DETAILED ACTION
Claims status
In response to the application filed on 08/02/2021, claims 1-20 are currently pending for the examination. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Notice of Pre-AIA  or AIA  Status
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Drawings
Drawing figures submitted on 08/02/2021 have been reviewed and accepted.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious before the effective filing date of the claimed invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103(a) are summarized as follows:  (See MPEP Ch. 2141)
a)	Determining the scope and contents of the prior art;
b)	Ascertaining the differences between the prior art and the claims in issue;
c)	Resolving the level of ordinary skill in the pertinent art; and
d)	Evaluating evidence of secondary considerations for indicating obviousness or nonobviousness.

Claims 1-10, and 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Brandwine et al. (US 2017/0353394 A1) in view of Varadhan et al. (US 2010/0043068 A1).
Regarding claim 1; Brandwine discloses a controller device comprising: a network interface; and a control unit (See Fig. 2: Resource manager 205) comprising at least one processor configured to: 
allocate a subset of resources of an underlay network (See Fig. 2: the resource manager 205 to determine to allocate computing resources; ¶. [0030], and see also figure 6 and step 615 for allocation process. See ¶. [0061]) to each of one virtual network (See Fig. 2: ¶. [0030]) established over the underlay network (See Fig. 2: network 240), wherein the subset of resources allocated to a respective virtual network includes one physical node (See Fig. 3A: a virtual network including several virtual computing resources allocated in subnet A 302 and subnet B 303, such as computing nodes and/or network devices.; ¶. [0039]) and one physical link of the underlay network (See Fig. 3s: the allocated virtual computing resource behaves similarly to a physical computing resource located on a physical subnet having a similar topology to the virtual subnet. For example, logically, X and Y are placed in a separate subnet from Z, thus the administrator expects that communications between the nodes can be restricted or controlled through the communications path between the separate subnets, for example, through the placement of firewalls F1 310 and F2 312 or other network devices on the communications path. ¶. [0040]) to be used by the respective virtual network (See Fig. 4:  In some embodiments, the network topology comprises a network layout, traffic rules for the network, bandwidth for nodes and/or links, latency, and/or other characteristics of the network topology. ¶. [0043]. Note: Allocated virtual resources includes bandwidth, link, traffic and etc.), and 
send advertisements of the subset of resources to a plurality of provider edge (PE) routers (See Fig. 1: the computing system to connect with multiple edge routers 125; ¶. [0019]) that are participating in the respective virtual network as a restricted view (See Fig. 3A: The virtual network can comprise multiple virtual subnets, in which communication between subnets may be restricted or controlled, for example, by using firewalls, network filtering devices, and/or network monitoring devices, which may be virtual devices. ¶. [0034]) of the underlay network for the respective virtual network (See Figs. 2 and 3: the respective virtual subnet or networks of network 240; ¶. [0035]) to indicate the subset of resources (See Figs. 3s: the computing resources are provided to the customers. ¶. [0039]) within the underlay network (Brandwine: The core routers 130 a-130 c manage communications within the interconnection network 120, such as by routing or otherwise forwarding packets or other data transmissions as appropriate based on characteristics of such data transmissions. ¶. [0019]) that are available to the plurality of PE routers to perform routing services for the respective virtual network (Brandwine: multiple physical networking devices, such as switches 115 a-115 b, edge router devices 125 a-125 c, and core router devices 130 a-130 c. Switch 115 a is part of a physical sub-network that includes physical computing systems 105 a-105 c, and is connected to edge router 125 a. ¶. [0019]. Note: Edge routers and routing devices are PE routers under the BRI).
Even though, Brandwine teaches the core network 120 have communications with multiple edge routers 125, Brandwine doesn’t explicitly discuss the method of advertising the subset resources to provider edge (PE) routers in the virtual network.
However, Varadhan discloses the method of advertising the subset resources to provider edge (PE) routers in the virtual network (See Fig. 1: communicating routing protocols, i.e., subset resources, to PE routers 10s; ¶. [0032-0034]).
The rationale of combining the Brandwine and Varadhan is that Varadhan’s distributing routing protocols or resources throughout the PE routers could be apparently implemented into Brandwine’s method of allocation virtual resources before transmitting to the PE routers.
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention was made to provide advertising the subset resources to provider edge (PE) routers in the virtual network as taught by Varadhan to have incorporated in the system of Brandwine, so that it would provide multiple advantages including analysis of the MPLS traffic carried over a VPN, detecting MPLS-aware, Application security scanning and so on. See Varadhan: ¶. [0015-0016].
[Office’s Note: Because of the alternative claim language such as “one or more”, only one of the alternative limitations has been analyzed by the examiner].

Regarding claim 2; Brandwine in view of Varadhan discloses the controller device of claim 1, wherein the control unit is configured to advertise the subset of resources to the plurality of PE routers using Border Gateway Protocol-Link State (BGP-LS) advertisements (Brandwine: See Fig. 1: edge routers for BGP advertisements: ¶. [0019]), and (Varadhan: see ¶. [0032]).

Regarding claim 4; Brandwine discloses the controller device wherein the control unit is configured to allocate the subset of resources to the respective virtual network based on source information, destination information, and classification information for traffic of the respective virtual network (See ¶. [0019]: The core routers 130 a-130 c manage communications within the interconnection network 120, such as by routing or otherwise forwarding packets or other data transmissions as appropriate based on characteristics of such data transmissions (e.g., header information including source and/or destination addresses, protocol identifiers, etc.) and/or the characteristics of the interconnection network 120 itself (e.g., routes based on the physical network topology, etc.).

Regarding claim 5; Brandwine in view of Varadhan discloses the controller device of claim I, wherein the control unit is configured to allocate the subset of resources to the respective virtual network with a PE router level of granularity. (See Fig. 12: ¶. [0107]).

Regarding claim 6; Brandwine discloses the controller device of claim 1, wherein the subset of resources allocated to the respective virtual network is one of dedicated to the respective virtual network or shared between the respective virtual network and at least one other virtual network (See Fig. 3s: respective virtual subnets; ¶. [0039]).
Regarding claim 7; Brandwine discloses the controller device of claim 1, wherein the one virtual network comprise one or more virtual private networks (See Figs. 3s: ¶. [0040]).

Regarding claim 8; Brandwine discloses the controller device of claim 1, wherein the one virtual network comprise multiple network slices on top of the underlay network (See Figs. 3s: computing nodes 304, 306, and 308; ¶. [0039]), wherein each of the multiple networks slices is configured with different performance and scaling properties (See Figs. 3s: ¶. [0039-0040]).

Regarding claim 9; Brandwine in view of Varadhan discloses the controller device of claim 1, wherein the underlay network comprises an Internet Protocol (IP) fabric of nodes and links. (Varadhan: ¶. [0033]).

Regarding claim 10. The controller device of claim 1, wherein the underlay network comprises a wide area network (WAN) that includes one or more autonomous systems. (The interconnection network 120; ¶. [0019]).


Regarding claim 11; Brandwine discloses a router comprising: 
a plurality of network interfaces; and
a control unit comprising one processor configured to:
	receive an advertisement of the subset of resources an underlay network (See Fig. 2: the resource manager 205 to determine to allocate computing resources; ¶. [0030], and see also figure 6 and step 615 for allocation process and providing resources to customers. See ¶. [0061]) allocated to a virtual network in which the router is participating (See Fig. 2: ¶. [0030] and network 240), wherein the subset of resources allocated to a respective virtual network includes one physical node (See Fig. 3A: a virtual network including several virtual computing resources allocated in subnet A 302 and subnet B 303, such as computing nodes and/or network devices.; ¶. [0039]) and one physical link of the underlay network (See Fig. 3s: the allocated virtual computing resource behaves similarly to a physical computing resource located on a physical subnet having a similar topology to the virtual subnet. For example, logically, X and Y are placed in a separate subnet from Z, thus the administrator expects that communications between the nodes can be restricted or controlled through the communications path between the separate subnets, for example, through the placement of firewalls F1 310 and F2 312 or other network devices on the communications path. ¶. [0040]) to be used by the respective virtual network (See Fig. 4:  In some embodiments, the network topology comprises a network layout, traffic rules for the network, bandwidth for nodes and/or links, latency, and/or other characteristics of the network topology. ¶. [0043]. Note: Allocated virtual resources includes bandwidth, link, traffic and etc.),
generate a restricted view of the underlay network based on the advertisement (See Fig. 3s: the allocated virtual computing resource behaves similarly to a physical computing resource located on a physical subnet… and thus the administrator expects that communications between the nodes can be restricted or controlled through the communications path between the separate subnets. ¶. [0040]) to indicate the subset of resources within the underlay network that are available to the router to perform routing services for the virtual network (See Fig. 2: the resource manager 205 to determine to allocate computing resources; ¶. [0030], and see also figure 6 and step 615 for allocation process. See ¶. [0061]) to each of one virtual network (See Fig. 2: ¶. [0030]); and 
perform routing services for the virtual network based on the restricted view of the underlay network. (See Fig. 3A: The virtual network can comprise multiple virtual subnets, in which communication between subnets may be restricted or controlled, for example, by using firewalls, network filtering devices, and/or network monitoring devices, which may be virtual devices. ¶. [0034] and see also Figs. 2 and 3 for the respective virtual subnet or networks of network 240; ¶. [0035]).
Even though, Brandwine teaches the core network 120 have communications with multiple edge routers 125, Brandwine doesn’t explicitly discuss the method of advertising the subset resources to provider edge (PE) routers in the virtual network.
However, Varadhan discloses the method of advertising the subset resources to provider edge (PE) routers in the virtual network (See Fig. 1: communicating routing protocols, i.e., subset resources, to PE routers 10s; ¶. [0032-0034]).
The rationale of combining the Brandwine and Varadhan is that Varadhan’s distributing routing protocols or resources throughout the PE routers could be apparently implemented into Brandwine’s method of allocation virtual resources before transmitting to the PE routers.
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention was made to provide advertising the subset resources to provider edge (PE) routers in the virtual network as taught by Varadhan to have incorporated in the system of Brandwine, so that it would provide multiple advantages including analysis of the MPLS traffic carried over a VPN, detecting MPLS-aware, Application security scanning and so on. See Varadhan: ¶. [0015-0016].
[Office’s Note: Because of the alternative claim language such as “one or more”, only one of the alternative limitations has been analyzed by the examiner].


Regarding claim 13: Brandwine discloses the router of claim 11, wherein, to perform routing services, the control unit is configured to generate a routing table and a forwarding table for the virtual network using only the subset of resources available in the restricted view of the underlay network. (Brandwine: The resource manager 205 can store a plurality of RPTs 210, with one or more RPTs for each customer. In one embodiment, a RPT is an entry or entries in a lookup table or database. ¶. [0029]). (Varadhan: using flow table for packet routing. ¶. [0049]).

Regarding claim 14; Brandwine discloses the router of claim 11, wherein, to receive the advertisement indicating the subset of resources, the control unit is configured to determine that the advertisement includes a route target (RT) that identifies the virtual network in which the router is participating. (Brandwine: routing or otherwise forwarding packets or other data transmissions as appropriate based on characteristics of such data transmissions (e.g., header information including source and/or destination addresses. ¶. [0019]).

Regarding claim 15; Brandwine discloses the router, wherein, to receive the advertisement indicating the subset of resources, the control unit is configured to receive the advertisement from a route reflector that uses RT constraints. (Brandwine: the access constraints of the subnet, such as the subnet's access policies and/or topology constraints, such that the computing resource behaves as if it were located on the subnet. ¶. [0031]).

Regarding claim 16; Brandwine discloses a method comprising:  
Allocating, by a controller device, a subset of resources of an underlay network (See Fig. 2: the resource manager 205 to determine to allocate computing resources; ¶. [0030], and see also figure 6 and step 615 for allocation process. See ¶. [0061]) to each of one virtual network (See Fig. 2: ¶. [0030]) established over the underlay network (See Fig. 2: network 240), wherein the subset of resources allocated to a respective virtual network includes one physical node (See Fig. 3A: a virtual network including several virtual computing resources allocated in subnet A 302 and subnet B 303, such as computing nodes and/or network devices.; ¶. [0039]) and one physical link of the underlay network (See Fig. 3s: the allocated virtual computing resource behaves similarly to a physical computing resource located on a physical subnet having a similar topology to the virtual subnet. For example, logically, X and Y are placed in a separate subnet from Z, thus the administrator expects that communications between the nodes can be restricted or controlled through the communications path between the separate subnets, for example, through the placement of firewalls F1 310 and F2 312 or other network devices on the communications path. ¶. [0040]) to be used by the respective virtual network (See Fig. 4:  In some embodiments, the network topology comprises a network layout, traffic rules for the network, bandwidth for nodes and/or links, latency, and/or other characteristics of the network topology. ¶. [0043]. Note: Allocated virtual resources includes bandwidth, link, traffic and etc.), and 
Sending , bye controller device, advertisements of the subset of resources to a plurality of provider edge (PE) routers (See Fig. 1: the computing system to connect with multiple edge routers 125; ¶. [0019]) that are participating in the respective virtual network as a restricted view (See Fig. 3A: The virtual network can comprise multiple virtual subnets, in which communication between subnets may be restricted or controlled, for example, by using firewalls, network filtering devices, and/or network monitoring devices, which may be virtual devices. ¶. [0034]) of the underlay network for the respective virtual network (See Figs. 2 and 3: the respective virtual subnet or networks of network 240; ¶. [0035]) to indicate the subset of resources (See Figs. 3s: the computing resources are provided to the customers. ¶. [0039]) within the underlay network (Brandwine: The core routers 130 a-130 c manage communications within the interconnection network 120, such as by routing or otherwise forwarding packets or other data transmissions as appropriate based on characteristics of such data transmissions. ¶. [0019]) that are available to the plurality of PE routers to perform routing services for the respective virtual network (Brandwine: multiple physical networking devices, such as switches 115 a-115 b, edge router devices 125 a-125 c, and core router devices 130 a-130 c. Switch 115 a is part of a physical sub-network that includes physical computing systems 105 a-105 c, and is connected to edge router 125 a. ¶. [0019]. Note: Edge routers and routing devices are PE routers under the BRI).
Even though, Brandwine teaches the core network 120 have communications with multiple edge routers 125, Brandwine doesn’t explicitly discuss the method of advertising the subset resources to provider edge (PE) routers in the virtual network.
However, Varadhan discloses the method of advertising the subset resources to provider edge (PE) routers in the virtual network (See Fig. 1: communicating routing protocols, i.e., subset resources, to PE routers 10s; ¶. [0032-0034]).
The rationale of combining the Brandwine and Varadhan is that Varadhan’s distributing routing protocols or resources throughout the PE routers could be apparently implemented into Brandwine’s method of allocation virtual resources before transmitting to the PE routers.
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention was made to provide advertising the subset resources to provider edge (PE) routers in the virtual network as taught by Varadhan to have incorporated in the system of Brandwine, so that it would provide multiple advantages including analysis of the MPLS traffic carried over a VPN, detecting MPLS-aware, Application security scanning and so on. See Varadhan: ¶. [0015-0016].

Regarding claim 17; Brandwine in view of Varadhan discloses the method wherein the control unit is configured to advertise the subset of resources to the plurality of PE routers using Border Gateway Protocol-Link State (BGP-LS) advertisements (Brandwine: See Fig. 1: edge routers for BGP advertisements: ¶. [0019]), and (Varadhan: see ¶. [0032]).

Allowable Subject Matter
Claims 3, 12 and 18-20 are objected to as being dependent upon the rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Chen (US 10708125 B1).
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAI AUNG whose telephone number is (571)272-3507.  The examiner can normally be reached on Monday-Friday, Alt Fridays, 7:30 AM- 5:00 PM (EST). 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Noel Beharry can be reached on 571-270-5630.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SAI AUNG/
Primary Examiner, Art Unit 2416