DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
The examiner has taken notice that claims 1-2, 5, 7, 10, and 14-20 have been amended.  Claims 1-20 are pending in the current application.
Response to Arguments
Applicant's arguments filed 10/12/2022 have been fully considered but they are not persuasive.
	Applicant argues that neither Miriyala nor Agrawal teach or suggest the flexible routing of ports to enable changes to SDN appliance routing in the context of an appliance-based architecture for policy enforcement, as recited in independent claims 1, 7, and 15.  The examiner respectfully disagrees.
	As cited in the previous office action, Miriyala teaches a virtual computing environment with servers comprising virtual network agents (SDN appliances) connected to a virtual network controller and top-of-rack switches (Miriyala - Fig. 2, note servers 12A to 12X connected to TOR (top-of-rack) switches 16A to 16N, respectively; Col. 4 lines 17-27, note virtual network controller 22 operating in conjunction with other software-defined network; Col. 10 lines 45-64, note each of the servers 12 includes a corresponding on of virtual network (VN) agents 35A-35X that communicate with virtual network controller 22).  Miriyala also teaches policy enforcement which can be offloaded to various devices (Miriyala - Fig. 2; Col. 7 lines 50-67, note scalable policy deployment is extended to allow supporting network devices, such as TOR switches 160-16Z to enforce policies on behalf of devices, such as BMS (bare-metal server) 28; Col. 8 lines 31-47, note scalable policy deployment, policy enforcement-related operations may be performed by any of TOR switches 16, chassis switches 18, or other network devices that make up switch fabric 14; Col. 9 lines 9-41, note scalable policy management using supporting network devices to enforce policies in support of adjacent network devices, offload operations of the VN agent (policy enforcement, which can be performed by servers 12A-12X, as shown in Fig. 2) to balance resource utilization); Col. 11 lines 39-67 and Col. 12 lines 1-3, note virtual network controller 22 includes a policy controller 23, which distributes, to respective VN agents 35 (each corresponding to a server), a plurality of policies, which each include one or more policy rules for controlling network traffic, VN agents 35 permit or block network traffic to and/or from the logical interfaces based on the one or more policy rules).  Miriyala further teaches routing of data packets (Miriyala - Fig. 1; Col. 10 lines 45-64, note routing of packets within server 12, routing packets through data center 10A (determined by the protocol, source IP address, destination IP address, source port, and destination port that are used to route packets through the physical network, see Col. 4 lines 32-43)).
	Although Miriyala does not explicitly teach forwarding of packets over different ports when a port is inaccessible, Agrawal teaches performing failover for packets to be forwarded over alternative ports (Agrawal - Col. 4 lines 39-45, note replicates multicast packets in the data plane and quickly performs a failover (identifying another egress path or port to forward multicast packet(s) to the destination, see Col. 1 lines 19-27) when an egress port or an egress path is identified as failed).  It would have been obvious to one of ordinary skill in the art to incorporate the failover feature of Agrawal to the TOR switches and policies of Miriyala to control the flow of network traffic over ports/interfaces.  Therefore, the combination of Miriyala and Agrawal still teaches flexible routing of ports to enable changes to SDN appliance routing in the context of an appliance-based architecture for policy enforcement, as recited in independent claims 1, 7, and 15.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 3, 5-9, 11-12, 14-15, 17, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Miriyala et al. (US 10,742,557 B1), hereinafter referred to as Miriyala, in view of Agrawal et al. (US 10,237,206 B1), hereinafter referred to as Agrawal.

	Regarding claim 1, Miriyala teaches a system for implementing policies in a software defined network (SDN) of a virtual computing environment (Miriyala - Fig. 1; Col. 3 lines 25-40, note network system; Col. 4 lines 17-27, note virtual network controller 22 operating in conjunction with other software-defined network), the system comprising:
	one or more processors (Miriyala - Fig. 2; Col. 2 lines 29-33, note one or more processors of a policy controller); and
	a memory in communication with the one or more processors, the memory having computer-readable instructions stored thereupon that, when executed by the one or more processors (Miriyala - Col. 2 lines 29-33, note non-transitory computer-readable storage medium having stored thereon instructions executable by one or more processors of a policy controller), cause the system to perform operations comprising:
	receiving, at an ingress port from a first of two network switches, a data packet addressed to an endpoint in a virtual network of the virtual computing environment (Miriyala - Fig. 1; Col. 10 lines 45-64, note routing of packets within server 12, routing packets through data center 10A (determined by the protocol, source IP address, destination IP address, source port, and destination port that are used to route packets through the physical network, see Col. 4 lines 32-43)), the virtual computing environment comprising two SDN appliances communicatively coupled to the two network switches (Miriyala - Fig. 2, note servers 12A to 12X connected to TOR (top-of-rack) switches 16A to 16N, respectively; Col. 10 lines 45-64, note each of the servers 12 includes a corresponding on of virtual network (VN) agents 35A-35X that communicate with virtual network controller 22), the two SDN appliances configured to disaggregate enforcement of policies of the SDN from hosts of the virtual computing environment (Miriyala - Fig. 2; Col. 7 lines 50-67, note scalable policy deployment is extended to allow supporting network devices, such as TOR switches 160-16Z to enforce policies on behalf of devices, such as BMS (bare-metal server) 28; Col. 8 lines 31-47, note scalable policy deployment, policy enforcement-related operations may be performed by any of TOR switches 16, chassis switches 18, or other network devices that make up switch fabric 14; Col. 9 lines 9-41, note scalable policy management using supporting network devices to enforce policies in support of adjacent network devices, offload operations of the VN agent (policy enforcement, which can be performed by servers 12A-12X, as shown in Fig. 2) to balance resource utilization);
	mapping, by the first SDN appliance, a policy associated with the endpoint based on the virtual network associated with the data packet (Miriyala - Fig. 2; Col. 11 lines 39-67 and Col. 12 lines 1-3, note virtual network controller 22 includes a policy controller 23, which distributes, to respective VN agents 35 (each corresponding to a server), a plurality of policies, which each include one or more policy rules for controlling network traffic, VN agents 35 permit or block network traffic to and/or from the logical interfaces based on the one or more policy rules);
	applying, by the first SDN appliance, the policy to the data packet (Miriyala - Col. 12 lines 4-11, note policy controller 23 distributes one or more policy rules via Border Gateway Protocol (BGP), which may include an action for a particular traffic flow (comprising packets), such as allowing or denying the flow);
	wherein the policy is dynamically adjustable based on the endpoint (Miriyala - Fig. 2; Col. 5 lines 17-33, note policy framework allows tagging of objects that execute or otherwise process workloads with specific dimensions across multiple levels; Col. 11 lines 39-52, note the policy controller 23 is configured to tag a plurality of objects across a plurality of levels, the plurality of levels include a level of an object, such as a global environment level, a project level, a virtual network level, a virtual machine level, or an interface level of the object, and may also tag the plurality of objects across a plurality of categories, the plurality of categories include applications executing within VMs (virtual machines) 36, deployments, application tiers, geographic sites, virtual networks, WLs (workloads) 37, interfaces, projects, security requirements, quality requirements, users, or compliance requirements; Col. 11 lines 53-59, note each policy of the plurality of policies includes one or more policy rules for controlling network traffic, each policy rule of the plurality of policy rules specifies one or more tags).
	Miriyala does not teach determining that a corresponding egress port on the first network switch is not accessible; and in response to determining that a corresponding egress port on the first network switch is not accessible: forwarding, via a second egress port on the second network switch, the data packet to the endpoint; wherein the data packet is forwarded via the second egress port of the second network switch using current flow states for the data packet, thereby enabling the data packet to be forwarded via the second egress port of the second network switch.
	In an analogous art, Agrawal teaches determining that a corresponding egress port on the first network switch is not accessible (Agrawal - Col. 8 lines 27-36, note when a physical egress port fails, one of the monitoring units generates a hardware signal that identifies the physical egress port as a filed port); and
	in response to determining that a corresponding egress port on the first network switch is not accessible:
	forwarding, via a second egress port on the second network switch, the data packet to the endpoint (Agrawal - Col. 4 lines 39-45, note replicates multicast packets in the data plane and quickly performs a failover (identifying another egress path or port to forward multicast packet(s) to the destination, see Col. 1 lines 19-27) when an egress port or an egress path is identified as failed);
	wherein the data packet is forwarded via the second egress port of the second network switch using current flow states for the data packet, thereby enabling the data packet to be forwarded via the second egress port of the second network switch (Agrawal - Col. 8 lines 56-65, note each packet has a set of fields (n tuple) that uniquely identifies the packet’s flow, a hash of the n tuple of each packet is used to identify an egress port for the packet; Col. 8 lines 66-67 and Col. 9 lines 1-7, note resilient hashing is used to ensure that only the flows that were sent through the failed egress port are diverted to an alternative port without redistributing the flows that were sent through the operational ports (i.e., redirecting a packet flow without disrupting other packet flows)).
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to incorporate the teachings of Agrawal into Miriyala in order to implement hardware-based failover via policies by forwarding data packets through the egress port of a different switch, reducing latency (Agrawal - Col. 1 lines 13-27).

	Regarding claim 3, Miriyala does not teach wherein hashing, layered hashing, or portchannel-based hashing is used to enable switching between ports.
	In an analogous art, Agrawal teaches wherein hashing, layered hashing, or portchannel-based hashing is used to enable switching between ports (Agrawal - Col. 8 lines 66-67 and Col. 9 lines 1-7, note resilient hashing is used to ensure that only the flows that were sent through the failed egress port are diverted to an alternative port without redistributing the flows that were sent through the operational ports; Col. 10 lines 12-22, note when an egress port fails, an alternative port is selected for the flow whose path has failed).
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to incorporate the teachings of Agrawal into Miriyala for the same reason as claim 1 above.

	Regarding claim 5, Miriyala does not teach wherein the first port is part of a first bank of ports and the second port is part of a second bank of ports.
	In an analogous art, Agrawal teaches wherein the first port is part of a first bank of ports and the second port is part of a second bank of ports (Agrawal - Col. 6 lines 63-67 and Col. 7 lines 1-3, note identify an alternative port depending on whether the failed port is a logical port associated with a n ECMP group, a physical port associated with a LAG (link aggregation group), or a single physical port not associated with a LAG (i.e., ports may be associated with an ECMP group, LAG, or neither)).
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to incorporate the teachings of Agrawal into Miriyala for the same reason as claim 1 above.

	Regarding claim 6, Miriyala does not teach wherein failed ports that become operational are reinstated in a staggered function.
	In an analogous art, Agrawal teaches wherein failed ports that become operational are reinstated in a staggered function (Agrawal - Col. 9 lines 16-26, note the status for each physical port is maintained, if a port becomes operational at a later time, the status is changed back to “operational”).
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to incorporate the teachings of Agrawal into Miriyala for the same reason as claim 1 above.

	Regarding claim 7, the claim is interpreted and rejected for the same reason as claim 1, except the claim is written in a method claim format.

	Regarding claim 8, the combination of Miriyala and Agrawal, specifically Miriyala teaches wherein the policy is dynamically adjustable further based on a networking environment (Miriyala - Col. 5 lines 17-33, note policy framework allows tagging of objects that execute or otherwise process workloads with specific dimensions across multiple levels; Col. 11 lines 39-52, note the policy controller 23 is configured to tag a plurality of objects across a plurality of levels, the plurality of levels include a level of an object, such as a global environment level, a project level, a virtual network level, a virtual machine level, or an interface level of the object; Col. 11 lines 53-59, note each policy of the plurality of policies includes one or more policy rules for controlling network traffic, each policy rule of the plurality of policy rules specifies one or more tags).

	Regarding claim 9, the combination of Miriyala and Agrawal, specifically Miriyala teaches wherein the policy is dynamically adjustable further based on one or more criteria (Miriyala - Col. 5 lines 17-33, note policy framework allows tagging of objects that execute or otherwise process workloads with specific dimensions across multiple levels; Col. 11 lines 39-52, note the policy controller 23 may also tag the plurality of objects across a plurality of categories, the plurality of categories include applications executing within VMs (virtual machines) 36, deployments, application tiers, geographic sites, virtual networks, WLs (workloads) 37, interfaces, projects, security requirements, quality requirements, users, or compliance requirements; Col. 11 lines 53-59, note each policy of the plurality of policies includes one or more policy rules for controlling network traffic, each policy rule of the plurality of policy rules specifies one or more tags).

	Regarding claim 11, the combination of Miriyala and Agrawal, specifically Miriyala teaches wherein the host is not a virtual machine (Miriyala - Col. 3 lines 54-58, note each of data centers 10 includes a set of storage systems and application servers 12A-12X interconnected via high-speed switch fabric 14 provided by one or more tiers of physical network switches and router).

	Regarding claim 12, the claim is interpreted and rejected for the same reason as claim 3.
	Regarding claim 14, the claim is interpreted and rejected for the same reason as claim 5.

	Regarding claim 15, the claim is interpreted and rejected for the same reason as claim 1, except the claim is written in a computer-readable medium (CRM) claim format, which is taught by Miriyala (Miriyala - Col. 2 lines 29-44, note non-transitory computer-readable storage medium having stored thereon instructions executable by one or more processors).

	Regarding claim 17, the claim is interpreted and rejected for the same reason as claim 3.
	Regarding claim 19, the claim is interpreted and rejected for the same reason as claim 5.
	Regarding claim 20, the claim is interpreted and rejected for the same reason as claim 6.

Claims 2, 4, 10, 13, 16, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Miriyala in view of Agrawal as applied to claims 1, 3, 7, 12, 15, and 17 above, and further in view of Shah et al. (US 2016/0232019 A1), hereinafter referred to as Shah.

	Regarding claim 2, the combination of Miriyala and Agrawal does not teach wherein the flow states comprise a Transmission Control Protocol (TCP) flow state and locality.
	In an analogous art, Shah teaches wherein the flow states comprise a Transmission Control Protocol (TCP) flow state and locality (Shah - Paragraph [0044], note the CFA (configurable flow accelerator) may also supported execution of Software Defined Networking (SDN) policies; Paragraph [0053], note the CFA may track flow states and identify and/or assign ages to the flows, TCP flow states can be tracked for established flows, TCP flows on which a TCP FIN (finished) bit was detected, etc.).
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to incorporate the teachings of Shah into the combination of Miriyala and Agrawal in order to perform flow processing such as traffic shaping, metering, and scheduling based on TCP flow states (Shah - Paragraph [0044]).

	Regarding claim 4, the combination of Miriyala and Agrawal, specifically Agrawal teaches the system further comprising implementing equal-cost multi-path (ECMP) routing (Agrawal - Col. 8 lines 40-55, note the process determines whether the logical port is associated with an ECMP (equal cost multi path, see Col. 2 lines 43-54), the process identifies an alternative logical port from the ECMP using resilient hashing).

	Regarding claim 10, the claim is interpreted and rejected for the same reason as claim 2.
	Regarding claim 13, the claim is interpreted and rejected for the same reason as claim 4.
	Regarding claim 16, the claim is interpreted and rejected for the same reason as claim 2.
	Regarding claim 18, the claim is interpreted and rejected for the same reason as claim 4.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
	Zuk et al. (US 2015/0026794 A1) discloses software defined networking and firewall appliances to enforce security policies for packet flows.
	Edsall et al. (US 2015/0124809 A1) discloses enforcing policies at ingress switches and on data packets for software-defined networks.
	Barabash et al. (US 2015/0365327 A1) discloses a software defined network based computing environment including two network appliances to enforce flow policy by limiting forwarding of data packets.
	Shetty et al.  (US 2016/0094461 A1) discloses a software defined network controller employing traffic flow policies and software defined virtual appliances.
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BAILOR C HSU whose telephone number is (571)272-1729. The examiner can normally be reached Mon-Fri. 9:00 am - 5:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Huy Vu can be reached on (571)-272-3155. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BAILOR C HSU/Patent Examiner, Art Unit 2461                                                                                                                                                                                                        
/HUY D VU/Supervisory Patent Examiner, Art Unit 2461