DETAILED ACTION
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2.	This communication is in response to the Continuation Application filed on June 28, 2021, in which claims 1-20 have been presented for examination.
Status of Claims
3.	Claims 1-20 are pending, all of which are rejected under 35 U.S.C. 103.  Claims 1-20 are also subject to a Double Patenting rejection.
Priority
4.	Examiner has acknowledged Applicants’ claim for the benefit of prior-filed U.S. Non-Provisional Patent Application Serial No. 16/219,929, filed December 13, 2018.
Information Disclosure Statement
5.	The information disclosure statement, filed June 28, 2021, is in compliance with the provisions of 37 CFR 1.97, 1.98 and MPEP § 609.  It has been placed in the application file, and the information referred to therein has been considered as to the merits.
Claim Rejections - 35 USC § 103
6.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
7.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:	A patent for a claimed invention may not be obtained, notwithstanding that the 	claimed invention is not identically disclosed as set forth in section 102, if the 	differences between the claimed invention and the prior art are such that the 	claimed invention as a whole would have been obvious before the effective 	filing date of the claimed invention to a person having ordinary skill in the art to 	which the claimed invention pertains. Patentability shall not be negated by the 	manner in which the invention was made.
8.	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
9.	Claims 1-3, 5-16 and 18-26 are rejected under 35 U.S.C. 103 as being unpatentable over Alpert et al. (United States Patent Application Publication No. US 2018/0109606 A1), hereinafter “Alpert” in view of Rao et al. (United States Patent Application Publication No. US 2019/0238633 A1), hereinafter “Rao” in view of Luft et al. (United States Patent Application Publication No. US 2009/0086651 A1), hereinafter “Luft”.
	Regarding claim 11, Alpert discloses a system comprising:	data processing hardware (wherein as Alpert discloses embodiments in computer hardware) (Alpert, paragraphs [0040]-[0041]); and	memory hardware in communication with the data processing hardware, the memory hardware storing instruction that when executed on the data processing hardware cause the data processing hardware to perform operations comprising (wherein Alpert further discloses a tangible non transitory storage medium comprising one or more computer programs, i.e., one or more modules of computer program instructions encoded thereon) (Alpert, paragraphs [0040] and [0044]):	identifying a middlebox receiving network flow and communicating with one or more backend virtual machines (virtual machine hosts, virtual routers, or other network entities monitor network traffic flows and report flow statistics to a control plane. See in particular, virtual routers 301, 302 of FIG. 3. Again, Alpert teaches that on startup, each virtual router communicates with the control plane 200 (See FIG. 2) of the virtual network to let the control plane know that the router is ready to serve network traffic. The control plane keeps a list of virtual routers in the virtual network and information about each router including the location and the status of the virtual router) (Alpert, FIGS. 2 and 3, paragraphs [0018], [0024] and [0029]);	receiving flow statistics corresponding to the network flow of the middlebox (again, reporting flow statistics) (Alpert, paragraph [0024]);	determining whether the flow statistics satisfy an offload rule, the offload rule indicating when to migrate the network flow from the middlebox to an end host (control plane receives flow statistics from network entities and can offload flows from virtual routers that meet offload criteria) (Alpert, paragraphs [0028] and [0030]); and	when the flow statistics satisfy the offload rule, migrating the network flow from the middlebox to the end host (again, offloading based on flow statistics and other offload criteria/rules being satisfied) (Alpert, paragraphs [0028], [0030] and [0032]).	Alpert does not explicitly disclose a middlebox receiving network flow between virtual network endpoints in a virtual network layer, performing stateful network functions in the virtual network layer using the received network flow between the virtual network endpoints, and communicating with one or more backend virtual machines corresponding to the virtual network endpoints.	In analogous art, however, Rao discloses a middlebox receiving network flow between virtual network endpoints in a virtual network layer (wherein endpoints 208 of FIG. 2 can include any communication device or component including virtual machines, containers, or virtual processes (e.g., running on a virtual machine). As further shown in FIG. 3, Rao teaches an example network environment 300 in which automatic load balancing techniques of the disclosed technology can be implemented. In particular, the middle box traffic flow segment collector 310 can be implemented on a virtual machine or container either residing at middle box 306A or 306N and/or remote from the middle boxes 306) (Rao, FIGS. 2 and 3, paragraphs [0069], [0079] and [0086]), and communicating with one or more backend virtual machines corresponding to the virtual network endpoints (wherein again, the middle box traffic flow segment collector 310 can be implemented on a virtual machine and remote from the middleboxes 306A and 306N) (Rao, FIG. 3, paragraph [0086]).	Alpert and Rao are analogous art because they are from the same problem solving area, namely, tracking and managing network traffic flow statistics.	Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Alpert and Rao before him or her, to modify the virtual routers of Alpert to include the additional limitations of a middlebox receiving network flow between virtual network endpoints in a virtual network layer, and communicating with one or more backend virtual machines corresponding to the virtual network endpoints, as disclosed in Rao, with reasonable expectation that this would result in a system of virtual routers and dynamic offloading having the added benefit of improved traffic flow dynamics (See Rao, paragraph [0095]).  This method of improving the network traffic routing system of Alpert and was well within the ordinary ability of one of ordinary skill in the art based on the teachings of Rao.	Therefore, it would have been obvious to one having ordinary skill in the art to combine the teachings of Alpert with Rao to obtain the invention as specified in claim 11.  Alpert-Rao does not explicitly disclose performing stateful network functions using the received network flow.	However in an analogous art, Luft discloses performing stateful network functions using a received network flow (wherein Luft discloses a multi-level packet classification scheme executed within a network service node 305 (See FIG. 6), as well as specific components of a distributed compute environment 700 for implementing a multi-level classification hierarchy 702 illustrated in FIG. 7. In particular, as packets arrive and enter service node 305, a first level of classification occurs in the data plane, which Luft refers to as flow classification, and includes matching upon N fields (or N-tuples) of a packet to determine which classification rule to apply and then executing an action associated with the matched classification rule. Traffic blades (TBs) 410 perform flow classification in the data plane as a prerequisite to packet forwarding and/or determining whether extended classification is necessary by compute blades (CBs) 415 (shown in FIGS. 4 and 5) in the control plane. Based upon the flow classification, TBs 410 may simply forward the traffic, drop the traffic, bifurcate the traffic, intercept the traffic, or otherwise. If a TB 410 determines that a bifurcation classification criteria (bifurcation filter 615A) has been matched, the TB 410 will generate a copy of the packet that is sent to one of CBs 415 for extended classification, and forward the original packet towards its destination. If a TB 410 determines that an interception classification criteria (interception filter 615B) has been matched, the TB 410 will divert the packet to one of CBs 415 for extended classification and application processing prior to forwarding the packet to its destination. CBs 415 perform extended classification via deep packet inspection (DPI) to further identify application level classification rules to apply to the received packet flows, which includes inspecting the bifurcated or intercepted packets at the application level to determine to which application 620 a packet flow should be routed. FIG. 7 is a functional block diagram illustrating the specific components of a distributed compute environment 700 for implementing the multi-level classification hierarchy 702, and includes compute node instances (CNIs) 705 and traffic blades (TBs) 710. CNIs 705 may be implemented by CNIs 505 while TBs 710 may be implemented by TBs 410. As further illustrated in FIG. 7, the CNIs 705 each include an application router 720 and network applications 725 executing therein. The illustrated embodiment of TBs 710 each include an access control unit 735, a flow router 740, and a classifier 745 executing therein. Application router 720 performs extended classification over and above the flow classification performed by flow router 740 to determine to which of network applications 725 a packet that has been elevated to the control plane should be routed. Luft teaches that extended classification may include DPI to inspect packet data at layers 5 through 7 of the OSI model. In other words, application router 720 may not merely inspect header data, but also payload data, of which may carry various signatures of application protocols or application data upon which extended classification criteria is matched against) (Luft, FIGS. 6 and 7, paragraphs [0041]-[0045] and [0051]).	Alpert-Rao and Luft are analogous art because they are from the same problem solving area, namely, tracking and managing network traffic flow statistics.	Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Alpert-Rao and Luft before him or her, to modify the virtual routers of Alpert-Rao to include the additional limitation of performing stateful network functions using a received network flow, as disclosed in Luft, with reasonable expectation that this would result in a system of virtual routers and dynamic offloading having the added benefit of a stateful tracking of protocols that may be considered a stateful application awareness mechanism, thereby enabling applications to apply application specific rules to the network traffic, on a per subscriber basis (Luft, paragraph [0043]).  This method of improving the network traffic routing system of Alpert-Rao and was well within the ordinary ability of one of ordinary skill in the art based on the teachings of Luft.	Therefore, it would have been obvious to one having ordinary skill in the art to combine the teachings of Alpert-Rao with Luft to obtain the invention as specified in claim 11.
	As to claim 12, Alpert-Rao-Luft teaches the system of claim 11, wherein the middlebox comprises at least one of a network address translator (NAT), a load balancer, or a firewall (wherein the routers can be load balancers, as Alpert teaches that the hosts can load-balance packets across routers that they determine to be healthy according to the results of the health checks) (Alpert, paragraph [0038]).  The motivation regarding the obviousness of claim 11 is also applied to claim 12.
	Regarding claim 13, Alpert-Rao-Luft discloses the system of claim 12, wherein the middlebox is associated with a single network device configured to perform network routing (again, the virtual router) (Alpert, paragraph [0029]).  The motivation regarding the obviousness of claim 11 is also applied to claim 13.
	Regarding claim 14, Alpert-Rao-Luft discloses the system of claim 11, wherein migrating the network flow from the middlebox to the end host comprises initiating an end-host connection table at the end host (further teaching preprogrammed direct routes installed between sending hosts and destination hosts) (Alpert, paragraph [0036]).  The motivation regarding the obviousness of claim 11 is also applied to claim 14.
	Regarding claim 15, Alpert-Rao-Luft discloses the system of claim 11, wherein migrating the network flow from the middlebox to the end host comprises:	initiating an end-host connection table at the end host (again, utilizing the preprogrammed routes between sending hosts and destination hosts) (Alpert, paragraph [0036]);	identifying a network connection request received at the end host (once offloaded, traffic only going directly through end hosts) (Alpert, paragraph [0036]);	determining that the network connection request corresponds to a new network connection (the new connection) (Alpert, paragraph [0036]);	updating the end-host connection table with the new network connection (at least impliedly, as within removing a flow) (Alpert, paragraph [0037]); and	controlling the network flow for the new network connection at the end host (again, using the new flow/route) (Alpert, paragraphs [0036]-[0037]).  The motivation regarding the obviousness of claim 11 is also applied to claim 15.
	Regarding claim 16, Alpert-Rao-Luft discloses the system of claim 14, wherein migrating the network flow from the middlebox to the end host comprises:	initiating an end-host connection table at the end host (again, utilizing the preprogrammed routes between sending hosts and destination hosts) (Alpert, paragraph [0036]);	identifying a network connection request received at the end host (once offloaded, traffic only going directly through end hosts) (Alpert, paragraph [0036]);	determining that the network connection request corresponds to an existing network connection not present in the end-host connection table (again, offloading, if needed) (Alpert, paragraph [0034]); and	communicating the network flow for the existing network connection from the end host to the middlebox (through the new virtual router) (Alpert, paragraph [0038]).  The motivation regarding the obviousness of claim 11 is also applied to claim 16.
	Regarding claim 17, Alpert-Rao-Luft discloses the system of claim 16, wherein migrating the network flow from the middlebox further comprises:	transferring a middlebox connection table from the middlebox to the end host (again, migrating the flow to the end hosts) (Alpert, paragraph [0036]); and	when the middlebox connection table is transferred from the middlebox to the end host, ceasing communication between the end host and the middlebox (again, only through end hosts) (Alpert, paragraph [0036]).  The motivation regarding the obviousness of claim 11 is also applied to claim 17.
	Regarding claim 18, Alpert-Rao-Luft discloses the system of claim 11, wherein the operations further comprise, after migrating the network flow from the middlebox to the end host:	determining, a reduction in the network flow to the end host during a period of time (also teaching migrating back for various reasons including determining that the offloaded flow is no longer needed) (Alpert, paragraph [0037]); and	migrating the network flow from the end host to the middlebox (again, migrating back) (Alpert, paragraph [0037]).  The motivation regarding the obviousness of claim 11 is also applied to claim 18.
	Regarding claim 19, Alpert-Rao-Luft discloses the system of claim 11, wherein the middlebox is configured to communicate with the one or more backend virtual machines based on consistent hashing (wherein to split the traffic, the host might hash an n-tuple flow key that defines a flow and use the hash to choose a router) (Alpert, paragraph [0021]).  The motivation regarding the obviousness of claim 11 is also applied to claim 19.
	Regarding claim 20, Alpert-Rao-Luft discloses the system of claim 11, wherein migrating the network flow from the middlebox to the end host further comprises:	identifying that a first health characteristic of each backend virtual machine of the one or more backend virtual machines communicating with the middlebox indicates a healthy state (wherein programmable software switch on each host can establish a connection to each virtual router in its local cluster and use inline health checks to detect failures) (Alpert, paragraph [0038]); and	determining that a second health characteristic corresponding to the end host matches the healthy state of the first health characteristic (again, the hosts load-balancing packets across routers that they determine to be healthy according to the results of the health checks) (Alpert, paragraph [0038]).  The motivation regarding the obviousness of claim 11 is also applied to claim 20.
	Claims 1-10 include “method” claims that perform limitations substantially as described in “system” claims 11-20, and do not appear to contain any additional features with regard to novelty and/or inventive step; therefore, they are rejected under the same rationale.
Double Patenting
10.	The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).	A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).	The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
11.	Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-25 of U.S. Patent No. US 11,070,475 B2, hereinafter “475”.  Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1-20 of the instant Application are anticipated by claims 1-25 of 475.
	Regarding claim 1 of the instant Application, claim 1 recites, “A computer-implemented method when executed by data processing hardware causes the data processing hardware to perform operations comprising:	identifying a middlebox receiving network flow between virtual network endpoints in a virtual network layer, performing stateful network functions in the virtual network layer using the received network flow between the virtual network endpoints, and communicating with one or more backend virtual machines corresponding to the virtual network endpoints;	receiving flow statistics corresponding to the network flow of the middlebox;	determining whether the flow statistics satisfy an offload rule, the offload rule indicating when to migrate the network flow from the middlebox to an end host; and	when the flow statistics satisfy the offload rule, migrating the network flow from the middlebox to the end host”.
	Claim 1 of 475 recites “A method comprising:	identifying, by data processing hardware, a middlebox receiving network flow between virtual network endpoints in a virtual network layer, performing stateful network functions in the virtual network layer using the received network flow between the virtual network endpoints, and communicating with one or more backend virtual machines corresponding to the virtual network endpoints, the middlebox comprising a load balancer configured to balance network load between network connections and the one or more backend virtual machines, the load balancer comprising a connection table mapping each network connection to a corresponding one of the one or more backend virtual machines;	receiving, at the data processing hardware, flow statistics corresponding to the network flow of the middlebox;	determining, by the data processing hardware, whether the flow statistics satisfy an offload rule, the offload rule indicating when to migrate the network flow from the middlebox to an end host; and	when the flow statistics satisfy the offload rule, migrating, by the data processing hardware, the network flow from the middlebox to the end host”.
	Clearly from the plain text, each and every limitation of independent claim 1 of the instant Application is within claim 1 of 475 and therefore claim 1 of the instant Application is anticipated by claim 1 of 475.  Therefore, Claim 1 is unpatentable under Non-statutory Anticipatory-type Double Patenting.  Similar reasoning applies to claims 2-20.
Conclusion
12.	Further references of interest are cited on Form PTO-892, which is an attachment to this Office Action.  For instance, WANG (USPGPUB 2018/0373961), hereinafter “WANG” discloses a system and method for deploying graphical diagram topologies.  In particular, FIG. 2 illustrates an example graphical topology 200, according to an embodiment.  As shown, graphical topology 200 is a topology of a software-defined network.  WANG teaches that software-defined networks may have multi-tier architectures with different transport nodes connected to provide overlay logical networking functions.  WANG further notes that it is often helpful to diagram how these pieces are connected together in order to understand how data flows between components of the software-defined networks such as logical routers, logical switches, and virtual middleboxes providing NAT, firewall, load balancing, VPN, and the like.
13.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to KOSTAS J. KATSIKIS whose telephone number is (571)270-5434. The examiner can normally be reached Monday-Friday, 9:00am-5:00pm.	Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Wing F. Chan can be reached on 571-272-7493. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.	Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KOSTAS J KATSIKIS/Primary Examiner, Art Unit 2441