DETAILED ACTION

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 24 August 2022 has been entered.
 
Response to Arguments
Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claim(s) 1,8 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over XIE et al. (US 2021/0266189 A1), in view Fitzgibbon (US 2018/0123910 A1).

Regarding claim 1, XIE discloses method comprising (XIE [0006] discloses a packet forwarding method and a node, to improve BIER packet encapsulation or decapsulation performance and BIER packet forwarding performance):
receiving, at a router (PE 1) of a first network (IGP domain 1) of a multi-cloud fabric comprising two or more networks (IGP domain 1 and IGP domain 2) (XIE, fig. 6(a) and fig(b) [0266] discloses a router, PE 1, in IGP domain 1 receiving a multicast data packet from a terminal device or a network device (CE 1)),
a first data packet (a multicast data packet from a terminal device (CE 1)) from a source end-point group (PE 1/router/edge device at the edge of a customer network) within the first network (IGP domain 1) (XIE, fig. 6(a) and fig(b) [0266] discloses a PE 1, a router in IGP domain 1 receiving a multicast data packet from a terminal device or a network device (CE 1)); 
forwarding the first data packet (message) by the router (PE 1) to a service end-point group (PE 2) (XIE [0275] discloses step 2: configure an identifier of a VPN #1 and an IPv6 address on the PE 1, which are respectively an identifier of VRF #1 and an IPv6 address #1, where the IPv6 address #1 corresponds to the identifier of the VRF #1, and the IPv6 address #1 may also be referred to as an IPv6 address of the PE 1. [0278] the PE 1 encapsulates the identifier of the VRF #1 and the IPv6 address #1 in a BGP-VPN route message, and sends the BGP-VPN route message to the PE 2. [0279] the PE 1 encapsulates the identifier of the VRF #1 and the IPv6 address #1 in a BGP-EVPN route message, and sends the BGP-EVPN route message to the PE 2), 
forwarding the first data packet (encapsulated message) by the service end-point group (PE 2) to a destination end-point group (CE 2) within a second network (XIE, fig. 6(a) & (b), [0265] discloses a node CE 2 that is the IGP domain 2 and that is connected to the PE 2 in the IGP domain 2. The packet sent from the terminal device in the CE 1/source group is received at the router (PE 1). The message is encapsulated with identifiers by PE 1 and sent to PE 2, a router in IGP domain 2. PE 2 decapsulates the packet and sends it a destination group where it will be sent to an identified terminal device in CE 2/destination group).
XIE did not explicitly disclose receiving, at the service end-point group from the destination end-point group, a second data packet from the destination end-point group, wherein the first data packet has been processed by the destination end-point group to provide the second data packet, and wherein the second data packet includes one of (i) an identity of the service end-point group or (ii) an address of the source end-point group; forwarding the second data packet by the service end-point group to the router; based on the one of (i) the identity of the service end-point group or (ii) the address of the source end-point group within the second data packet being located within an access list, identifying, by the router, a virtual routing and forwarding instance (VRF) for the source end-point group for forwarding the second data packet to the source end- point group; and based at least in part on identifying the VRF, forwarding the second data packet by the router to the source end-point group using the VRF.
Fitzgibbon discloses receiving, at the service end-point group (IPsec device 308) from the destination end-point group (IPsec device 312), a second data packet (a second IP/ESP packet) from the destination end-point group (Fitzgibbon, fig. 3, 4A & 4B, [0039] the source node could correspond to IPsec device 308 and the destination node could correspond to IPsec device 312. [0041] The source node can receive a second IP/ESP packet from the destination node (step 406)), and
wherein the first data packet (first IP/ESP packet) has been processed by the destination end-point group (IPsec device 312) to provide the second data packet (Fitzgibbon [0041] The first IP/ESP packet can be processed at the destination node as described in reference to FIG. 4B; [0044-0045] destination node process the received first IP packet) and
wherein the second data packet (second IP/ESP packet) includes one of (i) an identity of the service end-point group or (ii) an address of the source end-point group (IPsec device 308) (Fitzgibbon [0044-0045] the destination node can create the response path quality record, wherein the response path quality record includes the path quality measurement data (step 458). The destination node can then add the response path quality record to the TFC padding field of the second IP/ESP packet (step 460). Next, the destination node can send the second IP/ESP packet to the source node (step 462). Thus, the response path is defined in the response path quality record and includes the address of IPsec device 308/source end-point group located in the source domain and the address of a destination client (302 or 304) in the source group); and 
forwarding the second data packet by the service end-point group (IPsec device 308) to the router (router 306) (fig. 3; [0038]); 
based on the one of (i) the identity of the service end-point group (router 306) or (ii) the address of the source end-point group within the second data packet being located within an access list (Fitzgibbon [0041] the first IP/ESP packet can be processed at one of the destination nodes (Server 316-318) as described in reference to FIG. 4B. The destination node (Server 316-318) can, in response to processing the first IP/ESP packet, send a second IP/ESP packet to the router 314 identified in the destination network (320). The packet is then sent from the destination router 314 to the router 306 identified in the source domain where the packet is sent the back to one of the source nodes (client 302-304). The source node can then receive a second IP/ESP packet from the destination node (step 406)), and 
identifying, by the router (Router 306), a virtual routing and forwarding instance (VRF) ((VPNs with virtual tunnels/for routing/forwarding encapsulated packets) for the source end-point group (IPsec device 308) for forwarding the second data packet (second IP/ESP packet) to the source end-point group (Fitzgibbon, [0032] virtual tunnels are created connecting VPNs for routing and forwarding encapsulated packets. [0041] the first IP/ESP packet can be processed at one of the destination nodes as described in reference to FIG. 4B. The destination node can, in response to processing the first IP/ESP packet, send a second IP/ESP packet to the router identified in the destination network. The packet is then sent from the destination router 314 to the router 306 identified in the source domain where the packet is sent the back to one of the source nodes (client 302-304). The source node can then receive a second IP/ESP packet from the destination node (step 406)),
based at least in part on identifying the VRF (Virtual tunnels for routing/forwarding packets), forwarding the second data packet (second IP/ESP packet) by the router to the source end-point group using the VRF (Fitzgibbon [0032] virtual tunnels are created connecting VPNs for routing and forwarding encapsulated packets. In a tunnel mode secure connection, VPNs are created and the tunnels are used to exchange data between the VPNs [0041] the first IP/ESP packet can be processed at one of the destination nodes as described in reference to FIG. 4B. The destination node can, in response to processing the first IP/ESP packet, send a second IP/ESP packet to the router identified in the destination network. The packet is then sent from the destination router 314 to the source router 306 identified in the source domain where the packet is sent the back to one of the source nodes. The source node can then receive a second IP/ESP packet from the destination node (step 406)).
One of ordinary skill would have been motivated to combine the teachings of XIE and Fitzgibbon these teachings are from the same field of study in reference to the techniques for routing packets to a destination address.
Therefore, before the effective filing date of the invention, it would have been obvious to a person of ordinary skill in the art to incorporate the strategies by Fitzgibbon into the system by XIE thereby performing minimally invasive monitoring of path quality in a network, thus protecting the integrity of the path, Fitzgibbon [Abstract].

Regarding claim 8, the claim is rejected with rational similar to that of claim 1.
Regarding claim 15, the claim is rejected with rational similar to that of claim 1.

Claim(s) 2,3,5,9-10,12,16-17 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over XIE et al. (US 2021/0266189 A1), in view Fitzgibbon (US 2018/0123910 A1), further in view of Kakadia et al. (US 2011/0314119 A1).

Regarding claim 2, XIE modified by Fitzgibbon does not disclose wherein identifying, by the router, the VRF and forwarding the second data packet by the router to the source end-point group comprises:upon receipt at the router of the first data packet from the source end-point group, creating the access list matching the address of the source end-point group and the address of the destination end-point group; based on the access list matching the address of the source end-point group and the address of the destination end-point group, creating a route map identifying the VRE; upon receipt at the router of the second data packet from the service end-point group, based at least in part on the address of the source end-point group, matching, by the router, the address of the source end-point group in the access list; based at least in part on the matching the address of the source end-point group in the access list, identifying the VRF; and based at least in part on identifying the VRF, forwarding the second data packet by the router to the source end-point group using the VRF.
Kakadia discloses wherein identifying, by the router, the VRF [0007] and forwarding the second data packet by the router to the source end-point group [0011] comprises: 
upon receipt at the router of the first data packet from the source end-point group, creating an access list matching the address of the source end-point group and the address of the destination end-point group (Kakadia [0013] discloses for each request (received from a client) one of the advertising routers (one from an access list of routers capable of fulfilling the request) is selected, by the first router, as a target router based, at least in part, on the metrics to achieve a first level load balancing (matching the requesting client to the target router), so that the second request is forwarded to the target router and the server pool associated with the target router is to provide the service; [0050] discloses the persistent session detector 530 determines whether any service request belongs to a persistent session and if it is, stores such information in a persistent session list 535 (creating an access list matching the address of the source end-point group and the address of the destination end-point group). [0052] the server selection mechanism 540 updates, at 680, the persistent session list 535 (access list) so that the next packet of the same service will be handled in a manner consistent with what is required for a persistent session);
based on the access list matching the address of the source end-point group and the address of the destination end-point group, creating a route map identifying the VRF (Kakadia [0040] discloses when a recipient router, such as router 325, receives information from another router advertising a service, it incorporates the received information in a routing table (stores mapping of source end-point group and destination end-point addresses including next hops from source to destination)  in a way so that the recipient router can make a routing decision based on the information incorporate therein. FIG. 3(b) shows an exemplary routing table 370 of router 325 based on which router 325 can select a target router advertising a particular service, based on information incorporated in the table, to route a service request. For example, routing table 370 includes information such as the VIP address of the service advertised (375), the next hop where the advertising router can be reached (380), the network distance to reach the advertising router (385), and health metrics (390), etc.); [0041] From routing table 370, there are two entries related to desired service 1.1.1.1, one is from advertising router 335 with the next hop at 192.168.1.1 and advertising router 340 with the next hop at 172.1.1.1, where the former has a network distance of 1 (hop) and the latter has a network distance of 2 (hops) (number of hops/mapping  of Virtual Internet addresses (VIPs) from a source end-point group to a destination end-point group based on access list matching the source end-point group and the address of the destination end-point group) from router 325),
upon receipt at the router of the second data packet (requested service) from the service end-point group (NGSLB-250-K), based at least in part on the address of the source end-point group (225), matching, by the router, the address of the source end-point group in the access list (Kakadia, fig. 2, discloses a client 220 sending a request to an source group router 225 which selects and forwards the request to a selected target destination group router 260-K where the request is forwarded to a selected target server. Upon receipt of the service request at the target server, the request is processed at the selected server. After processing the request, the target server sends the result of the processed request to the destination group router 250-k, where it is matched with the address of the source group router – 225 and transmitted to the matched source group address 225, then forwarded to a destination client 220);
based at least in part on the matching the address of the source end-point group in the access list, identifying the VRF (forwarding/routing messages to selected/identified virtual IP/VIP/target server) (Kakadia, fig. 2, discloses a client 220 sending a request to an source group router 225 which selects and forwards the request to a selected target destination group router 260-K where the request is forwarded to a selected target server. Upon receipt of the service request at the target server, the request is processed at the selected server. After processing the request, the target server sends the result of the processed request to the destination group router 250-k, where it is matched with the address of the source group router – 225 and transmitted to the matched source group address 225, then forwarded to a destination client 220. Each server in the pool of servers has a corresponding virtual IP address/VIP used to for routing and forwarding messages); and
based at least in part on identifying the VRF, forwarding the second data packet by the router to the source end-point group using the VRF (Kakadia, fig. 2, discloses a client 220 sending a request to an source group router 225 which selects and forwards the request to a selected target destination group router 260-K where the request is forwarded to a selected target server. Upon receipt of the service request at the target server, the request is processed at the selected server. After processing the request, the target server sends the result of the processed request to the destination group router 250-k, where it is matched with the address of the source group router – 225 and transmitted to the matched source group address 225, then forwarded to a destination client 220. Each server in the pool of servers has a corresponding virtual IP address/VIP used to for routing and forwarding messages).
One of ordinary skill would have been motivated to combine the teachings of XIE, Fitzgibbon and Kakadia these teachings are from the same field of study in reference to the techniques for routing packets to a destination address.
Therefore, before the effective filing date of the invention, it would have been obvious to a person of ordinary skill in the art to incorporate the strategies by Kakadia into the system by XIE and Fitzgibbon thereby providing a pool of destination server that are used for load balancing, Kakadia [Abstract].

Regarding claim 3, XIE, Fitzgibbon and Kakadia disclose the method of claim 2, wherein forwarding the second data packet by the router to the source end-point group using the VRF comprises: 
automatically forwarding the second data packet by the router to the source endpoint group based on virtual extensible local access network (VxLAN) encapsulation (Fitzgibbon [0032] discloses a tunnel mode secure connection, in which the entire IP packet is encrypted and authenticated. Next, the encrypted and authenticated IP packet is encapsulated into a new IP packet with a new IP header. VPNs are created using tunnel mode secure connections. [0050], the principle of carrying additional data in TFC padding applies to any IP tunneling protocol supports such padding. For example, a GRE or VXLAN tunnel could also pad IP packets with path quality data and work equally as well as an ESP solution).
The motivation to combine is similar to that of claim 2.

Regarding claim 5, Xie, Fitzgibbon and Kakadia disclose the method of claim 2, wherein forwarding the second data packet by the router (destination router – 250-K) to the source end-point group (225) using the VRF (VIP for virtually routing/forwarding comprises (Kakadia, fig. 2, discloses after processing a request from client, the target server sends the result of the processed request to the destination group router 250-k, where it is matched with the address of the source group router – 225 and transmitted to the matched source group address 225, then forwarded to a destination client 220. Each server in the pool of servers has a corresponding virtual IP address/VIP used to for routing and forwarding messages between the source and destination groups):
creating a tunnel interface (SRv6 tunnel) between the first network (IGP domain 1) and the second network (IGP domain 2) (Xie, fig. 6(a) discloses a first network (IGP domain 1) and second network (IGP domain 2. [Abstract] discloses a first node encapsulating, on a forwarding plane based on the first IPv6 address, a multicast data packet belonging to the first VPN, to obtain a to-be-forwarded BIER packet and sends the to-be-forwarded BIER packet. [0118] discloses a head node, a tail node, and an intermediate node, and forwarding an BIER packet through a SRv6 tunnel in the BIER packet forwarding between IGP domain 1 &2. [0120-0121] further discloses a SRH tunnel endpoint which may be referred to as an intermediate node, and is a router for forwarding a packet. [0121] a packet may carry the SRH or may not carry the SRH when being forwarded through the SRv6 tunnel. However, in the BIER packet forwarding method, the packet definitely carries the SRH when being forwarded through the SRv6 tunnel, and a group address is placed in the SRH);
forwarding, from the router via the tunnel interface, the second data packet to the second network (Xie, fig. 6(a) discloses a first network (IGP domain 1) and second network (IGP domain 2. [Abstract] discloses a first node encapsulating, on a forwarding plane based on the first IPv6 address, a multicast data packet belonging to the first VPN, to obtain a to-be-forwarded BIER packet and sends the to-be-forwarded BIER packet. [0118] discloses a head node, a tail node, and an intermediate node, and forwarding an BIER packet (first and second packets sent between IGP domains 1 &2) through a SRv6 tunnel in the BIER packet forwarding between IGP domain 1 &2. [0120-0121] further discloses a SRH tunnel endpoint which may be referred to as an intermediate node, and is a router for forwarding packets between the domains (first, second.. packets). [0121] a packet may carry the SRH or may not carry the SRH when being forwarded through the SRv6 tunnel. However, in the BIER packet forwarding method, the packet definitely carries the SRH when being forwarded through the SRv6 tunnel, and a group address is placed in the SRH); and
forwarding the second data packet (second IP/ESP packet) within the second network (destination network) to the source endpoint group using the VRF (Fitzgibbon [0041] the first IP/ESP packet can be processed at one of the destination nodes, in response to processing the first IP/ESP packet, send a second IP/ESP packet to the source node. The packet is then sent from the destination router 314 to the router 306 identified in the source domain where the packet is sent the back to one of the source nodes (client 302-304). The source node can then receive a second IP/ESP packet from the destination node (step 406))
The motivation to combine is similar to that of claim 2.

Regarding claim 9, the claim is rejected with rational similar to that of claim 2.
Regarding claim 10, the claim is rejected with rational similar to that of claim 3.
Regarding claim 12, the claim is rejected with rational similar to that of claim 5.
Regarding claim 16, the claim is rejected with rational similar to that of claim 2.
Regarding claim 17, the claim is rejected with rational similar to that of claim 3.
Regarding claim 19, the claim is rejected with rational similar to that of claim 5.

Claim(s) 4,6-7,11,13-14,18 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over XIE et al. (US 2021/0266189 A1), in view Fitzgibbon (US 2018/0123910 A1), in view of Kakadia et al. (US 2011/0314119 A1), further in view Agarwal et al.  (US 2012/0281706 A1).

Regarding claim 4, Xie, Fitzgibbon and Kakadia, disclose the method of claim 3, but did not explicitly disclose wherein the first network is a cloud network and the second network is an on-premises network.
Agarwal discloses wherein the first network is a cloud network and the second network is an on-premises network (Agarwal [0005] discloses providing a cloud bridge to bring network transparency between the otherwise disparate networks of the datacenter and cloud service provider. The present solution creates a cloud bridge between the datacenter network and the cloud provider network such. For example, appliances may be deployed in the datacenter and on the edge of the cloud. These appliances may be configured or designed and constructed to communicate with each other and recognize and understand the local IP and/or public IP network information of the on-premise datacenter of the enterprise and the cloud datacenter. These appliances may manage the flow of network traffic between the on-premise and cloud datacenters in a manner to appear and act seamlessly and transparently as a single network spanning both the on-premise and cloud data centers).
One of ordinary skill would have been motivated to combine the teachings of XIE, Fitzgibbon, Kakadia and  Agarwal these teachings are from the same field of study in reference to the techniques for routing packets to a destination address.
Therefore, before the effective filing date of the invention, it would have been obvious to a person of ordinary skill in the art to incorporate the strategies by Agarwal into the system by XIE, Fitzgibbon and Kakadia thereby provide a cloud bridge to bring network transparency between the otherwise disparate, Agarwal [Abstract].

Regarding claim 6, XIE, Fitzgibbon and Kakadia disclose the method of claim 5, but did not explicitly disclose wherein the first network is a cloud network and the second network is an on-premises network. 
Agarwal discloses wherein the first network is a cloud network and the second network is an on-premises network (Agarwal [0005] discloses providing a cloud bridge to bring network transparency between the otherwise disparate networks of the datacenter and cloud service provider. The present solution creates a cloud bridge between the datacenter network and the cloud provider network such. For example, appliances may be deployed in the datacenter and on the edge of the cloud. These appliances may be configured or designed and constructed to communicate with each other and recognize and understand the local IP and/or public IP network information of the on-premise datacenter of the enterprise and the cloud datacenter. These appliances may manage the flow of network traffic between the on-premise and cloud datacenters in a manner to appear and act seamlessly and transparently as a single network spanning both the on-premise and cloud data centers).
The motivation to combine is similar to that of claim 4. 

Regarding claim 7, Xie and Fitzgibbon did not explicitly disclose providing a second service end-point group; wherein identifying the VRF comprises identifying the VRF based on whether the router receives the second data packet from the first service end-point group or the second service end-point group.
Kakadia discloses providing a second service end-point group (Kakadia, fig. 2, discloses routers 235 and 240 (First and second service endpoint group) may both advertise the service desired by the client 220 by sending advertisement of the same VIP representing the desired service provided by the server pools associated with NGSLB 250-a and 250-k that are connected to the routers 235 and 240 (First and second service endpoint group), respectively. In sending such advertisement, routers 235 and 240 (First and second service endpoint group) also provide different metrics characterizing the connected NGSLBs. For example, such metrics include information indicating the health condition of the associated server pools 260-a and 260-k. The metrics may also include other conventional types of information such as the network distance represented by, e.g., the number of hops needed to reach the routers).
One of ordinary skill would have been motivated to combine the teachings of XIE, Fitzgibbon and Kakadia these teachings are from the same field of study in reference to the techniques for routing packets to a destination address.
Therefore, before the effective filing date of the invention, it would have been obvious to a person of ordinary skill in the art to incorporate the strategies by Kakadia into the system by XIE and Fitzgibbon thereby providing a pool of destination server that are used for load balancing, Kakadia [Abstract].
Xie, Fitzgibbon and Kakadia did not explicitly disclose wherein identifying the VRF comprises identifying the VRF based on whether the router receives the second data packet from the first service end-point group or the second service end-point group.
Agarwal discloses wherein identifying the VRF comprises identifying the VRF based on whether the router receives the second data packet from the first service end-point group or the second service end-point group (Agarwal [0014] the second intermediary device receives a response to the request from a server on the cloud network and forwarding the response to the first intermediary device, the response identifying the IP address of the client on the private network (Response identifies the IP address of the requesting client, thus identifying the server (request end-point group) serving the group of clients to which the requesting client belongs. Fig. 1B discloses an implementation of virtual routing and forwarding instance where clients on a source/first network send service request through a first network to a first appliance on the source network. The request is forwarded by the first appliance on the source network to a second appliance on a destination/service network through a second network and the second appliance on the destination/service network forwards the request to a server in the destination/service network that is identified in the request. In a similar fashion, responses from the destination/service network traverse through the appliance on the destination/service network to the appliance on the source/client network and routed to the client identified in the response).
The motivation to combine is similar to that of claim 6. 

Regarding claim 11, the claim is rejected with rational similar to that of claim 4.
Regarding claims 13-14, the claims is rejected with rational similar to that of claim 6-7.
Regarding claim 18, the claim is rejected with rational similar to that of claim 4.
Regarding claims 20, the claim is rejected with rational similar to that of claim 7.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following publications show the state of the art related to virtual routing and forwarding for paths through multi-cloud fabrics that utilize shared services.
Kim et al. (US 2013/0142201 A1).
Sinha et al. (US 2017/0324660 A1).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DIXON F DABIPI whose telephone number is (571)270-3673. The examiner can normally be reached 8:30 -5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Christopher L Parry can be reached on 571-272-8328. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/D.F.D/Examiner, Art Unit 2451                                                                                                                                                                                                        
/Chris Parry/Supervisory Patent Examiner, Art Unit 2451