DETAILED ACTION
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This Office Action is in response to the communication filed on 3/29/2021.
Claims 1-21 have been canceled.
Claims 22-42 are pending for consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Specification
The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on6/23/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 22-42 are rejected under 35 U.S.C.101 because the claimed invention is directed to abstract ideas without significantly more.

	Step 1 Statutory Category:
		Claims 22-39 and 41-42 are directed to a machine. The claims are directed to statutory categories.
		Claim 40 is directed to a process. The claim is directed to statutory categories.
	Step 2A Prong 1 Judicial exception:
		The independent claims recite the following limitations which have been identified as reciting a Mental Process:
		Claim 1 recites “…control, by the router based on a service type of the layer-2 service, sending of the packet from the datapath toward the layer-2 firewall”.  
Claim 40 recites “…and controlling, by the router based on a service type of the layer-2 service, sending of the packet from the datapath toward the layer-2 firewall”.  
Claim 41 recites “…; and control, by the router, forwarding of the packet to the set of group members based on whether the packet, when received at the datapath from the layer-2 firewall, still has the indicator associated therewith”.  
These steps are mental processes that an ordinary person of skill in the art at the effective filing date can perform with or without pen and paper.  Controlling is merely basic human actions using observation, evaluation and determination applied on a general computer with generic hardware. As a result, the above claims are an abstract idea.
The dependent claims appear to further define the evaluations and observations being done to perform the analysis, and as such appear to further define the abstract idea itself.
	
	Step 2A Prong 2, additional elements that integrate into a practical application of the exception:
Claim 22, 40 and 42 further recite “receive, by a router including a datapath and a layer-2 firewall, a packet of a flow of a layer-2 service having a set of group members associated therewith, wherein the packet includes a layer-2 destination address unknown to the router; and sending of the packet from the datapath toward the layer-2 firewall.”. The additional steps of receiving and sending of the packet are considered as an insignificant extra-solution activity.   Claim 41 further recites “receive, by a router including a datapath and a layer-2 firewall, a packet of a flow of a layer-2 service having a set of group members associated therewith; provide, based on a packet type of the packet and a service type of the layer-2 service, the packet from the datapath to the layer-2 firewall such that the packet has an indicator associated therewith; receive, at the datapath from the layer-2 firewall, the packet; and forwarding…”.  These limitations are insignificant extra solution activities, See MPEP 2106.05(b)(I).  They’re merely activities for collecting, retrieving, sending data or simply an activity to perform some action.  Also, MPEP 2144.04 (V)(C) and In re Dulberg, 289 F.2d 522, 523, 129 USPQ 348, 349 (CCPA 1961), if it is desirable for any reason to write it to a separate subsection, it would be obvious to do so. As a result, an ordinary skilled person in the art would know the technology to interface with these remote services or the information is readily available for reference purpose to communicate with these external services.  The extra elements do not improve existing technology.  When taken individually or viewed as an ordered combination, the claims as a whole do not amount to significantly more than the abstract idea.

	Step 2B significantly more:
The recited computer apparatuses (i.e. the processors, memories) limitations appear to recite general purpose computer machines which are merely implementing the abstract idea within a computer environment and merely displaying the results of the abstract idea using generic display techniques.  See General purposes machine MPEP 2106.05(b)(I)
The receiving, providing and sending of the data packets appear to merely be gathering the particular data to be analyzed.  As such these claim limitations have been identified as extrasolution activities.  MPEP 2106.05(g) recites example activities that the courts have found to be insignificant extra-solution activity.  Bullet (i) under the Mere Data Gathering section of examples recites “i. Performing clinical tests on individuals to obtain input for an equation, In re Grams, 888 F.2d 835, 839-40; 12 USPQ2d 1824, 1827-28 (Fed. Cir. 1989);”.  The instant claims appear to be even broader than the recited example, in that the instant claims are merely receiving the data packet and analyzing the received data packet without providing any indication of how the controlling step is implemented in details.  As such these claim limitations appear to constitute activities the courts have ruled as insignificant extra-solution activities.
When taken individually or viewed as an ordered combination the independent claims and dependent claims as a whole do not appear to amount to significantly more than the abstract idea.  When read as a whole the claims appear to merely be implementing an activity traditionally done by humans within a computer environment.

Conclusion:
	Based on the above rational claims 22-42 have been deemed to ineligible subject matter under 35 USC 101.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 22, 24-31 and 37-41 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Ghosh et al. (US 7796593) (hereinafter Ghosh).

Regarding claim 22, Ghosh discloses an apparatus, comprising: at least one processor (Ghosh: see figure 2; and column 4 lines 14-27); and at least one memory including a set of instructions (Ghosh: see figure 2; and column 4 lines 14-27); wherein the set of instructions is configured to, when executed by the at least one processor, cause the apparatus to: receive, by a router including a datapath and a layer-2 firewall, a packet of a flow of a layer-2 service having a set of group members associated therewith (Ghosh: column 5 lines 1-29; and column 8 lines 9-22, “routing engine 26 maintains routing tables, executes routing protocols and controls user access to routing engine 26. Routing engine 26, as shown in FIG. 2, includes a plurality of modules, such as management module 34A, VPLS module 34B ("VPLS 34B"), firewall module 34C, policy module 34D, and protocols module 34E ("protocols 34E"). Management module 34A provides an interface by which an administrator, such as administrator 35 ("admin 35"), may interact with routine engine 26 to configure flood group 22. VPLS module 34B represents the VPLS protocol described above that routine engine 26 executes to support VPLS 17. Firewall module 34C represents firewall or more generally network security functionality that may monitor traffic flows traversing PE router 12A. Policy module 34D generates policies or rules based on input entered by modules 34A-34C, for example, that indicate specific operations PFEs 28 execute upon receiving messages or packets via IFCs 32”), wherein the packet includes a layer-2 destination address unknown to the router (Ghosh: column 5 lines 16-22; and column 13 lines 35-44, “A coupling may be considered "transparent" if, from the perspective of L2 networks 16, each L2 network 16 appears to directly connect to other L2 networks 16. In other words, L2 networks 16 need not perform any special functions, such as encapsulation of L2 packets (e.g., frames or cells) within L3 packets, or even be aware of SP network 14 in order to communicate between each other”… “unicast packets or L2 packets … VPLS domain 60A are to be flooded to VPLS domain 60B and AS 64 …”); and control, by the router based on a service type of the layer-2 service, sending of the packet from the datapath toward the layer-2 firewall (Ghosh: see figure 2, items 26, 28A…28N and 39; and column 8 lines 9-22, “monitor traffic flows traversing PE router 12A. Policy module 34D generates policies or rules based on input entered by modules 34A-34C,”).
Regarding claim 40, claim 40 discloses a method claim that is substantially equivalent to the apparatus of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 40 and rejected for the same reasons.
Regarding claim 41, claim 41 discloses an apparatus claim that is substantially equivalent to the apparatus of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 41 and rejected for the same reasons.
Regarding claim 24, Ghosh discloses wherein, to control the sending of the packet from the datapath toward the layer-2 firewall, the set of instructions is configured to, when executed by the at least one processor, cause the apparatus to: send, by the router based on a determination that the service type of the layer-2 service is indicative that the layer-2 service is a virtual private wire service, the packet from the datapath toward the layer-2 firewall (Ghosh: column 7 lines 42-62, “Once associated, PE router 12A may forward the L2 packet to every other interface card, which based on the associated flood group ID, either forwards or drops the L2 packet. In the instance of a flood group ID indicating flood group 22, only those interfaces that couple to CE router 18N-18Z may forward the L2 packet and all other interfaces, such as those interfaces that couple to SP network 14, drop the L2 packet.”).
Regarding claim 25, Ghosh discloses wherein, to control the sending of the packet from the datapath toward the layer-2 firewall, the set of instructions is configured to, when executed by the at least one processor, cause the apparatus to: send, by the router based on a determination that the service type of the layer-2 service is indicative that the layer-2 service is a virtual private local area network service, the packet from the datapath toward the layer-2 firewall such that the packet has associated therewith an indication that the packet is associated with the virtual private local area network service (Ghosh: column 7 lines 42-62, “PE router 12A by providing flood group 22 may enable a wide variety of flooding schemes, each of which can be tailored to suit particular requirements of a network, application, device, etc. Moreover, flood group 22 enables PE router 12A to conserve resources within SP network 14 by allowing SP network 14 to eliminate unnecessary multicasting, as in the above example where the L2 communication from L2 network 16A was not multicast to L2 networks 16C, 16D and only multicast to L2 network 16B”).
Regarding claim 26,  Ghosh discloses wherein the indication that the packet is associated with the virtual private local area network service includes at least one bit in a firewall header added to the packet for transporting the packet from the datapath to the layer-2 firewall (Ghosh: column 2 lines 54-67, “The packet forwarding engines, upon receiving a L2 packet via VPLS, associate the L2 packet with the flood group based on the flood group policies. That is, the packet forwarding engine accesses the flood group policies to determine whether the L2 packet meets the criteria embodied in the policies. If not, the L2 packet is not associated with the flood group. If so, the L2 packet is associated with the flood group by, for example, tagging, stamping, or otherwise indicating within the L2 packet or accompanying status information a flood group ID. The packet forwarding engines forward the L2 packet to each of the other packet forwarding engines, which parse the L2 packet to extract the flood group ID. Using the flood group ID as a key, the packet forwarding engines perform a lookup in the policies to determine the set of interface cards that forward the L2 packet. The packet forwarding engines flood the L2 packet via the determined set of forwarding interface cards.”).
Regarding claim 27, Ghosh discloses wherein the set of instructions is configured to, when executed by the at least one processor, cause the apparatus to: receive, by the router at the layer-2 firewall from the datapath, the packet having associated therewith the indication that the packet is associated with the virtual private local area network service; and determine, by the router at the layer-2 firewall based on a set of firewall rules of the layer-2 firewall, whether the flow of the layer-2 service is restricted or allowed (Ghosh: column 10 lines 11-20, “Notably, each of PFEs 28B-28M receive the tagged L2 packet via switch fabric 30 but upon performing the lookup in respective policies 39B, each of these PFEs 28B-28M determine that none of their respective IFCs 32 are designated within policies 39B as the forwarding set of IFCs by flood group 22 and therefore these PFEs 28B-28M drop the tagged L2 packet. Thus, as described above, PE router 12A may either manually and/or automatically configure a flood group 22 to facilitate finer control over forwarding within a VPLS domain, such as VPLS domain 17.”).
Regarding claim 28, Ghosh discloses wherein the set of instructions is configured to, when executed by the at least one processor, cause the apparatus to: retain, by the router for the packet based on a determination by the layer-2 firewall that the flow of the layer-2 service is restricted, the indication that the packet is associated with the virtual private local area network service (Ghosh: column 8 lines 32-41; and column 10 lines 1-10); and provide, by the router from the layer-2 firewall to the datapath, the packet such that the packet still has associated therewith the indication that the packet is associated with the virtual private local area network service (Ghosh: column 8 lines 32-41, “Routing engine 26 couples to each of PFEs 28 via a dedicated link 38. PFEs 28 are each responsible for forwarding packets received by their respective IFCs 32. Protocols 34E may, after determining the network topology, resolve the network topology into forwarding information 36A, which routing engine 26 via dedicated link 38 loads onto PFEs 28. Forwarding information 36A may specify "next hops" by indicating an address of the next routing device to which PFEs 28 forward a message received from a particular address.”).
Regarding claim 29, Ghosh discloses wherein the set of instructions is configured to, when executed by the at least one processor, cause the apparatus to: forward, by the router based on a determination that the packet received at the datapath from the layer-2 firewall still has associated therewith the indication that the packet is associated with the virtual private local area network service, the packet toward a subset of the group members of the layer-2 service that are independent of a set of firewall rules of the layer-2 firewall for the flow of the layer-2 service (Ghosh: column 8 lines 32-41 and column 10 lines 1-10, “Considering that flood group 22 specifies that all messages received via IFCs 32A-32M of PFE 28A are to be forwarded via IFCs 32A-32M of PFE 28N, the lookup by PFE 28N succeeds in returning a set of IFCs including IFCs 32A-32M of PFE 28N. Again, policies 39B may indicate the set of IFCs 32A-32M of PFE 28N by referencing each port number assigned to these IFCs 32. PFE 28N removes any tags, including the flood group IDs, associated with the L2 packet and forwards the L2 packet via IFCs 32A-32M of PFE 28N to CE routers 18N-18Z”).
Regarding claim 30, Ghosh discloses wherein the set of instructions is configured to, when executed by the at least one processor, cause the apparatus to: remove, by the router for the packet based on a determination by the layer-2 firewall that the flow of the layer-2 service is allowed, the indication that the packet is associated with the virtual private local area network service; and provide, by the router from the layer-2 firewall to the datapath, the packet such that the packet no longer has associated therewith the indication that the packet is associated with the virtual private local area network service (Ghosh: column 4 lines 1-40, “detecting a match, associate the L2 packet with one of the VPLS flood groups having criteria that matched contents of the packet, and outputs copies of the L2 packet from each interface card of the network device specified by the flood group having the matching criteria.”).
Regarding claim 31, Ghosh discloses wherein the set of instructions is configured to, when executed by the at least one processor, cause the apparatus to: forward, by the router based on a determination that the packet received at the datapath from the layer-2 firewall no longer has associated therewith the indication that the packet is associated with the virtual private local area network service, the packet toward each of the group members of the layer-2 service (Ghosh: column 4 lines 1-40; and column 11 lines 53-65, “detecting a match, associate the L2 packet with one of the VPLS flood groups having criteria that matched contents of the packet, and outputs copies of the L2 packet from each interface card of the network device specified by the flood group having the matching criteria.”…“map matching packets to an appropriate group index (See above "then {flood-group-index&lt;group-idx&gt;;}"). The filter is applied to packets as they enter PE router 12A and if a match is found, the filter associates the packets with a particular flood group (See above "flood-group-index &lt;group-idx&gt;"). Upon receipt of the tagged packets, PFEs 28 access a "group-map" to determine the appropriate forwarding IFCs 32 corresponding to the assigned flood group ID”).
Regarding claim 37, Ghosh discloses wherein the set of instructions is configured to, when executed by the at least one processor, cause the apparatus to: receive, by the router, a packet of a layer-3 control protocol (Ghosh: column 4 lines 1-40, “detecting a match, associate the L2 packet with one of the VPLS flood groups having criteria that matched contents of the packet, and outputs copies of the L2 packet from each interface card of the network device specified by the flood group having the matching criteria.”); and determine, by the router based on a control list, whether to forward the packet from the datapath toward the layer-2 firewall (Ghosh: column 4 lines 1-40, “detecting a match, associate the L2 packet with one of the VPLS flood groups having criteria that matched contents of the packet, and outputs copies of the L2 packet from each interface card of the network device specified by the flood group having the matching criteria.”).
Regarding claim 38, Ghosh discloses wherein the control list includes a customer control list (Ghosh: column 9 lines 23-40, “Assuming for purposes of illustration that IFCs 32A-32M of PFE 28A couple to respective CE routers 18A-18M of FIG. 1 and that flood group 22 specifies the above assumed exemplary flooding scheme, PFE 28A, upon receiving an L2 packet from CE routers 18A via IFC 32A, may apply policies 39B to the L2 packet. Policies 39B cause PFE 28A in this instance to determine whether the L2 packet was received via one of IFCs 32A-32M of PFE 28A. PFE 28A may identify IFCs 32A-32M by a port number assigned to each of IFCs 32A-32M, and upon receipt of the L2 packet, may associate the media access control (MAC) address specified in the L2 packet with the port number of the receiving one of IFCs 32A-32M. Thus, policy 39B corresponding to flood group 22 may specify a port number that PFE 28A may use as criteria to determine if flood group 22 applies. Because the L2 packet was received via a port number specified by the criteria of policies 39B, PFE 28A associates flood group 22 with the L2 packet.”).
Regarding claim 39, Ghosh discloses wherein the control list is based on at least one of a set of one or more control protocols or a set of port combinations (Ghosh: column 9 lines 23-67; and column 10 lines 1-10, “Assuming for purposes of illustration that IFCs 32A-32M of PFE 28A couple to respective CE routers 18A-18M of FIG. 1 and that flood group 22 specifies the above assumed exemplary flooding scheme, PFE 28A, upon receiving an L2 packet from CE routers 18A via IFC 32A, may apply policies 39B to the L2 packet. Policies 39B cause PFE 28A in this instance to determine whether the L2 packet was received via one of IFCs 32A-32M of PFE 28A. PFE 28A may identify IFCs 32A-32M by a port number assigned to each of IFCs 32A-32M, and upon receipt of the L2 packet, may associate the media access control (MAC) address specified in the L2 packet with the port number of the receiving one of IFCs 32A-32M. Thus, policy 39B corresponding to flood group 22 may specify a port number that PFE 28A may use as criteria to determine if flood group 22 applies. Because the L2 packet was received via a port number specified by the criteria of policies 39B, PFE 28A associates flood group 22 with the L2 packet.”).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 42 is rejected under 35 U.S.C. 103 as being unpatentable over Ghosh in view of Ghosh in view of GOYAL et al. (US 20220078119) (hereinafter GOYAL).
Regarding claim 42, Ghosh discloses an apparatus, comprising: at least one processor; and at least one memory including a set of instructions (Ghosh: see figure 2; and column 4 lines 14-27); wherein the set of instructions is configured to, when executed by the at least one processor, cause the apparatus to:
receive, by a router including a queue configured to support communications between a datapath of the router and a layer-2 firewall of the router, a packet of a flow of a layer-2 service having a set of group members associated therewith (Ghosh: column 5 lines 1-29; and column 8 lines 9-22, “routing engine 26 maintains routing tables, executes routing protocols and controls user access to routing engine 26. Routing engine 26, as shown in FIG. 2, includes a plurality of modules, such as management module 34A, VPLS module 34B ("VPLS 34B"), firewall module 34C, policy module 34D, and protocols module 34E ("protocols 34E"). Management module 34A provides an interface by which an administrator, such as administrator 35 ("admin 35"), may interact with routine engine 26 to configure flood group 22. VPLS module 34B represents the VPLS protocol described above that routine engine 26 executes to support VPLS 17. Firewall module 34C represents firewall or more generally network security functionality that may monitor traffic flows traversing PE router 12A. Policy module 34D generates policies or rules based on input entered by modules 34A-34C, for example, that indicate specific operations PFEs 28 execute upon receiving messages or packets via IFCs 32”), wherein the packet includes a layer-2 destination address unknown to the router (Ghosh: column 5 lines 16-22; and column 13 lines 35-44, “A coupling may be considered "transparent" if, from the perspective of L2 networks 16, each L2 network 16 appears to directly connect to other L2 networks 16. In other words, L2 networks 16 need not perform any special functions, such as encapsulation of L2 packets (e.g., frames or cells) within L3 packets, or even be aware of SP network 14 in order to communicate between each other”… “unicast packets or L2 packets … VPLS domain 60A are to be flooded to VPLS domain 60B and AS 64 …”); and
send, by the router Ghosh: see figure 2, items 26, 28A…28N and 39; and column 8 lines 9-22, “monitor traffic flows traversing PE router 12A. Policy module 34D generates policies or rules based on input entered by modules 34A-34C,”).
Ghosh does not explicitly disclose the following limitation which is disclosed by GOYAL, send, by a device based on detection of a queue condition associated with the queue, the packet (GOYAL: paragraph 0027, “If an upstream prior hop network interface device receives the bitmap or indicator of paused queues and identifies transmission from a queue or queues is to be paused or its transmit rate is to be reduced, then the upstream prior hop network interface device can pause or reduce transmit rate of the identified queue(s)”).
Ghosh and GOYAL are analogous art because they are from the same field of endeavor, network devices that route packets within computer networks. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ghosh and GOYAL before him or her, to modify the system of Ghosh to include sending, by a device based on detection of a queue condition associated with the queue, a packet of GOYAL.  The suggestion/motivation for doing so would have been to support backpressure flow control for per-hop and per-flow congestion control (GOYAL: paragraph 0010).

Claim 23 is rejected under 35 U.S.C. 103 as being unpatentable over Ghosh in view of Varadhan et al. (US 20100043068) (hereinafter Varadhan).
Regarding claim 23, Ghosh does not explicitly disclose the following limitation which is disclosed by Varadhan, wherein the set of instructions is configured to, when executed by the at least one processor, cause the apparatus to: send, by the router based on a determination that firewall session state information for the flow does not exist in the datapath when the packet is received, the packet from the datapath toward the layer-2 firewall (Varadhan: paragraphs 0040, 0048 and 0060, “Flow control unit 118 references flow filter table 104 as described above to determine whether a received packet corresponds to a trusted packet flow that may be processed via a straight path (i.e., bypassing service cards 120 entirely), or whether the received packet corresponds to an unknown or untrusted packet flow session and should therefore be sent to one of service cards 120 for further inspection and application of firewall services. Upon application of firewall services, service cards 120 may provide feedback to flow control unit 118 via service card communication module”).  
Ghosh and Varadhan are analogous art because they are from the same field of endeavor, network devices that route packets within computer networks. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ghosh and Varadhan before him or her, to modify the system of Ghosh to include sending a packet from a datapath toward a layer-2 firewall of Varadhan.  The suggestion/motivation for doing so would have been to achieve zone-based firewall services that allow zone-based security policies to be defined and applied for the different network interfaces of the firewall (Varadhan: paragraph 0012).

Claims 32-36 are rejected under 35 U.S.C. 103 as being unpatentable over Ghosh in view of GOYAL et al. (US 20220078119) (hereinafter GOYAL).
Regarding claim 32, Ghosh does not explicitly disclose the following limitation which is disclosed by GOYAL, wherein the set of instructions is configured to, when executed by the at least one processor, cause the apparatus to: support, by the router based on a queue, transport of traffic between the datapath and the layer-2 firewall (GOYAL: paragraphs 0010, 0017 and 0043, “per-hop and per-flow congestion control can take place in a data center or among multiple data centers by allocating a queue to store packets of a single flow, pausing a flow by pausing a particular queue at a prior hop network device.”).
Ghosh and GOYAL are analogous art because they are from the same field of endeavor, network devices that route packets within computer networks. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Ghosh and GOYAL before him or her, to modify the system of Ghosh to include supporting, by the router based on a queue, transport of traffic of GOYAL.  The suggestion/motivation for doing so would have been to support backpressure flow control for per-hop and per-flow congestion control (GOYAL: paragraph 0010).
Regarding claim 33, Ghosh as modified discloses wherein the set of instructions is configured to, when executed by the at least one processor, cause the apparatus to: send, by the router based on a status of the queue, the packet toward a subset of the group members of the layer-2 service that are independent of a set of firewall rules of the layer-2 firewall for the flow of the layer-2 service without sending the packet to the layer-2 firewall (GOYAL: paragraphs 0017 and 0027, “prior hop devices can communicate their queue status to avoid deadlocks caused by potential packet drops. An example pseudo code for communicating which queues are to be paused and which queues are not to be paused can be as follows.”).  The same motivation to modify Ghosh in view of GOYAL, as applied in claim 32 above, applies here.
Regarding claim 34, Ghosh as modified discloses wherein the status of the queue is indicative that the queue is unable to accommodate the packet (GOYAL: paragraphs 0017 and 0027, “prior hop devices can communicate their queue status to avoid deadlocks caused by potential packet drops. An example pseudo code for communicating which queues are to be paused and which queues are not to be paused can be as follows.”).  The same motivation to modify Ghosh in view of GOYAL, as applied in claim 32 above, applies here.
Regarding claim 35, Ghosh as modified discloses wherein the set of instructions is configured to, when executed by the at least one processor, cause the apparatus to: send, by the router based on the status of the queue, the packet toward the layer-2 firewall using the queue (GOYAL: paragraphs 0017 and 0027, “prior hop devices can communicate their queue status to avoid deadlocks caused by potential packet drops. An example pseudo code for communicating which queues are to be paused and which queues are not to be paused can be as follows.”).  The same motivation to modify Ghosh in view of GOYAL, as applied in claim 32 above, applies here.
Regarding claim 36, Ghosh as modified discloses wherein the status of the queue is indicative that the queue is able to accommodate the packet (GOYAL: paragraphs 0017 and 0027, “prior hop devices can communicate their queue status to avoid deadlocks caused by potential packet drops. An example pseudo code for communicating which queues are to be paused and which queues are not to be paused can be as follows.”).  The same motivation to modify Ghosh in view of GOYAL, as applied in claim 32 above, applies here.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740. The examiner can normally be reached Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TRANG T DOAN/Primary Examiner, Art Unit 2431