified packet via one of IFCs and outbound links 40 to its intended destination identified by the destination address in the header of the packet). 
However, Zhuang does not explicitly teach 

second information indicating an order of allocating second identifiers that are available from the pool and that have not been allocated yet; selecting, by the network device, the identifier based on the second information


Takahashi teaches 

second information indicating an order of allocating second identifiers that are available from the pool and that have not been allocated yet; selecting, by the network device, the identifier based on the second information (Fig.2 – shows second information indicating an order of allocating second addresses that are unused from the pool and that have not been allocated yet -¶ 0082 -  for example, a method is available by which unused addresses are managed in a list form. It is now assumed that a range of addresses to be allowed to be assigned to requests from a client is as shown by the address list 20001 shown in FIG. 2. Addresses that can be used as server addresses in an entry in the NAT table 225 are managed by using the current address list like the 20002 and addresses falling within the range shown in the 20001 list and not now being used are managed by using the unused address list like the 20003 list. In Step S401, one address is selected from the unused address list 20003 and is added to the currently-used address list 20002. Then, for the selected address to be added as a converting address, an entry is newly created in the NAT table 225). 

It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zhuang to include the teachings of Takahashi.  The motivation for doing so is to allow the system to select an address from unused address list in sequence so that the information can be stored in organized way.  This will help look up the address  quickly when a packet received.   
Regarding claim 9,

Zhuang further teaches
wherein determining that no identifier has been allocated for the packet flow comprises a first lookup of a first data structure that is stored in a memory of the network device and that indicates identifiers that have been allocated for packet flows, and wherein determining the identifier available to allocate for the packet flow comprises a second lookup of a second data structure that is stored in the memory and that indicates an allocable [..]  of available identifiers from the pool Col.2,lines 50- 60 - storing, with one of the plurality of NAT modules executing in a network device, data defining a local pool of two or more unallocated NAT resources for use in performing network address translation but that have not yet been allocated for use in performing network address translation, wherein each of the NAT resources of the local pool of NAT resources includes a network address and a network port number – Col.15, lines 40-55 - distributed NAT module 22A typically secures one or more additional NAT resources and updates local NAT resource pool 26A, e.g., creates an entry in local NAT resource pool 26A corresponding to each of the one or more additional NAT resources. Distributed 45 NAT module 22A then allocates one of these additional NAT resources to the session, updates local NAT resource pool 26A to reflect the allocation of this additional NAT resource to this session and performs network address translation using the allocated NAT resources to obscure the source address and port specified in the header of the packet in the manner described above to generate a modified packet. Router 18 then forwards this modified packet via one of IFCs and outbound links 40 to its intended destination identified by the destination address in the header of the packet). 
However, Zhuang does not explicitly teach a second lookup of a second data structure that is stored in the memory and that indicates an allocable sequence  of available identifiers from the pool
 Takahashi teaches 

second lookup of a second data structure that is stored in the memory and that indicates an allocable sequence  of available identifiers from the pool  (Fig.2 – shows second information indicating an order of allocating second addresses that are unused from the pool and that have not been allocated yet -¶ 0082 -  for example, a method is available by which unused addresses are managed in a list form. It is now assumed that a range of addresses to be allowed to be assigned to requests from a client is as shown by the address list 20001 shown in FIG. 2. Addresses that can be used as server addresses in an entry in the NAT table 225 are managed by using the current address list like the 20002 and addresses falling within the range shown in the 20001 list and not now being used are managed by using the unused address list like the 20003 list. In Step S401, one address is selected from the unused address list 20003 and is added to the currently-used address list 20002. Then, for the selected address to be added as a converting address, an entry is newly created in the NAT table 225). 

It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zhuang to include the teachings of Takahashi.  The motivation for doing so is to allow the system to select an address from unused address list in sequence so that the information can be stored in organized way.  This will help look up the address  quickly when a packet received.  

Regarding claim 10,

Zhuang does not explicitly teach 
wherein the second lookup indicates that the identifier is the next available identifier according to the allocable sequence
However, Takahashi teaches 

wherein the second lookup indicates that the identifier is the next available identifier according to the allocable sequence (Fig.2 – shows second information indicating a sequence  of allocating addresses that are unused from the pool and that have not been allocated yet -¶ 0082 -  for example, a method is available by which unused addresses are managed in a list form. It is now assumed that a range of addresses to be allowed to be assigned to requests from a client is as shown by the address list 20001 shown in FIG. 2. Addresses that can be used as server addresses in an entry in the NAT table 225 are managed by using the current address list like the 20002 and addresses falling within the range shown in the 20001 list and not now being used are managed by using the unused address list like the 20003 list. In Step S401, one address is selected from the unused address list 20003 and is added to the currently-used address list 20002. Then, for the selected address to be added as a converting address, an entry is newly created in the NAT table 225 – Note Fig.2 shows the selecting of address is in sequence as shown). 


It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zhuang to include the teachings of Takahashi.  The motivation for doing so is to allow the system to select an address from unused address list in sequence so that the information can be stored in organized way.  This will help look up the address  quickly when a packet received.  


Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over  Zhuang in view of Takahashi further in view of Paunikar


Regarding claim 11,

Zhuang does not explicitly teach 
wherein determining the identifier comprises: selecting, by the network device, the identifier based on the identifier being the next available identifier according to the allocable sequence; sending, by the network device to a database, an indication that the identifier is selected for allocation to the packet flow, wherein the database maintains information about identifiers allocated for packet flows processed by a plurality of network devices, the plurality of network devices including the network device receiving the packet; and receiving, by the network device from the database, an indication that the identifier is allocable.  


However, Takahashi teaches 
wherein determining the identifier comprises: selecting, by the network device, a different identifier based on the different identifier 3being the next available identifier according to the allocable sequence(Fig.2 – shows second information indicating a sequence  of allocating addresses that are unused from the pool and that have not been allocated yet -¶ 0082 -  for example, a method is available by which unused addresses are managed in a list form. It is now assumed that a range of addresses to be allowed to be assigned to requests from a client is as shown by the address list 20001 shown in FIG. 2. Addresses that can be used as server addresses in an entry in the NAT table 225 are managed by using the current address list like the 20002 and addresses falling within the range shown in the 20001 list and not now being used are managed by using the unused address list like the 20003 list. In Step S401, one address is selected from the unused address list 20003 and is added to the currently-used address list 20002. Then, for the selected address to be added as a converting address, an entry is newly created in the NAT table 225 – Note Fig.2 shows the selecting of address is in sequence as shown). 

It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zhuang to include the teachings of Takahashi.  The motivation for doing so is to allow the system to select an address from unused address list in sequence so that the information can be stored in organized way.  This will help look up the address  quickly when a packet received.

Paunikar teaches 
sending, by the network device to a database, an indication that the identifier is selected for allocation to the packet flow, wherein the database maintains information about identifiers allocated for packet flows processed by a plurality of network devices, the plurality of network devices including the network device receiving the packet; and receiving, by the network device from the database, an indication that the identifier is allocable (¶ 0037 -If the address selector module 150 determines that the packet type requires assigning a public IP address from the pool of available addresses then the address selector module will determine the data packet's destination address. The address selector module communicates with the address storage 170 to retrieve a public IP address. The destination address is then used to determine if the address-selection binding table 160 has an entry that corresponds to the destination address and the retrieved public IP address. If an entry does exist for the destination address, it means that the corresponding public IP address is being used for another session to the same destination by another network user and therefore this public IP address cannot be used for the current new data packet. In this instance, the address selector module will access the address storage for another public IP address. If no entry exists in the binding table for the destination address then the address selector module assigns the new public IP address to this destination address. Upon assignment of the new IP address, an entry is placed in the binding table to signify that the IP address corresponds to the destination address of the data packet) .
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zhuang in view of Takahashi to include the teachings of Paunikar.  The motivation for doing so is to allow system to map assigned public IP addresses to destination addresses and only denies re-using the same public IP address if subsequent network users are connecting to the same destination address. Another advantage is that translation address allocation does not depend on the order in which a network host accesses the system and the order of entry does not determine if a network host is capable of creating a connection (¶ 0015 – Paunikar). 

Claim 16 is  rejected under 35 U.S.C. 103 as being unpatentable over  Zhuang in view of Satapati et al. Patent No. US 7,814232 B2 ( Satapati hereinafter) 


Regarding claim 16

Zhuang does not explicitly teach 
wherein the execution of the computer-readable instructions further configures the network device to: synchronize a first data structure stored in a memory of the network device with a second data structure stored in the database, wherein the second data structure comprises the information about the identifiers allocated for the packet flows 
However, Satapati teaches 
wherein the execution of the computer-readable instructions further configures the network device to: synchronize a first data structure stored in a memory of the network device with a second data structure stored in the database, wherein the second data structure comprises the information about the identifiers allocated for the packet flows  ( Abstract - The gateway device notifies other gateway devices in the redundancy group of the mapping. A master mapping database or a local mapping database is updated whenever one of the gateway devices performs a translation - AVF/router 216 could send its new mapping(s) to all of the members of the redundancy group to allow them to update their own copies of the master mapping database – Col.9, lines 50-55 - the AVG maintains the master NAT mapping database for the redundancy group. Therefore, at step 425, the system 400 – See Also Fig. 4). 

It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zhuang to include the teachings of Satapati.  The motivation for doing so is to allow packets destined for a single IP address to be forwarded by multiple gateway devices which also work together to provide fail over services in the event of a gateway device failure using the updated master database.
Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over  Zhuang in view of Raney et al. Publication No. US 2016/0380848 A1 ( Raney hereinafter)  

Regarding claim 17

Zhuang further teaches 

wherein the execution of the computer-readable instructions further configures the network device to: store, in a [..]  storage, available pools and a first allocation sequence of the available pools; and store, in a first data structure, first information indicating a first allocation of the pool from the available pools for the first network and the second computing resource, wherein the first allocation is based on the first allocation sequence  (Col.7, lines 30-40 - Router 18 includes a central NAT management module 20 and a number of distributed NAT modules 22. Central NAT management module 20 represents a module responsible for storing data defining a central NAT resource pool 24 and assigning the NAT resources from this central NAT resource pool to distributed NAT modules 22 for their use in performing network address translation – Col.9, lines 10-20 - Router 18 includes a central NAT management module 20 and a number of distributed NAT modules 22. Central NAT management module 20 represents a module responsible for storing data defining a central NAT resource pool 24 and assigning the NAT resources from this central NAT resource pool to distributed NAT modules 22 for their use in performing network address translation – Col.16, lines 40-65 -- Central NAT management module 20, upon receiving these requests 42, allocates a batch of two or more NAT resources from central NAT resource pool 24 in response to each of these requests 42 (52). Central NAT management module 20 typically updates entries in central  NAT resource pool 24 to indicate that the allocated NAT resources are associated with a corresponding one of distributed NAT modules 22 as described above. Central NAT management module 20 generally allocates the batches of NAT resources by generating a respective one of responses 44 that specifies the batch of NAT resources and outputting these responses 44 to each of distributed NAT modules 22);
However, Zhuang does not explicitly teach  that the data structure is first ring buffer.  
Raney teaches 
A first  ring buffer ( ¶ 0047 -FIG. 5A is a block diagram of an example embodiment for the packet manager VM 320 that includes a packet state controller 504 and a memory access controller 508. It is also noted that the packet manager 420 within VM server 402 for FIG. 4 can be configured similarly to the example embodiments for packet manager 320 in FIGS. 5A-5B. As described above, the different VMs within the VM server 302 communicate with the packet manager VM 320 through a vNIC interface 322 to access the shared memory 328. In part, a virtual transmit (vTX) buffer 324 and a virtual receive buffer (vRX) 326 are used to facilitate these communications and storage of packet data within the shared memory 328. These buffers 324/326 can be implemented, for example, as ring buffers that store packet data for a particular number of packets. Storage of packet data begins at the first address within the receive ring buffer or the transmit ring buffer, and the next available address is used for data associated with subsequently received packets. Once the last address within the receive buffer or the transmit buffer is reached, the data for the next packet replaces the data at the first address within the ring buffer. This process continues as the packet manager 320 operates to process packet communications within the VM server 302 through the vNIC interface 322)

It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zhuang to include the teachings of Raney.  The motivation for doing so is to allow the system to use the ring buffer because the ring buffer uses fixed-size array that can be pre-allocated upfront and allows an efficient memory access pattern. 
Claim 18  is rejected under 35 U.S.C. 103 as being unpatentable over  Zhuang in view of Raney  further in view of Takahashi 


Regarding claim 18

Zhuang teaches wherein the execution of the computer-readable instructions further configures the network device to: store, in a [..] storage , available identifiers from the pool and a second allocation (Col.7, lines 30-40; Col.16, lines 40-65).  
However, Zhuang does not explicitly teach  that the storage is a second  ring buffer.  
Raney teaches 
 A second ring buffer ( ¶ 0047 -FIG. 5A is a block diagram of an example embodiment for the packet manager VM 320 that includes a packet state controller 504 and a memory access controller 508. It is also noted that the packet manager 420 within VM server 402 for FIG. 4 can be configured similarly to the example embodiments for packet manager 320 in FIGS. 5A-5B. As described above, the different VMs within the VM server 302 communicate with the packet manager VM 320 through a vNIC interface 322 to access the shared memory 328. In part, a virtual transmit (vTX) buffer 324 and a virtual receive buffer (vRX) 326 are used to facilitate these communications and storage of packet data within the shared memory 328. These buffers 324/326 can be implemented, for example, as ring buffers that store packet data for a particular number of packets. Storage of packet data begins at the first address within the receive ring buffer or the transmit ring buffer, and the next available address is used for data associated with subsequently received packets. Once the last address within the receive buffer or the transmit buffer is reached, the data for the next packet replaces the data at the first address within the ring buffer. This process continues as the packet manager 320 operates to process packet communications within the VM server 302 through the vNIC interface 322).

It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zhuang to include the teachings of Raney .  The motivation for doing so is to allow the system to use the ring buffer because the ring buffer uses fixed-size array that can be pre-allocated upfront and allows an efficient memory access pattern.
Takahashi teaches
wherein the execution of the computer-readable instructions further configures the network device to: store, in a second [..] storage, available identifiers from the pool and a second allocation sequence of the available identifier; and store, in a second data structure, second information indicating a second allocation of identifier for the packet flow, wherein the second allocation is based on the second allocation  sequence (Fig.2 – shows second information indicating a sequence  of allocating addresses that are unused from the pool and that have not been allocated yet -¶ 0082 -  for example, a method is available by which unused addresses are managed in a list form. It is now assumed that a range of addresses to be allowed to be assigned to requests from a client is as shown by the address list 20001 shown in FIG. 2. Addresses that can be used as server addresses in an entry in the NAT table 225 are managed by using the current address list like the 20002 and addresses falling within the range shown in the 20001 list and not now being used are managed by using the unused address list like the 20003 list. In Step S401, one address is selected from the unused address list 20003 and is added to the currently-used address list 20002. Then, for the selected address to be added as a converting address, an entry is newly created in the NAT table 225 – Note Fig.2 shows the selecting of address is in sequence as shown). 


It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Zhuang in view of Raney to include the teachings of Takahashi.  The motivation for doing so is to allow the system to select an address from unused address list in sequence so that the information can be stored in organized way.  This will help look up the address  quickly when a packet received.  













Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to YOUNES NAJI whose telephone number is (571)272-2659. The examiner can normally be reached Monday - Friday 8:30 AM -5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar A Louie can be reached on (571) 270-1684. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/YOUNES NAJI/Primary Examiner, Art Unit 2445