DETAILED ACTION
This office action is in response to the application filed on 02/25/2021.
Claims 1-20 are presented for examination.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 02/25/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 3-5, 9, 10, 13, 16, 18, 20  is/are rejected under 35 U.S.C. 103 as being unpatentable over Ermagan et al. (hereinafter Ermagan, US 2017/0026417 A1) in view of Jain et al. (hereinafter Jain, US 2018/0367337 A1). 
Regarding Claim 1, Ermagan discloses A method (Ermagan: para.0068) comprising: 
at one or more computing devices which implement a map server / map resolver (MS/MR) (Ermagan: para.0238 Fig. 2, it can be seen that the system consists of a mapping server, and a policy resolver, para.0238 shows “Presented herein is a policy resolver (LISP MAP resolver) forming part of an iVPN system”) 
of a Locator ID Separation Protocol (LISP) control plane (Ermagan: para.0145 “The coupling of NSH and LISP, in accordance with various ones of the embodiments disclosed herein, may allow NSH to take advantage of the scalability and dynamic nature of the LISP control plane”) 
for use in an enterprise private network (Ermagan: para.0025 “The iVPN integrates VPN policy, Traffic Engineering (Segment Routing) policy, and service insertion (NSH) policy which simplifies applying services in combination and enables the network operator to exploit the value of the underlying networks and services. The iVPN should provide enterprise grade security and encryption.” para.0034 “In general, iVPN provides functionality similar to MPLS VPN on a lower cost base, scales horizontally, and can meet the combined service provider requirements of Enterprise (i.e., full feature)” vpn is a private network), 
for facilitating communications from a first host that is located for communication via a first tunnel router to a second host that is located for communication via a second tunnel router (Ermagan: para.0057 it can be seen in Fig. 4 that each router is a tunnel router, thereby showing a first and second tunnel router para.0056-57 “FIG. 4 is a schematic diagram 400 of a mapping server 408 in accordance with embodiments of the present disclosure. Mapping server 408 can maintain a mapping table 420. Mapping table 420 includes a mapping between source eid (endpoint ID) and RLOC (routing locator) values to destination eid and RLOC values.” “An RLOC is an IPv4 or IPv6 address of an egress tunnel router (ETR). A RLOC is the output of an EID-to-RLOC mapping lookup. An EID is an IPv4 or IPv6 address used in the source and destination address fields of the first (most inner) LISP header of a packet.”)  (Ermagan: para.0074 “One exemplary network in which embodiments of the present disclosure can be implemented may be viewed as a collection of data centers. Another exemplary network in which embodiments of the present disclosure can be implemented may be viewed as a collection of virtual private networks. In each of these settings, a “data center” (DC) or a virtual private network (“VPN”) typically refers to a set of network elements, such as e.g. routers, switches, and controllers, as well as hosts connected thereto, that may communicate with one another by routing packets using a common instance of a routing protocol and by referring to certain common metrics to define a routing domain governed by the particular instance of the routing protocol.” para.0111 “A mapping service network element can receive, from a first tunneling router associated with a first virtual network, a mapping request to a second virtual network,” system facilitates communication between routers, such as in Fig. 5 which has hosts connected to them for communication between them.  Para.0084-0085 further describes Fig. 10 that describes virtual hosts that exists on various leaf nodes, and communicate with other leaf nodes.), 
the first and the second hosts being assigned with first and second endpoint IDs (EIDs), respectively, and the first and the second tunnel routers being assigned with first and second routing locators (RLOCs) (Ermagan: para.0057 it can be seen in Fig. 4 that each router is a tunnel router, thereby showing a first and second tunnel router para.0056-57 “FIG. 4 is a schematic diagram 400 of a mapping server 408 in accordance with embodiments of the present disclosure. Mapping server 408 can maintain a mapping table 420. Mapping table 420 includes a mapping between source eid (endpoint ID) and RLOC (routing locator) values to destination eid and RLOC values.” “An RLOC is an IPv4 or IPv6 address of an egress tunnel router (ETR). A RLOC is the output of an EID-to-RLOC mapping lookup. An EID is an IPv4 or IPv6 address used in the source and destination address fields of the first (most inner) LISP header of a packet.” source and destination EID and RLOC are recorded for each router of fig. 4.), 
respectively, receiving, from the first tunnel router, a message which indicates a map request for requesting an EID-to-RLOC mapping associated with the second EID (Ermagan: para.0111 “A mapping service network element can receive, from a first tunneling router associated with a first virtual network, a mapping request to a second virtual network, the first router compliant with a Locator/ID Separation Protocol (LISP), the mapping request comprising an endpoint identifier (EID) tuple that includes a source identifier and a destination identifier (1202). The mapping service network element can identify a routing locator (RLOC) based, at least in part, on the destination identifier of the EID tuple (1204). The mapping element can transmit the RLOC to the first tunneling router (1206).”), 
selecting, from a policy database (Ermagan: para.0041 “The orchestrator 204 is a cross domain orchestrator that is responsible for instantiating the end-to-end services by pushing abstracted service policies to the policy resolution function. The orchestrator 204 is multitenant and maintains the database of policies that have been applied. The orchestration cross domain orchestration which instantiates the e2e service by pushing abstracted service policies (VPN, SR and NSH) to the mapping server”), 
a service insertion policy based on at least the second EID or a group identifier in the message (Ermagan: para.0243 “As described above, FIG. 4 illustrates a LISP overlay VPN with no state in the mapping server and a default policy of no connectivity. In the example of FIG. 4, a policy is applied to assign the sites {a, b, c} to VPN1, and to assign the sites {c, d, e} to VPN2. The VPN policy resolver resolves these policies to the LISP forwarding state required to realize these connectivity policies as shown in FIG. 5. “  para.0244 “A policy is next applied to specify a traffic engineering policy indicating that traffic sent from site a to site b must be routed via x. The policy resolver resolves this policy to the segment routing forwarding state required to realize this policy. As this policy overlaps with the preceding VPN policy (i.e., both impact traffic sent from site a to site b), the VPN policy resolver compounds the forwarding state as shown in FIG. 6.” para.0245 “A policy is next applied to specify a service insertion policy indicating that traffic sent from site c to site e must go via service s. The policy resolver resolves this policy to the NSH forwarding state required to realize this policy. As this policy overlaps with the preceding VPN policy (i.e., both impact traffic sent from site c to site e), the VPN policy resolver compounds the forwarding state as shown in FIG. 7.” a service insertion policy is selected to specify services to be inserted based on source and destination addresses, as seen in Fig. 5.), 
the service insertion policy including an address of a service border router (Ermagan: para.0139 “The SF may decrement the index to indicate that the service was performed. After SF, the NSH may again be consulted to select the needed overlay to the next SFF. These operations may be repeated until the end of the service chain, in which case the original packet is forwarded. In some implementations, each node performing service path selection (e.g., using NSH SPI and SI values) may receive a table from the control plane.” para.0143 “Various ones of the embodiments disclosed herein extend the LISP mapping database, and the LISP control protocol, to include NSH SPI and SI as keys, and therefore may enable LISP to return the needed overlay next hop based on the NSH header information for service chain forwarding.” next hop SFF information is obtained during processing of packet in service chain. para.0144 “The mapping database may return the locator(s) for the next SFF(s) for a given NSH hop. In some embodiments, these extensions may be implemented by extending the LISP canonical address formats to include NSH data and service path information.”) 
for a service that is registered with the MS/MR ( Ermagan:  it can further be seen in para.0245 “A policy is next applied to specify a service insertion policy indicating that traffic sent from site c to site e must go via service s. The policy resolver resolves this policy to the NSH forwarding state required to realize this policy. As this policy overlaps with the preceding VPN policy (i.e., both impact traffic sent from site c to site e), the VPN policy resolver compounds the forwarding state as shown in FIG. 7” that services can be specified in policy and applied at the mapping server in Fig. 7, therefore the service is registered with the MS/MR.)); and 
sending, to the first tunnel router, a message which indicates a map reply, wherein the message which indicates the map reply includes address of a service border router for a service that is registered with the MS/MR (Ermagan: para.0115 “When a router queries a destination via sending a typical map request message, the mapping system may be configured to perform additional processing before returning a mapping reply message as follows: if the associated mapping stored in the mapping system is in traffic engineering format, the mapping system will compare the ITR locator field included in the map request message with the locator address included in each hop of the traffic engineering mapping. If there is a match, the mapping system returns the next hop's locator, as a single locator in a map reply message. If there was no match, the mapping system returns the first hop address as a single locator in a map reply message.” a map reply is returned to the router indicating the address of the next hop.)
includes the address of the service border router (Ermagan: para.0144 “The mapping database may return the locator(s) for the next SFF(s) for a given NSH hop. In some embodiments, these extensions may be implemented by extending the LISP canonical address formats to include NSH data and service path information.”), 
for populating an overlay route in the first tunnel router to forward the communications (Ermagan: para.0112 “After finding a match the mapping system can return the full result, as well as a processed result where the matched mapping is returned as a simple locator. In the latter case, the tunnel router will use the locator for the overlay destination independent of the requesting source for future flows.” para.0134 “A Network Service Header (NSH) provides an identifier that is used to select the network overlay for forwarding packets along a service chain.”)
via the service border router (Ermagan: para.0139, 144 SFF) for insertion of the service (Ermagan: para.0139 “The SF may decrement the index to indicate that the service was performed. After SF, the NSH may again be consulted to select the needed overlay to the next SFF. These operations may be repeated until the end of the service chain, in which case the original packet is forwarded. In some implementations, each node performing service path selection (e.g., using NSH SPI and SI values) may receive a table from the control plane.” para.0143 “Various ones of the embodiments disclosed herein extend the LISP mapping database, and the LISP control protocol, to include NSH SPI and SI as keys, and therefore may enable LISP to return the needed overlay next hop based on the NSH header information for service chain forwarding.” next hop SFF information is obtained during processing of packet in service chain. para.0144 “The mapping database may return the locator(s) for the next SFF(s) for a given NSH hop. In some embodiments, these extensions may be implemented by extending the LISP canonical address formats to include NSH data and service path information.”).
However Ermagan does not explicitly disclose a map request triggered in response to the first tunnel router receiving initial traffic of the communications from the first host.
Jain discloses a map request triggered in response to the first tunnel router receiving initial traffic of the communications from the first host (Jain: para.0052 “At 422, host H2 may send an incoming packet to the tunnel router 416. The packet may specify the host 408 as a source host, an IID IID2, and the host 406 as a destination host. At 424, the tunnel router 416 may send a map request for the host 406 in the IID2 context to the MSMR 403. The MSMR 403 may reply with a map reply at 426.” map request is here based on an incoming packet from the host).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Ermagan with Jain in order to incorporate a map request triggered in response to the first tunnel router receiving initial traffic of the communications from the first host.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of properly routing a packet from one host to another (Jain: para.0052).

Regarding Claim 3, Ermagan-Jain discloses claim 1 as set forth above.
Ermagan further discloses selecting the service insertion policy comprises selecting one of a plurality of service insertion policies respectively associated with a plurality of services available via the service border router and registered with the MS/MR (Ermagan: Fig. 4-8 these figures show a progression of applying a plurality of policies based on source and destination EIDs. para.0245 “A policy is next applied to specify a service insertion policy indicating that traffic sent from site c to site e must go via service s. The policy resolver resolves this policy to the NSH forwarding state required to realize this policy. As this policy overlaps with the preceding VPN policy (i.e., both impact traffic sent from site c to site e), the VPN policy resolver compounds the forwarding state as shown in FIG. 7.” here it can be seen that a plurality of rules can exists at once, and resolves the issue by selecting the NSH forwarding path to service s, over other policies, based on destination and source EIDs. The NSH policy is defined to be a service insertion policy in para.0025.  Further it can be seen in para.0041-42 a plurality of service insertion policies that can be or already applied.).

Regarding Claim 4, Ermagan-Jain discloses claim 1 as set forth above.
Ermagan further discloses if no service insertion policy for the communications exists, selecting, from a mapping database, the second RLOC of the second tunnel router based on the second EID (Ermagan: para.0244-255 “A policy is next applied to specify a traffic engineering policy indicating that traffic sent from site a to site b must be routed via x. The policy resolver resolves this policy to the segment routing forwarding state required to realize this policy. As this policy overlaps with the preceding VPN policy (i.e., both impact traffic sent from site a to site b), the VPN policy resolver compounds the forwarding state as shown in FIG. 6. A policy is next applied to specify a service insertion policy indicating that traffic sent from site c to site e must go via service s. The policy resolver resolves this policy to the NSH forwarding state required to realize this policy. As this policy overlaps with the preceding VPN policy (i.e., both impact traffic sent from site c to site e), the VPN policy resolver compounds the forwarding state as shown in FIG. 7.” a plurality of policies can exist at the same time.  In this case paragraphs show that SR policy that directs through x is overwritten by policy that says go to service s.  In this case, if the service insertion policy for service s did not apply for this destination source EID pair, then the destination from a->b is routed via route x, and not to a service.); and 
wherein the message which indicates the map reply alternatively includes the second RLOC of the second tunnel router, for populating the overlay route in the first tunnel router to forward the communications via the second tunnel router to the second host ( Ermagan: para.0111 “The mapping service network element can identify a routing locator (RLOC) based, at least in part, on the destination identifier of the EID tuple (1204). The mapping element can transmit the RLOC to the first tunneling router (1206).”para.0112 “After finding a match the mapping system can return the full result, as well as a processed result where the matched mapping is returned as a simple locator. In the latter case, the tunnel router will use the locator for the overlay destination independent of the requesting source for future flows.”. map reply contains RLOC for destination, and used for overlay route by first tunnel router to destination router.).

Regarding Claim 5, Ermagan-Jain discloses claim 1 as set forth above.
Ermagan further discloses wherein: the group identifier comprises a source group tag (SGT), and the service insertion policy is selected based on the SGT and a destination group tag (DGT) associated with the second host (Ermagan: para.0204-205 “Embodiments of the present disclosure introduce a system and a methodology for definition and enforcement of group-based policies in network overlays by leveraging and enhancing the LISP/VXLAN control plane. To that end, a programmable mapping system is used to define and enforce network policy groups of granularity of up to 6 tuples…. Embodiments of the present disclosure provide a programmable mapping system to be a mapping system that exposes APIs northbound for defining mappings that include security group based policies. Such a mapping system can exist potentially in the context of an SDN controller or as a separate entity. In some embodiments, security groups can be defined and matched against to up to tuple flows. These include source and destination L2 or L3 addresses, source and destination port ranges, as well as transport protocol and IP ToS or flow label.” policies can be applied based on group identifier, such as source/destination ports, which are SGT and DGT respectively.).

Regarding Claim 9 Ermagan-Jain discloses claim 1 as set forth above.
Ermagan further discloses at the one or more computing devices, receiving, from the service border router, a message which indicates another map request for requesting an EID-to-RLOC mapping associated with the second EID (Ermagan: para.0139 “The SF may decrement the index to indicate that the service was performed. After SF, the NSH may again be consulted to select the needed overlay to the next SFF. These operations may be repeated until the end of the service chain, in which case the original packet is forwarded. In some implementations, each node performing service path selection (e.g., using NSH SPI and SI values) may receive a table from the control plane.” para.0143 “Various ones of the embodiments disclosed herein extend the LISP mapping database, and the LISP control protocol, to include NSH SPI and SI as keys, and therefore may enable LISP to return the needed overlay next hop based on the NSH header information for service chain forwarding.” next hop SFF information is obtained during processing of packet in service chain. para.0144 “The mapping database may return the locator(s) for the next SFF(s) for a given NSH hop. In some embodiments, these extensions may be implemented by extending the LISP canonical address formats to include NSH data and service path information.” para.0022 “Independent from how the mapping system is implemented, a mapping is returned in an EIDtoRLOC MapReply Message either directly by the ETR or by a MapServer which serves as a replyproxy.” each router that participates in service routing in the service chain, can received map reply for RLOC of next hop associated with the second EID.); and 
sending, to the service border router, a message which indicates another map reply and includes the second RLOC of the second tunnel router (Ermagan: para.0144 “The mapping database may return the locator(s) for the next SFF(s) for a given NSH hop. In some embodiments, these extensions may be implemented by extending the LISP canonical address formats to include NSH data and service path information.” each node can receive map reply for next destination of service.  para.0022 “Independent from how the mapping system is implemented, a mapping is returned in an EIDtoRLOC MapReply Message either directly by the ETR or by a MapServer which serves as a replyproxy.”), 
for populating the overlay route in the service border router to forward the communications via the second tunnel router to the second host (Ermagan: para.0112 “After finding a match the mapping system can return the full result, as well as a processed result where the matched mapping is returned as a simple locator. In the latter case, the tunnel router will use the locator for the overlay destination independent of the requesting source for future flows.” para.0134 “A Network Service Header (NSH) provides an identifier that is used to select the network overlay for forwarding packets along a service chain.”).

Regarding Claim 10, Ermagan-Jain discloses claim 9 as set forth above.
Ermagan further discloses selecting either the service insertion policy or the second RLOC of the second tunnel router, based on identifying an indication of whether the message which indicates the map request or the other map request is sent from the first tunnel router or the service border router (Ermagan: para.0061 “The mapping server 408 can receive a request from a router 410 that is attempting to reach another router 412. The request can include the RLOC of the requesting router 410 can apply a policy associated with the router 410 to use router x 424 as an intermediate hop router between router A 410 and router B 412.” para.0062 “FIG. 7 illustrates the application of a network service header (NSH) to the VPN mapping. The mapping table 420 can include a network service header identifier, such as a SPI or SI value as part of a source-destination mapping entry. The network service header can be applied to traffic packets when the route determination is calculated. As traffic is routed (in this example, from router C 414 to router D 416), the indication of a network service header SPI or SI can cause the router (or a service function forwarder) to forward the packet to a service prior to routing the packet to its final destination (in this example, to router 418).” based on the router the map request arrived from, such as router C 414 above, the rules may specify that the packet should go to another service, such as NSH policy in figs 4-8, or should go to the final destination based on the routing table.  in this way, the service insertion policy NSH policy or the regular routing to the second RLOCK in second tunnel router is selected based on which router send the map request.).

Regarding Claim 13, it teaches the same steps as claim 1 but in A computing device comprising: one or more processors; one or more interfaces to connect in a network for software-defined access (SDA) or software-defined networking (SDN); one or more memory elements for storing instructions executable on the one or more processors for operation as a (Ermagan: para.0009, para.0069).  Therefore the supporting rationale for the rejection to claim 1 applies equally as well to that of claim 13.

Regarding Claim 16, Ermagan-Jain discloses claim 13 as set forth above.
Ermagan further discloses wherein the instructions are further executable on the one or more processors for: receiving, from the service border router, a message which indicates another map request for requesting an EID-to-RLOC mapping associated with the second EID (Ermagan: para.0139 “The SF may decrement the index to indicate that the service was performed. After SF, the NSH may again be consulted to select the needed overlay to the next SFF. These operations may be repeated until the end of the service chain, in which case the original packet is forwarded. In some implementations, each node performing service path selection (e.g., using NSH SPI and SI values) may receive a table from the control plane.” para.0143 “Various ones of the embodiments disclosed herein extend the LISP mapping database, and the LISP control protocol, to include NSH SPI and SI as keys, and therefore may enable LISP to return the needed overlay next hop based on the NSH header information for service chain forwarding.” next hop SFF information is obtained during processing of packet in service chain. para.0144 “The mapping database may return the locator(s) for the next SFF(s) for a given NSH hop. In some embodiments, these extensions may be implemented by extending the LISP canonical address formats to include NSH data and service path information.” para.0022 “Independent from how the mapping system is implemented, a mapping is returned in an EIDtoRLOC MapReply Message either directly by the ETR or by a MapServer which serves as a replyproxy.” each router that participates in service routing in the service chain, can received map reply for RLOC of next hop associated with the second EID.); and 
sending, to the service border router, a message which indicates another map reply and includes the second RLOC of the second tunnel router (Ermagan: para.0144 “The mapping database may return the locator(s) for the next SFF(s) for a given NSH hop. In some embodiments, these extensions may be implemented by extending the LISP canonical address formats to include NSH data and service path information.” each node can receive map reply for next destination of service.  para.0022 “Independent from how the mapping system is implemented, a mapping is returned in an EIDtoRLOC MapReply Message either directly by the ETR or by a MapServer which serves as a replyproxy.”), 
for populating the overlay route in the service border router to forward the communications via the second tunnel router to the second host (Ermagan: para.0112 “After finding a match the mapping system can return the full result, as well as a processed result where the matched mapping is returned as a simple locator. In the latter case, the tunnel router will use the locator for the overlay destination independent of the requesting source for future flows.” para.0134 “A Network Service Header (NSH) provides an identifier that is used to select the network overlay for forwarding packets along a service chain.”), 
wherein selecting either the service insertion policy or the second RLOC of the second tunnel router, based on identifying an indication of whether the message which indicates the map request or the other map request is sent from the first tunnel router or the service border router (Ermagan: para.0061 “The mapping server 408 can receive a request from a router 410 that is attempting to reach another router 412. The request can include the RLOC of the requesting router 410 can apply a policy associated with the router 410 to use router x 424 as an intermediate hop router between router A 410 and router B 412.” para.0062 “FIG. 7 illustrates the application of a network service header (NSH) to the VPN mapping. The mapping table 420 can include a network service header identifier, such as a SPI or SI value as part of a source-destination mapping entry. The network service header can be applied to traffic packets when the route determination is calculated. As traffic is routed (in this example, from router C 414 to router D 416), the indication of a network service header SPI or SI can cause the router (or a service function forwarder) to forward the packet to a service prior to routing the packet to its final destination (in this example, to router 418).” based on the router the map request arrived from, such as router C 414 above, the rules may specify that the packet should go to another service, such as NSH policy in figs 4-8, or should go to the final destination based on the routing table.  in this way, the service insertion policy NSH policy or the regular routing to the second RLOCK in second tunnel router is selected based on which router send the map request.).

Regarding Claim 18, Ermagan discloses A computer program product comprising a non-transitory computer readable medium and instructions stored on the non-transitory computer readable medium, 
where the instructions are executable by one or more processors of a computing device for operation as a map server / map resolver (MS/MR) (Ermagan: para.0238 Fig. 2, it can be seen that the system consists of a mapping server, and a policy resolver, para.0238 shows “Presented herein is a policy resolver (LISP MAP resolver) forming part of an iVPN system”)
of a Locator ID Separation Protocol (LISP) control plane (Ermagan: para.0145 “The coupling of NSH and LISP, in accordance with various ones of the embodiments disclosed herein, may allow NSH to take advantage of the scalability and dynamic nature of the LISP control plane”) 
for facilitating communications from a first host that is located for communication via a first tunnel router to a second host that is located for communication via a second tunnel router (Ermagan: para.0057 it can be seen in Fig. 4 that each router is a tunnel router, thereby showing a first and second tunnel router para.0056-57 “FIG. 4 is a schematic diagram 400 of a mapping server 408 in accordance with embodiments of the present disclosure. Mapping server 408 can maintain a mapping table 420. Mapping table 420 includes a mapping between source eid (endpoint ID) and RLOC (routing locator) values to destination eid and RLOC values.” “An RLOC is an IPv4 or IPv6 address of an egress tunnel router (ETR). A RLOC is the output of an EID-to-RLOC mapping lookup. An EID is an IPv4 or IPv6 address used in the source and destination address fields of the first (most inner) LISP header of a packet.”)  (Ermagan: para.0074 “One exemplary network in which embodiments of the present disclosure can be implemented may be viewed as a collection of data centers. Another exemplary network in which embodiments of the present disclosure can be implemented may be viewed as a collection of virtual private networks. In each of these settings, a “data center” (DC) or a virtual private network (“VPN”) typically refers to a set of network elements, such as e.g. routers, switches, and controllers, as well as hosts connected thereto, that may communicate with one another by routing packets using a common instance of a routing protocol and by referring to certain common metrics to define a routing domain governed by the particular instance of the routing protocol.” para.0111 “A mapping service network element can receive, from a first tunneling router associated with a first virtual network, a mapping request to a second virtual network,” system facilitates communication between routers, such as in Fig. 5 which has hosts connected to them for communication between them.  Para.0084-0085 further describes Fig. 10 that describes virtual hosts that exists on various leaf nodes, and communicate with other leaf nodes.), 
the first and the second hosts being assigned with first and second endpoint IDs (EIDs), respectively, and the first and the second tunnel routers being assigned with first and second routing locators (RLOCs), respectively (Ermagan: para.0057 it can be seen in Fig. 4 that each router is a tunnel router, thereby showing a first and second tunnel router para.0056-57 “FIG. 4 is a schematic diagram 400 of a mapping server 408 in accordance with embodiments of the present disclosure. Mapping server 408 can maintain a mapping table 420. Mapping table 420 includes a mapping between source eid (endpoint ID) and RLOC (routing locator) values to destination eid and RLOC values.” “An RLOC is an IPv4 or IPv6 address of an egress tunnel router (ETR). A RLOC is the output of an EID-to-RLOC mapping lookup. An EID is an IPv4 or IPv6 address used in the source and destination address fields of the first (most inner) LISP header of a packet.” source and destination EID and RLOC are recorded for each router of fig. 4.), 
the instructions being further executable for: receiving, from the first tunnel router, a message which indicates a map request for requesting an EID-to-RLOC mapping associated with the second EID (Ermagan: para.0111 “A mapping service network element can receive, from a first tunneling router associated with a first virtual network, a mapping request to a second virtual network, the first router compliant with a Locator/ID Separation Protocol (LISP), the mapping request comprising an endpoint identifier (EID) tuple that includes a source identifier and a destination identifier (1202). The mapping service network element can identify a routing locator (RLOC) based, at least in part, on the destination identifier of the EID tuple (1204). The mapping element can transmit the RLOC to the first tunneling router (1206).”)
when no service insertion policy for the communications exists: selecting, from a mapping database, the second RLOC of the second tunnel router based on the second EID (Ermagan: para.0244-255 “A policy is next applied to specify a traffic engineering policy indicating that traffic sent from site a to site b must be routed via x. The policy resolver resolves this policy to the segment routing forwarding state required to realize this policy. As this policy overlaps with the preceding VPN policy (i.e., both impact traffic sent from site a to site b), the VPN policy resolver compounds the forwarding state as shown in FIG. 6. A policy is next applied to specify a service insertion policy indicating that traffic sent from site c to site e must go via service s. The policy resolver resolves this policy to the NSH forwarding state required to realize this policy. As this policy overlaps with the preceding VPN policy (i.e., both impact traffic sent from site c to site e), the VPN policy resolver compounds the forwarding state as shown in FIG. 7.” a plurality of policies can exist at the same time.  In this case paragraphs show that SR policy that directs through x is overwritten by policy that says go to service s.  In this case, if the service insertion policy for service s did not apply for this destination source EID pair, then the destination from a->b is routed via route x, and not to a service.); 
sending, to the first tunnel router, a message which indicates a map reply, and includes the second RLOC of the second tunnel router for populating an overlay route in the first tunnel router to forward the communications via the second tunnel router to the second host ( Ermagan: para.0111 “The mapping service network element can identify a routing locator (RLOC) based, at least in part, on the destination identifier of the EID tuple (1204). The mapping element can transmit the RLOC to the first tunneling router (1206).”para.0112 “After finding a match the mapping system can return the full result, as well as a processed result where the matched mapping is returned as a simple locator. In the latter case, the tunnel router will use the locator for the overlay destination independent of the requesting source for future flows.”. map reply contains RLOC for destination, and used for overlay route by first tunnel router to destination router.); 
when a service insertion policy for the communications exists: selecting, from a policy database (Ermagan: para.0041 “The orchestrator 204 is a cross domain orchestrator that is responsible for instantiating the end-to-end services by pushing abstracted service policies to the policy resolution function. The orchestrator 204 is multitenant and maintains the database of policies that have been applied. The orchestration cross domain orchestration which instantiates the e2e service by pushing abstracted service policies (VPN, SR and NSH) to the mapping server”)
, the service insertion policy based on at least the second EID or a group identifier in the message (Ermagan: para.0243 “As described above, FIG. 4 illustrates a LISP overlay VPN with no state in the mapping server and a default policy of no connectivity. In the example of FIG. 4, a policy is applied to assign the sites {a, b, c} to VPN1, and to assign the sites {c, d, e} to VPN2. The VPN policy resolver resolves these policies to the LISP forwarding state required to realize these connectivity policies as shown in FIG. 5. “  para.0244 “A policy is next applied to specify a traffic engineering policy indicating that traffic sent from site a to site b must be routed via x. The policy resolver resolves this policy to the segment routing forwarding state required to realize this policy. As this policy overlaps with the preceding VPN policy (i.e., both impact traffic sent from site a to site b), the VPN policy resolver compounds the forwarding state as shown in FIG. 6.” para.0245 “A policy is next applied to specify a service insertion policy indicating that traffic sent from site c to site e must go via service s. The policy resolver resolves this policy to the NSH forwarding state required to realize this policy. As this policy overlaps with the preceding VPN policy (i.e., both impact traffic sent from site c to site e), the VPN policy resolver compounds the forwarding state as shown in FIG. 7.” a service insertion policy is selected to specify services to be inserted based on source and destination addresses, as seen in Fig. 5.)
, the service insertion policy including an address of a service border router (Ermagan: para.0139 “The SF may decrement the index to indicate that the service was performed. After SF, the NSH may again be consulted to select the needed overlay to the next SFF. These operations may be repeated until the end of the service chain, in which case the original packet is forwarded. In some implementations, each node performing service path selection (e.g., using NSH SPI and SI values) may receive a table from the control plane.” para.0143 “Various ones of the embodiments disclosed herein extend the LISP mapping database, and the LISP control protocol, to include NSH SPI and SI as keys, and therefore may enable LISP to return the needed overlay next hop based on the NSH header information for service chain forwarding.” next hop SFF information is obtained during processing of packet in service chain. para.0144 “The mapping database may return the locator(s) for the next SFF(s) for a given NSH hop. In some embodiments, these extensions may be implemented by extending the LISP canonical address formats to include NSH data and service path information.”)
for insertion of a service that is registered with the MS/MR  (Ermagan:  it can further be seen in para.0245 “A policy is next applied to specify a service insertion policy indicating that traffic sent from site c to site e must go via service s. The policy resolver resolves this policy to the NSH forwarding state required to realize this policy. As this policy overlaps with the preceding VPN policy (i.e., both impact traffic sent from site c to site e), the VPN policy resolver compounds the forwarding state as shown in FIG. 7” that services can be specified in policy and applied at the mapping server in Fig. 7, therefore the service is registered with the MS/MR.)); 
and sending, to the first tunnel router, a message which indicates the map reply (Ermagan: para.0115 “When a router queries a destination via sending a typical map request message, the mapping system may be configured to perform additional processing before returning a mapping reply message as follows: if the associated mapping stored in the mapping system is in traffic engineering format, the mapping system will compare the ITR locator field included in the map request message with the locator address included in each hop of the traffic engineering mapping. If there is a match, the mapping system returns the next hop's locator, as a single locator in a map reply message. If there was no match, the mapping system returns the first hop address as a single locator in a map reply message.” a map reply is returned to the router indicating the address of the next hop.)
, and includes the address of the service border router (Ermagan: para.0144 “The mapping database may return the locator(s) for the next SFF(s) for a given NSH hop. In some embodiments, these extensions may be implemented by extending the LISP canonical address formats to include NSH data and service path information.”), 
for populating the overlay route in the first tunnel router to forward the communications (Ermagan: para.0112 “After finding a match the mapping system can return the full result, as well as a processed result where the matched mapping is returned as a simple locator. In the latter case, the tunnel router will use the locator for the overlay destination independent of the requesting source for future flows.” para.0134 “A Network Service Header (NSH) provides an identifier that is used to select the network overlay for forwarding packets along a service chain.”)  
via the service border router for insertion of the service (Ermagan: para.0139 “The SF may decrement the index to indicate that the service was performed. After SF, the NSH may again be consulted to select the needed overlay to the next SFF. These operations may be repeated until the end of the service chain, in which case the original packet is forwarded. In some implementations, each node performing service path selection (e.g., using NSH SPI and SI values) may receive a table from the control plane.” para.0143 “Various ones of the embodiments disclosed herein extend the LISP mapping database, and the LISP control protocol, to include NSH SPI and SI as keys, and therefore may enable LISP to return the needed overlay next hop based on the NSH header information for service chain forwarding.” next hop SFF information is obtained during processing of packet in service chain. para.0144 “The mapping database may return the locator(s) for the next SFF(s) for a given NSH hop. In some embodiments, these extensions may be implemented by extending the LISP canonical address formats to include NSH data and service path information.”).
However Ermagan does not explicitly disclose a map request triggered in response to the first tunnel router receiving initial traffic of the communications from the first host.
Jain discloses a map request triggered in response to the first tunnel router receiving initial traffic of the communications from the first host (Jain: para.0052 “At 422, host H2 may send an incoming packet to the tunnel router 416. The packet may specify the host 408 as a source host, an IID IID2, and the host 406 as a destination host. At 424, the tunnel router 416 may send a map request for the host 406 in the IID2 context to the MSMR 403. The MSMR 403 may reply with a map reply at 426.” map request is here based on an incoming packet from the host).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Ermagan with Jain in order to incorporate a map request triggered in response to the first tunnel router receiving initial traffic of the communications from the first host.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of properly routing a packet from one host to another (Jain: para.0052).

Regarding Claim 20, Ermagan-Jain discloses claim 18 as set forth above.
Ermagan further discloses when the service insertion policy for the communications exists (Ermagan: Fig. 4-7 and para.0169 and 241 “service insertion (NSH) policy,”, that NSH involves an NSH policy, the service insertion policy)): receiving, from the service border router, a message which indicates another map request for requesting an EID-to-RLOC mapping (Ermagan: para.0139 “The SF may decrement the index to indicate that the service was performed. After SF, the NSH may again be consulted to select the needed overlay to the next SFF. These operations may be repeated until the end of the service chain, in which case the original packet is forwarded. In some implementations, each node performing service path selection (e.g., using NSH SPI and SI values) may receive a table from the control plane.” para.0143 “Various ones of the embodiments disclosed herein extend the LISP mapping database, and the LISP control protocol, to include NSH SPI and SI as keys, and therefore may enable LISP to return the needed overlay next hop based on the NSH header information for service chain forwarding.” next hop SFF information is obtained during processing of packet in service chain. para.0144 “The mapping database may return the locator(s) for the next SFF(s) for a given NSH hop. In some embodiments, these extensions may be implemented by extending the LISP canonical address formats to include NSH data and service path information.” para.0022 “Independent from how the mapping system is implemented, a mapping is returned in an EIDtoRLOC MapReply Message either directly by the ETR or by a MapServer which serves as a replyproxy.” each router that participates in service routing in the service chain, can received map reply for RLOC of next hop associated with the second EID. see Fig. 4-7 and para.0169 and 241 “service insertion (NSH) policy,”, that NSH involves an NSH policy, the service insertion policy); 
and sending, to the service border router, a message which indicates another map reply and includes the second RLOC of the second tunnel router (Ermagan: para.0144 “The mapping database may return the locator(s) for the next SFF(s) for a given NSH hop. In some embodiments, these extensions may be implemented by extending the LISP canonical address formats to include NSH data and service path information.” each node can receive map reply for next destination of service.  para.0022 “Independent from how the mapping system is implemented, a mapping is returned in an EIDtoRLOC MapReply Message either directly by the ETR or by a MapServer which serves as a replyproxy.”), 
for populating the overlay route in the service border router to forward the communications via the second tunnel router to the second host (Ermagan: para.0112 “After finding a match the mapping system can return the full result, as well as a processed result where the matched mapping is returned as a simple locator. In the latter case, the tunnel router will use the locator for the overlay destination independent of the requesting source for future flows.” para.0134 “A Network Service Header (NSH) provides an identifier that is used to select the network overlay for forwarding packets along a service chain.”).

Claim(s) 2, 14, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ermagan et al. (hereinafter Ermagan, US 2017/0026417 A1) in view of Jain et al. (hereinafter Jain, US 2018/0367337 A1) in view of Janakiraman et al. (hereinafter Jana, US 2015/0074741 A1). 

Regarding Claim 2, Ermagan-Jain discloses claim 1 as set forth above.
However Ermagan-Jain does not explicitly disclose at the one or more computing devices, prior to receiving the initial traffic of the communications from the first host, receiving, from the service border router, a message which indicates a service registration for registering the service with the MS/MR.
Jana discloses at the one or more computing devices, prior to receiving the initial traffic of the communications from the first host, receiving, from the service border router, a message which indicates a service registration for registering the service with the MS/MR (Jana: para.0020 “End user devices may query network 100 via the service discovery protocol to present available enterprise services, at which time the available enterprise services are added to a service catalog of enterprise services stored in the appropriate router 114-124 depending on the location of the specific enterprise service. In the case of printer 130 subnetwork A, printer 130 would appear in a service catalog stored in router 114. The service catalog may then be registered at the LISP map server 104 by abstracting the information from the LISP instance ID. The service attributes for a link local multicast service may then be derived by application proxy techniques in the distribution router.” the MS/MR receives a service catalog from router 114, which is then registered with the MS/MR.   It can be seen that this process is prior to the initial traffic, as Fig. 6 shows a router querying the MS/MR in step 602 for the service catalog para.0031 “When a router 114 receives a service catalog query from an end user device 128 at step 602, router 114 first queries the LISP map server 104 at step 604 to determine if the router 114 is associated with the LISP instance ID associated with the end user device which is sending the service catalog query.”).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date to combine Ermagan-Jain with Jana in order to incorporate at the one or more computing devices, prior to receiving the initial traffic of the communications from the first host, receiving, from the service border router, a message which indicates a service registration for registering the service with the MS/MR.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of serving up to date information to a router/host in response to a query (Jana: para.0020 para.0031).

Regarding Claim 14, Ermagan-Jain discloses claim 13 as set forth above.
Ermagan further discloses wherein selecting the service insertion policy comprises selecting one of a plurality of service insertion policies respectively associated with the plurality of services registered with the MS/MR (Ermagan: Fig. 4-8 these figures show a progression of applying a plurality of policies based on source and destination EIDs. para.0245 “A policy is next applied to specify a service insertion policy indicating that traffic sent from site c to site e must go via service s. The policy resolver resolves this policy to the NSH forwarding state required to realize this policy. As this policy overlaps with the preceding VPN policy (i.e., both impact traffic sent from site c to site e), the VPN policy resolver compounds the forwarding state as shown in FIG. 7.” here it can be seen that a plurality of rules can exists at once, and resolves the issue by selecting the NSH forwarding path to service s, over other policies, based on destination and source EIDs. The NSH policy is defined to be a service insertion policy in para.0025.  Further it can be seen in para.0041-42 a plurality of service insertion policies that can be or already applied.).
However Ermagan-Jain does not explicitly disclose at the one or more computing devices, prior to receiving the initial traffic of the communications from the first host, receiving, from the service border router, a message which indicates a service registration for registering the service with the MS/MR.
Jana discloses for each one of a plurality of services available via the service border router, receiving, from the service border router, a message which indicates a service registration for registering the service with the MS/MR (Jana: para.0020 “End user devices may query network 100 via the service discovery protocol to present available enterprise services, at which time the available enterprise services are added to a service catalog of enterprise services stored in the appropriate router 114-124 depending on the location of the specific enterprise service. In the case of printer 130 subnetwork A, printer 130 would appear in a service catalog stored in router 114. The service catalog may then be registered at the LISP map server 104 by abstracting the information from the LISP instance ID. The service attributes for a link local multicast service may then be derived by application proxy techniques in the distribution router.” the MS/MR receives a service catalog from router 114, which is then registered with the MS/MR.   It can be seen that this process is prior to the initial traffic, as Fig. 6 shows a router querying the MS/MR in step 602 for the service catalog para.0031 “When a router 114 receives a service catalog query from an end user device 128 at step 602, router 114 first queries the LISP map server 104 at step 604 to determine if the router 114 is associated with the LISP instance ID associated with the end user device which is sending the service catalog query.”).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date to combine Ermagan-Jain with Jana in order to incorporate for each one of a plurality of services available via the service border router, receiving, from the service border router, a message which indicates a service registration for registering the service with the MS/MR.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of serving up to date information to a router/host in response to a query (Jana: para.0020 para.0031).

Regarding Claim 19, it does not teach nor further define over the limitations of claim 14, therefore claim 19 is rejected under the same rationale as claim 14.

Claim(s) 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ermagan et al. (hereinafter Ermagan, US 2017/0026417 A1) in view of Jain et al. (hereinafter Jain, US 2018/0367337 A1) in view of Agrawal et al. (hereinafter Agrawal, US 2017/0206701 A1). 
Regarding Claim 6, Ermagan-Jain discloses claim 5 as set forth above.
Ermagan further discloses sending, to the first tunnel router, the message which indicates the map reply and includes the address of the service border router (Ermagan: para.0139 “The SF may decrement the index to indicate that the service was performed. After SF, the NSH may again be consulted to select the needed overlay to the next SFF. These operations may be repeated until the end of the service chain, in which case the original packet is forwarded. In some implementations, each node performing service path selection (e.g., using NSH SPI and SI values) may receive a table from the control plane.” para.0143 “Various ones of the embodiments disclosed herein extend the LISP mapping database, and the LISP control protocol, to include NSH SPI and SI as keys, and therefore may enable LISP to return the needed overlay next hop based on the NSH header information for service chain forwarding.” next hop SFF information is obtained during processing of packet in service chain. para.0144 “The mapping database may return the locator(s) for the next SFF(s) for a given NSH hop. In some embodiments, these extensions may be implemented by extending the LISP canonical address formats to include NSH data and service path information.”),
However Ermagan-Jain does not explicitly disclose, further includes the SGT, the DGT, and a group policy for application at the first tunnel router.
Agrawal discloses further includes the SGT, the DGT, and a group policy for application at the first tunnel router (Agrawal: para.0012 “Various embodiments of the present technology can be used to receive a first group based policy and a second group based policy, each group based policy including policy rules defining a range of destination internet protocol addresses, a range of source internet protocol addresses and a range of access ports, render a three dimensional representation of the first group based policy based on the policy rules of the first group based policy” the range of source address and ports, and destination addresses and ports and associated policies are received).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Ermagan-Jain with Agrawal in order to incorporate further includes the SGT, the DGT, and a group policy for application at the first tunnel router.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of applying the correct policies to traffic flow based on source and destination groups (Agrawal: para.0012).

Claim(s) 7, 8, 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ermagan et al. (hereinafter Ermagan, US 2017/0026417 A1) in view of Jain et al. (hereinafter Jain, US 2018/0367337 A1) in view of Kondalam et al. (hereinafter Kondalam, US 2018/0367302 A1). 
Regarding Claim 7 Ermagan-Jain discloses claim 1 as set forth above.
Ermagan further discloses the message which indicates the map reply includes the address of the service border router (Ermagan: para.0139 “The SF may decrement the index to indicate that the service was performed. After SF, the NSH may again be consulted to select the needed overlay to the next SFF. These operations may be repeated until the end of the service chain, in which case the original packet is forwarded. In some implementations, each node performing service path selection (e.g., using NSH SPI and SI values) may receive a table from the control plane.” para.0143 “Various ones of the embodiments disclosed herein extend the LISP mapping database, and the LISP control protocol, to include NSH SPI and SI as keys, and therefore may enable LISP to return the needed overlay next hop based on the NSH header information for service chain forwarding.” next hop SFF information is obtained during processing of packet in service chain. para.0144 “The mapping database may return the locator(s) for the next SFF(s) for a given NSH hop. In some embodiments, these extensions may be implemented by extending the LISP canonical address formats to include NSH data and service path information.”), 
for populating the overlay route in the first tunnel router to forward the communications, via the service border router for insertion of the service (Ermagan: para.0112 “After finding a match the mapping system can return the full result, as well as a processed result where the matched mapping is returned as a simple locator. In the latter case, the tunnel router will use the locator for the overlay destination independent of the requesting source for future flows.” para.0134 “A Network Service Header (NSH) provides an identifier that is used to select the network overlay for forwarding packets along a service chain.”).
However Ermagan does not explicitly disclose a virtual network identifier of a virtual private network associated with a virtual routing and forwarding (VRF) at the service border router, and the group identifier, with encapsulation of the virtual network identifier and the group identifier.
Jain discloses disclose a virtual network identifier of a virtual private network associated with a virtual routing and forwarding (VRF) at the service border router, (Jain: para.0053 “FIG. 5 illustrates an example inter VRFs/IIDs RLOC probing flow. At 502, an ingress tunnel router (ITR) 503 associated with IID1 may send an MSMR 504 a map request for EID2 in the IID1 context. At 506, the MSMR 504 may reply with a map reply for EID2 in the IID1 context and may specify IID2 as an encapsulation IID. The ITR 503 may add a map cache entry in the IID1 context for EID2 with an encapsulation IID of IID2 at 508. At 510, RLOC probing may be configured in IID1 in the ITR 503.” para.0030 “LISP may allow (e.g., may only allow) communication among hosts that are part of the same VRF, VPN, or VLAN or across VRFs, VPNs, or VLANs. For example, hosts H1 and H2 may be in a first VRF, VRF/IID A, and hosts H11 and H22 may be in a second VRF, VRF/IID B. The hosts in VRF/IID A and VRF/IID B may access shared services from server H3 in shared VRF/IID S.” para.0035 “A MSMR policy-based architecture may support a LISP extranet or IID leaking feature. A MSMR policy-based architecture may facilitate routing among endpoint identifier (EID) prefixes by forwarding or replying map requests from tunnel routers. The MSMR 114 may decide leaking across VRFs, VPNs, and/or VLANs, based on its extranet policy.” Fig 1-3, it can be seen above that map requests can be sent for network identifier for a different VPN in same or different VRF/VPNs.)
with encapsulation of the virtual network identifier (Jain: para.0060 “This IID may be used as an encapsulation IID to encapsulate the packets sent towards the proxy tunnel router as a result of a NMR.”).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Ermagan with Jain in order to incorporate a virtual network identifier of a virtual private network associated with a virtual routing and forwarding (VRF) at the service border router, with encapsulation of the virtual network identifier.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of properly routing a packet from one host to another (Jain: para.0052).
However Ermagan-Jain does not explicitly disclose the group identifier, with encapsulation of the group identifier
Kondalam discloses the group identifier (Kondalam: para.0023 “Accordingly, in various implementations, the method 200 optionally includes steps 220 in which the source node 202A requests the destination group identifier from the destination node 202B and transmits the source group identifier to the destination node 202B. In response, the method 200 optionally includes step 222 in which the source node 202A receives the destination group identifier from the destination node 202B.” the destination group identifier is received), 
with encapsulation of the group identifier (Kondalam: para.0024 “The method continues at step 230 in which the source node 202A calculates a source public key I based on a source private key i, the source group identifier, and the destination group identifier. The source private key i is a random (or, as encompassed by that term as used herein, pseudorandom) number generated by the source node 202A suitable for use as a cryptographic key. In some embodiments, the source private key i is specific to the source group identifier. In some examples, the value of the source private key i for different source group identifiers may be assumed to be different due to the statistical probability of the random number generator of the source node 202A not repeating a value. In some embodiments, the value of the source private key i can be locally assigned to be unique per source group identifier using a pool, a simple heuristic, and/or the like.” Fig.2.  The destination group identifier is used to calculated source public key and encapsulated into the packet.).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date to combine Ermagan-Jain with Kondalam in order to incorporate the group identifier, with encapsulation of the group identifier.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improved communications between nodes (Kondalam: para.0023-24).

Regarding Claim 8, Ermagan-Jain discloses claim 1 as set forth above.
Ermagan further discloses the message which indicates the map reply includes the address of the service border router (Ermagan: para.0139 “The SF may decrement the index to indicate that the service was performed. After SF, the NSH may again be consulted to select the needed overlay to the next SFF. These operations may be repeated until the end of the service chain, in which case the original packet is forwarded. In some implementations, each node performing service path selection (e.g., using NSH SPI and SI values) may receive a table from the control plane.” para.0143 “Various ones of the embodiments disclosed herein extend the LISP mapping database, and the LISP control protocol, to include NSH SPI and SI as keys, and therefore may enable LISP to return the needed overlay next hop based on the NSH header information for service chain forwarding.” next hop SFF information is obtained during processing of packet in service chain. para.0144 “The mapping database may return the locator(s) for the next SFF(s) for a given NSH hop. In some embodiments, these extensions may be implemented by extending the LISP canonical address formats to include NSH data and service path information.”), 
for populating the overlay route in the first tunnel router to forward the communications, via the service border router for insertion of the service (Ermagan: para.0112 “After finding a match the mapping system can return the full result, as well as a processed result where the matched mapping is returned as a simple locator. In the latter case, the tunnel router will use the locator for the overlay destination independent of the requesting source for future flows.” para.0134 “A Network Service Header (NSH) provides an identifier that is used to select the network overlay for forwarding packets along a service chain.”).
However Ermagan does not explicitly disclose a virtual local area network (VLAN) ID of a VLAN, and the group identifier, with encapsulation of the VLAN ID and the group identifier.
Jain discloses disclose a virtual local area network (VLAN) ID of a VLAN, (Jain: para.0053 “FIG. 5 illustrates an example inter VRFs/IIDs RLOC probing flow. At 502, an ingress tunnel router (ITR) 503 associated with IID1 may send an MSMR 504 a map request for EID2 in the IID1 context. At 506, the MSMR 504 may reply with a map reply for EID2 in the IID1 context and may specify IID2 as an encapsulation IID. The ITR 503 may add a map cache entry in the IID1 context for EID2 with an encapsulation IID of IID2 at 508. At 510, RLOC probing may be configured in IID1 in the ITR 503.” para.0030 “LISP may allow (e.g., may only allow) communication among hosts that are part of the same VRF, VPN, or VLAN or across VRFs, VPNs, or VLANs. For example, hosts H1 and H2 may be in a first VRF, VRF/IID A, and hosts H11 and H22 may be in a second VRF, VRF/IID B. The hosts in VRF/IID A and VRF/IID B may access shared services from server H3 in shared VRF/IID S.” para.0035 “A MSMR policy-based architecture may support a LISP extranet or IID leaking feature. A MSMR policy-based architecture may facilitate routing among endpoint identifier (EID) prefixes by forwarding or replying map requests from tunnel routers. The MSMR 114 may decide leaking across VRFs, VPNs, and/or VLANs, based on its extranet policy.” Fig 1-3, it can be seen above that map requests can be sent for network identifier for a different VLAN.)
with encapsulation of the VLAN ID (Jain: para.0060 “This IID may be used as an encapsulation IID to encapsulate the packets sent towards the proxy tunnel router as a result of a NMR.”).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Ermagan with Jain in order to incorporate a virtual local area network (VLAN) ID of a VLAN, with encapsulation of the VLAN ID, via the service border router for insertion of the service.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of properly routing a packet from one host to another (Jain: para.0052).
However Ermagan-Jain does not explicitly disclose the group identifier, with encapsulation of the group identifier
Kondalam discloses the group identifier (Kondalam: para.0023 “Accordingly, in various implementations, the method 200 optionally includes steps 220 in which the source node 202A requests the destination group identifier from the destination node 202B and transmits the source group identifier to the destination node 202B. In response, the method 200 optionally includes step 222 in which the source node 202A receives the destination group identifier from the destination node 202B.” the destination group identifier is received), 
with encapsulation of the group identifier (Kondalam: para.0024 “The method continues at step 230 in which the source node 202A calculates a source public key I based on a source private key i, the source group identifier, and the destination group identifier. The source private key i is a random (or, as encompassed by that term as used herein, pseudorandom) number generated by the source node 202A suitable for use as a cryptographic key. In some embodiments, the source private key i is specific to the source group identifier. In some examples, the value of the source private key i for different source group identifiers may be assumed to be different due to the statistical probability of the random number generator of the source node 202A not repeating a value. In some embodiments, the value of the source private key i can be locally assigned to be unique per source group identifier using a pool, a simple heuristic, and/or the like.” Fig.2.  The destination group identifier is used to calculated source public key and encapsulated into the packet.).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date to combine Ermagan-Jain with Kondalam in order to incorporate the group identifier, with encapsulation of the group identifier.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improved communications between nodes (Kondalam: para.0023-24).

Regarding Claim 15, it does not teach nor further define over claims 7 and 8.  Therefore the supporting rationale for the rejections to claims 7 and 8 apply equally as well to that of claim 15.

Claim(s) 11, 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ermagan et al. (hereinafter Ermagan, US 2017/0026417 A1) in view of Jain et al. (hereinafter Jain, US 2018/0367337 A1) in view of Allan et al. (hereinafter Allan, US 2022/0007251 A1). 
Regarding Claim 11, Ermagan discloses wherein the second host that is located for communication via the second tunnel router that is external to the enterprise (Ermagan: para.0004-6) private network (Ermagan: para.0058-59 “FIG. 5 illustrates an example policy resolution for resolving forwarding states of two example VPNs: VPN1={a,b,c} and VPN2={c,d,e}. VPN Policies 432 can be applied by the mapping server to map forwarding state for sources and destinations. For example, for VPN1={a,b,c}, router A 410 can have an eid “a” and RLOC “A,” router B 412 can have an eid “b” and RLOC “B,” router C 414 can have an eid “c” and RLOC “C.” For VPN1={a,b,c}, a source router can be mapped to a destination router based on the RLOC of the destination router. Likewise for VPN2={c,d,e}. Router D 416 can include eid “d” and RLOC “D,” and router E can include eid “e” and RLOC “E.” Noteworthy is that router c can be used by both VPN1 and VPN2” routing can occur to nodes that are outside of a first enterprise VPN), 
the method further comprising: at the one or more computing devices, receiving, from the service border router, a message which indicates another map request for requesting an EID-to-RLOC mapping associated with the second EID (Ermagan: para.0111 “A mapping service network element can receive, from a first tunneling router associated with a first virtual network, a mapping request to a second virtual network, the first router compliant with a Locator/ID Separation Protocol (LISP), the mapping request comprising an endpoint identifier (EID) tuple that includes a source identifier and a destination identifier (1202). The mapping service network element can identify a routing locator (RLOC) based, at least in part, on the destination identifier of the EID tuple (1204). The mapping element can transmit the RLOC to the first tunneling router (1206).”); 
and sending, to the service border router, a message which indicates another map reply and includes a third RLOC of a border router (Ermagan: para.0115 “When a router queries a destination via sending a typical map request message, the mapping system may be configured to perform additional processing before returning a mapping reply message as follows: if the associated mapping stored in the mapping system is in traffic engineering format, the mapping system will compare the ITR locator field included in the map request message with the locator address included in each hop of the traffic engineering mapping. If there is a match, the mapping system returns the next hop's locator, as a single locator in a map reply message. If there was no match, the mapping system returns the first hop address as a single locator in a map reply message.” a map reply is returned to the router indicating the address of the next hop.),
for populating the overlay route in the border router to the endpoint (Ermagan: para.0112 “After finding a match the mapping system can return the full result, as well as a processed result where the matched mapping is returned as a simple locator. In the latter case, the tunnel router will use the locator for the overlay destination independent of the requesting source for future flows.” para.0134 “A Network Service Header (NSH) provides an identifier that is used to select the network overlay for forwarding packets along a service chain.”)
via the second tunnel router (Ermagan: para.0139, 144 SFF) for insertion of the service (Ermagan: para.0139 “The SF may decrement the index to indicate that the service was performed. After SF, the NSH may again be consulted to select the needed overlay to the next SFF. These operations may be repeated until the end of the service chain, in which case the original packet is forwarded. In some implementations, each node performing service path selection (e.g., using NSH SPI and SI values) may receive a table from the control plane.” para.0143 “Various ones of the embodiments disclosed herein extend the LISP mapping database, and the LISP control protocol, to include NSH SPI and SI as keys, and therefore may enable LISP to return the needed overlay next hop based on the NSH header information for service chain forwarding.” next hop SFF information is obtained during processing of packet in service chain. para.0144 “The mapping database may return the locator(s) for the next SFF(s) for a given NSH hop. In some embodiments, these extensions may be implemented by extending the LISP canonical address formats to include NSH data and service path information.”) 
that is external to the (Ermagan: para.0004-6) private network (Ermagan: para.0058-59 “FIG. 5 illustrates an example policy resolution for resolving forwarding states of two example VPNs: VPN1={a,b,c} and VPN2={c,d,e}. VPN Policies 432 can be applied by the mapping server to map forwarding state for sources and destinations. For example, for VPN1={a,b,c}, router A 410 can have an eid “a” and RLOC “A,” router B 412 can have an eid “b” and RLOC “B,” router C 414 can have an eid “c” and RLOC “C.” For VPN1={a,b,c}, a source router can be mapped to a destination router based on the RLOC of the destination router. Likewise for VPN2={c,d,e}. Router D 416 can include eid “d” and RLOC “D,” and router E can include eid “e” and RLOC “E.” Noteworthy is that router c can be used by both VPN1 and VPN2” routing can occur to nodes that are outside of a first enterprise VPN).
However Ermagan-Jain does not explicitly disclose wherein the second host comprises a Fifth Generation (5G) endpoint.
Allan discloses wherein the second host comprises a Fifth Generation (5G) endpoint (Allan: para.0063 “In a 5G handoff a handover request has knowledge of the source and target gNodeBs. With knowledge of the target gNodeB, the TR associated with the source gNodeB can use the LISP mapping system to resolve the target TR RLOC and can then coordinate the handoff with it and be able to redirect traffic sent prior to synchronization of other systems with the new EID/RLOC binding. This involves additional messaging, including example message types and processes as described further herein below.” it can be seen that RG nodes have EID/RLOC bindings and can be routed to.  These steps similar to LISP operations of Ermagan can be seen in fig. 5).
Therefore it would have been obvious to one of ordinary skill in the art would have been motivated to combine Ermagan-Jain in order to incorporate wherein the second host comprises a Fifth Generation (5G) endpoint.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of efficiency and speed that comes with the incorporation of a 5G network.

Regarding Claim 17, Ermagan  discloses wherein the second host is located for communication via the second tunnel router that is external to the network (Ermagan: para.0004-6) private network (Ermagan: para.0058-59 “FIG. 5 illustrates an example policy resolution for resolving forwarding states of two example VPNs: VPN1={a,b,c} and VPN2={c,d,e}. VPN Policies 432 can be applied by the mapping server to map forwarding state for sources and destinations. For example, for VPN1={a,b,c}, router A 410 can have an eid “a” and RLOC “A,” router B 412 can have an eid “b” and RLOC “B,” router C 414 can have an eid “c” and RLOC “C.” For VPN1={a,b,c}, a source router can be mapped to a destination router based on the RLOC of the destination router. Likewise for VPN2={c,d,e}. Router D 416 can include eid “d” and RLOC “D,” and router E can include eid “e” and RLOC “E.” Noteworthy is that router c can be used by both VPN1 and VPN2” routing can occur to nodes that are outside of a first enterprise VPN), 
and wherein the instructions are further executable on the one or more processors for: receiving, from the service border router, a message which indicates a second map request for requesting an EID-to-RLOC mapping (Ermagan: para.0111 “A mapping service network element can receive, from a first tunneling router associated with a first virtual network, a mapping request to a second virtual network, the first router compliant with a Locator/ID Separation Protocol (LISP), the mapping request comprising an endpoint identifier (EID) tuple that includes a source identifier and a destination identifier (1202). The mapping service network element can identify a routing locator (RLOC) based, at least in part, on the destination identifier of the EID tuple (1204). The mapping element can transmit the RLOC to the first tunneling router (1206).”); and 
sending, to the service border router, a message which indicates a second map reply and includes a third RLOC of a border router (Ermagan: para.0115 “When a router queries a destination via sending a typical map request message, the mapping system may be configured to perform additional processing before returning a mapping reply message as follows: if the associated mapping stored in the mapping system is in traffic engineering format, the mapping system will compare the ITR locator field included in the map request message with the locator address included in each hop of the traffic engineering mapping. If there is a match, the mapping system returns the next hop's locator, as a single locator in a map reply message. If there was no match, the mapping system returns the first hop address as a single locator in a map reply message.” a map reply is returned to the router indicating the address of the next hop.), 
for populating the overlay route in the border router to forward the communications to the endpoint (Ermagan: para.0112 “After finding a match the mapping system can return the full result, as well as a processed result where the matched mapping is returned as a simple locator. In the latter case, the tunnel router will use the locator for the overlay destination independent of the requesting source for future flows.” para.0134 “A Network Service Header (NSH) provides an identifier that is used to select the network overlay for forwarding packets along a service chain.”)
via the second tunnel router (Ermagan: para.0139, 144 SFF) for insertion of the service (Ermagan: para.0139 “The SF may decrement the index to indicate that the service was performed. After SF, the NSH may again be consulted to select the needed overlay to the next SFF. These operations may be repeated until the end of the service chain, in which case the original packet is forwarded. In some implementations, each node performing service path selection (e.g., using NSH SPI and SI values) may receive a table from the control plane.” para.0143 “Various ones of the embodiments disclosed herein extend the LISP mapping database, and the LISP control protocol, to include NSH SPI and SI as keys, and therefore may enable LISP to return the needed overlay next hop based on the NSH header information for service chain forwarding.” next hop SFF information is obtained during processing of packet in service chain. para.0144 “The mapping database may return the locator(s) for the next SFF(s) for a given NSH hop. In some embodiments, these extensions may be implemented by extending the LISP canonical address formats to include NSH data and service path information.”) 
 that is external (Ermagan: para.0004-6) to the network. (Ermagan: para.0058-59 “FIG. 5 illustrates an example policy resolution for resolving forwarding states of two example VPNs: VPN1={a,b,c} and VPN2={c,d,e}. VPN Policies 432 can be applied by the mapping server to map forwarding state for sources and destinations. For example, for VPN1={a,b,c}, router A 410 can have an eid “a” and RLOC “A,” router B 412 can have an eid “b” and RLOC “B,” router C 414 can have an eid “c” and RLOC “C.” For VPN1={a,b,c}, a source router can be mapped to a destination router based on the RLOC of the destination router. Likewise for VPN2={c,d,e}. Router D 416 can include eid “d” and RLOC “D,” and router E can include eid “e” and RLOC “E.” Noteworthy is that router c can be used by both VPN1 and VPN2” routing can occur to nodes that are outside of a first enterprise VPN).
However Ermagan-Jain does not explicitly disclose wherein the second host comprises a Fifth Generation (5G) endpoint.
Allan discloses wherein the second host comprises a Fifth Generation (5G) endpoint (Allan: para.0063 “In a 5G handoff a handover request has knowledge of the source and target gNodeBs. With knowledge of the target gNodeB, the TR associated with the source gNodeB can use the LISP mapping system to resolve the target TR RLOC and can then coordinate the handoff with it and be able to redirect traffic sent prior to synchronization of other systems with the new EID/RLOC binding. This involves additional messaging, including example message types and processes as described further herein below.” it can be seen that RG nodes have EID/RLOC bindings and can be routed to.  These steps similar to LISP operations of Ermagan can be seen in fig. 5).
Therefore it would have been obvious to one of ordinary skill in the art would have been motivated to combine Ermagan-Jain in order to incorporate wherein the second host comprises a Fifth Generation (5G) endpoint.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of efficiency and speed that comes with the incorporation of a 5G network.


Claim(s) 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ermagan et al. (hereinafter Ermagan, US 2017/0026417 A1) in view of Jain et al. (hereinafter Jain, US 2018/0367337 A1) in view of Goldner et al. (hereinafter Goldner, US 2015/0011182 A1). 

Regarding Claim 12, Ermagan discloses claim 1 as set forth above.
However Ermagan does not explicitly disclose wherein the service comprises one of firewall or security service, a billing or an accounting service, a service level agreement (SLA) monitoring service, or a Quality of Service (QoS) policy service.
Goldner discloses wherein the service comprises one of firewall or security service, a billing or an accounting service, a service level agreement (SLA) monitoring service, or a Quality of Service (QoS) policy service (Goldner: para.0144: “In some embodiments, the TDF module may operate as traffic classifier for service chaining; and may classify and route traffic into (or towards) different Service Functions, which may comprise different service chains based on ADC Rules received from the PCRF module. Such service functions, which may also be referred to herein as "supplemental services" or "value-added services", may comprise Quality of Service (QoS) enforcement service function, bandwidth limiting service function, and/or other service functions (e.g., parental control service, content filtering service, anti-virus services, anti-malware service).” security services, SLA, and QoS services can be part of the service chain.).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date to combine Ermagan-Jain with Goldner in order to incorporate wherein the service comprises one of firewall or security service, a billing or an accounting service, a service level agreement (SLA) monitoring service, or a Quality of Service (QoS) policy service.
One of ordinary skill in the art would have been motivated to combine because of the expected benefit of improved user satisfaction from these types of services being implemented (Goldner: para.0144.)

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Ravindran et al. (Us 2019/0081890 A1) see para.0002, and 43 Fig. 1, showing a similar LISP configuration as current application.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EUI H KIM whose telephone number is (571)272-8133. The examiner can normally be reached 7:30-5 M-R, M-F alternating.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kamal B Divecha can be reached on 5712725863. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/EUI H KIM/             Examiner, Art Unit 2453                                                                                                                                                                                           

/KAMAL B DIVECHA/             Supervisory Patent Examiner, Art Unit 2453