Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Amendment filed on September 26, 2022 in response to the Office Action of July 13, 2022 is acknowledged and has been entered. Claims 1-2, 10-12, 15 and 19-22 have been amended. Claims 1-4, 6-8, 10-13, 15-17 and 19-24 are pending and under examination in this Office Action.
Response to Amendment
The claim objections to claims 1 and 15 are now withdrawn in view of amendments.
The claim rejection to claim 22 under 35 U.S.C. 112(b) is now withdrawn in view of amendments.
Applicant's arguments with respect to claims 1-4, 6-8, 10-13, 15-17 and 19-24 have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection. The previous claim rejections under35 U.S.C. 103 to claims 1-4, 6-8, 10-13, 15-17 and 19-24 are now withdrawn in view of the claim amendments. However, upon further consideration in view of the amendments, new grounds of rejection are now made. See the rejection section for details.
Claim Rejections - 35 USC § 103  
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 10-12, and 19-24 are rejected under 35 U.S.C. 103 as being unpatentable over Papo et al. (U.S. Pub. No. US 2019/0013963 A1), herein referred to as Papo, in view of Assarpour (U.S. Pub. No. US 2014/0086241 A1), and in further view of Cain et al. (U.S. Patent No. US 7,950,017 B1), herein referred to as Cain.
In regard to claim 1, Papo teaches a method by a first container of a network device (“… there is provided a method of sharing a network interface between virtualized operating systems in an embedded device … in a first operating system running in a first container managed by the host operating system …” – para. [0010]), the method comprising:
	receiving, from a second container of the network device, a request … (e.g. the first container receiving the data packets routing request from the second container; FIG. 4; FIG. 6A; “… In the example embodiment of FIG. 4, the system programs 420 in the proprietary Linux kernel 421 include support for multiple virtualized user space instances. As depicted, user space 220 contains a first container 310 and a second container 350. In this example, first container 310 is running a first operating system 320 (e.g. Tizen) …” – para. [0053]; “… In one example embodiment, an application (e.g. a bar code scanning application) is running in second OS 550 and requires a network connection …” – para. [0070]; “… Data packets received at external network interface 534 are routed using rules from IP table 532 to shared interface 536, then to network bridge 590, and then shared interface 556 in second OS 550, which then delivers the data packets to the bar code scanning application running in second OS 550. Thus, the bar code scanning application in second OS 550 (which does not have access to external network interface 534) is able to send and receive data packets by routing packets from the second container to the first container and ultimately to external network interface 534 …” – para. [0072]), wherein: …, …,
	the first container uses a standalone operating system (FIG. 4; “… In the example embodiment of FIG. 4, the system programs 420 in the proprietary Linux kernel 421 include support for multiple virtualized user space instances. As depicted, user space 220 contains a first container 310 and a second container 350. In this example, first container 310 is running a first operating system 320 (e.g. Tizen) …” – para. [0053]), and …
	Papo teaches the structure of exchanging requests between a first container and a second container in a network device. Papo does not explicitly teach, but Assarpour teaches the claimed standalone operating system of the claimed first container (e.g. as performed by a driver process – para. [0021]) receiving a request for a forwarding engine in a data plane (e.g. the dataplane hardware elements implementing a forwarding function – para. [0020]) of the network device to perform an operation (e.g. a driver process receiving request to update data for the dataplane hardware elements; FIG. 2; “… As shown in FIG. 2, in its simplest form, a network element includes … a forwarding function 18 to make forwarding decisions … The input function, forwarding function, and output function are implemented by dataplane hardware elements which have access to physical tables 22. The data contained in physical tables 22 controls operation of the dataplane hardware elements to enable the dataplane to handle packet forwarding as specified by the control plane …” – para. [0020]; “… The network element also includes a control plane having a set of applications 24 running on a processor (not shown). The applications set data into virtual tables 26 which is mapped by driver 28 to the physical tables 22 for use by the dataplane hardware elements …” – para. [0021]), wherein:	
	the forwarding engine receives data from a first port (e.g. the dataplane hardware elements implementing the input function – para. [0020]) of the network device and sends the data to a second port (e.g. the dataplane hardware elements implementing the output function – para. [0020]) of the network device (FIG. 2; “… As shown in FIG. 2, in its simplest form, a network element includes an input function 16 to receive packets of data from a communication network, a forwarding function 18 to make forwarding decisions, and an output function 20 to forward the packet onward onto the communication network. The input function, forwarding function, and output function are implemented by dataplane hardware elements which have access to physical tables 22 …” – para. [0020]), 
	the operation comprises one of reading configuration data from and writing configuration data to the forwarding engine (e.g. writing the configuration data to the dataplane hardware elements; FIG. 3; “… Driver 28 extracts information from the virtual tables 26 and installs information from the virtual tables into physical tables at the hardware layer (datapath hardware tables 18) … As data is written to the data path hardware tables, driver 28 passes commands to a Kernel API to cause the kernel drivers to install the correct entries into the actual physical tables and registers implementing data path hardware tables 18 that are utilized by the hardware to make packet forwarding decisions …” – para. [0030]), …, …,
	determining, based on the request, a type of forwarding engine to receive the request (e.g. determining the format of the attribute fields of the hardware physical tables to receive the information; FIG. 3; “… the API used by applications to interact with virtual tables 26 has a small set of commands, which enable SET, GET, and EVENT actions to be implemented on the virtual tables …” – para. [0023]; “… By using a generic driver which does not need to be updated as modifications are made to the underlying hardware, modifications to the data plane may be accomplished simply by updating the virtual table schema definitions 34 to adjust the format of the fields used in the virtual tables, adjust the format of the physical tables implementing the datapath hardware tables 18, or to adjust the mapping between the virtual tables and the data path hardware tables 18 …” – para. [0038]; “… The generic driver is configured to map attributes from the virtual tables to attributes in the physical tables. The configuration library includes a set of data structures and methods which are used by the generic driver to map information contained in the virtual tables to the physical tables. …” – para. [0039]);
	selecting, based on the determined type of forwarding engine, a first driver of a set of drivers (e.g. the generic driver associating with the configuration library – para. [0031], [0037]) associated with multiple types of forwarding engines (e.g. adapting the driver function based on configuration library, the configuration library specifying mapping information used by the dataplane hardware elements; FIG. 3; “… driver 28 is implemented as a generic driver containing a mapping function 40 …” – para. [0031]; “… The Config. LIB specifies where the generic driver should map information from the virtual tables 26 to tables and registers implementing data path hardware tables 18 used by the hardware to implement packet forwarding decisions. The mapped entries from virtual tables are passed to a kernel driver to cause the data to be set in the tables 18 …” – para. [0037]; “… By causing the driver behavior to be based on the configuration library, any hardware changes may be simply implemented by updating the table definition schema. Parsing the table definition to create a new configuration library based on the table definition allows the generic driver to accommodate the changes in functionality without requiring the underlying driver code to be updated. Thus, the driver is self-adapting in that it can automatically adjust to the new hardware environment without requiring modifications to the generic driver code …” – para. [0039]); …
	providing the translated request to the forwarding engine using the selected first driver (Examiner notes that Cain teaches the request is translated in the later section; FIG. 4; “… FIG. 4 illustrates an example mapping between an example virtual table and a set of physical tables used by hardware elements to implement forwarding decisions for packets of data … The generic driver uses methods 32 to access the data structures contained in the config LIB 30 to determine where the attributes specified in the virtual tables should be inserted in the physical tables implementing the datapath hardware tables in the data plane …” – para. [0040]); and
	performing, …, the operation on the forwarding engine (FIG. 3; “… As data is written to the data path hardware tables, driver 28 passes commands to a Kernel API to cause the kernel drivers to install the correct entries into the actual physical tables and registers implementing data path hardware tables 18 that are utilized by the hardware to make packet forwarding decisions …” – para. [0030]).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Papo in view of Assarpour in order to incorporate a method of providing a driver mapping function to intermediate the packet forwarding information between the control plane and the data plane of a network element as disclosed by Assarpour. One of ordinary skilled in the art would have been motivated because such incorporation would reduce the driver development cost and the time of bring the newly configured product to market by associating a configuration library with a generic driver (Papo, para. [0007], [0009]).
	Papo in view of Assarpour do not explicitly teach, but Cain teaches the request (e.g. the standard commands from the application programs - col. 5, ll. 17-38) is in a format that is not recognizable by the standalone operating system (e.g. the standard command format not recognizable by the operating system; FIG. 2; FIG. 3; “… FIG. 3 shows another schematic representation of the router 12 shown in FIG. 2, in which the router 12 is divided into a standard command region 28, and a platform specific region 30. In particular, the application programs 14 forward standard commands to the routing API 16 within the standard command region 28 … Specifically, the routing API 16 forwards platform specific commands to the operating system 18 (i.e., operating system specific commands) …” – col. 5, ll. 17-38; also refer to FIG. 2 with col. 4, ll. 36-49), …
	translating, by an agent (e.g. a routing API 16 - col. 5, ll. 17-38), the request into an operating-system level translated request in a format that is recognizable by the standalone operating system (FIG. 3; “… the routing API 16 is configured for use with any one of a plurality of operating systems 18. Accordingly, the API 16 is customized to receive standard commands from application programs 14, and translate such 35 standard commands (e.g., operating system commands, driver commands, etc ... ) into the format required by the underlying routing platform …” - col. 5, ll. 17-38); …
	and performing, by the agent and in response to determining by the standalone operating system that the agent is allowed to perform the operation, the operation … (FIG. 3; “Specifically, the routing API 16 forwards platform specific commands to the operating system 18 (i.e., operating system specific commands), the hardware drivers, and the mapper 22. The hardware driver and mapper 22 responsively forward further platform specific commands to the hardware 24 and forwarding plane 20, respectively …” - col. 5, ll. 17-38).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Papo in view of Assarpour and further in view of Cain in order to incorporate a method of using a routing API to translate commands from application programs into operating system recognizable commands as disclosed by Cain. One of ordinary skilled in the art would have been motivated because such incorporation would support vendor’s routing application programs without specific configurations to the vendor’s underlying routing platform (Cain, col. 4, ll. 12-35).
In regard to claim 2, Papo teaches the method further comprising: translating the request to a format that is used by the standalone operating system (e.g. translate the request to be supported by the first OS – para. [0050], [0054]); and providing the translated request to the standalone operating system (e.g. handling the translated request by the first OS; FIG. 2; FIG. 4; “... For example, the system programs 220 may handle system start-up processes and input/output requests from application software by translating requests into data-processing instructions for the processor 102 ...” - para. [0050]; “… processes 330 may make use of drivers and/or services 325 which are present in the kernel 321 of first OS 320 …” – para. [0054]).
In regard to claim 10, Papo teaches wherein the request for the forwarding engine of the network device to perform the operation is received from a library (e.g. drivers and/or services 365 in the second OS 360 – para. [0054]) of the second container (e.g. the second OS 360 of the second container 350 requesting to share a network interface; FIG. 4; “… first operating system 320 and second operating system 360 may also be considered to be processes executing in containers 310 and 350, respectively. Processes 330 may communicate with first OS 320. In particular, processes 330 may make use of drivers and/or services 325 which are present in the kernel 321 of first OS 320. Processes 370 may communicate with second OS 360, and in particular may make use of drivers and/or services 365 which are present in the kernel 361 of second OS 360 …” – para. [0054]; “… embedded computing device 100 is configured to share one or more network interfaces with one or more containers 310, 350. For example, first OS 320 running in container 310 can communicate with container 350 to share a network interface (e.g. a WiFi network interface) with second OS 360 in container 350 …” – para. [0057]) and wherein the library of the second container does not include a driver capable of performing the operation on the forwarding engine (FIG. 4; “… Thus, the instance of second OS 360 running in container 350 can communicate via the WiFi network interface in spite of the WiFi network interface not being natively supported by the kernel 361 of second OS 360 …” – para. [0057]).
Claim 11 is an independent claim corresponding to independent claim 1 and is therefore rejected for similar reasoning. Additionally, Papo teaches a network device, comprising: a memory configured to store a first container and a second container; and a processing device coupled to the memory, the processing device to executing the first container (“… there is provided a method of sharing a network interface between virtualized operating systems in an embedded device … in a first operating system running in a first container managed by the host operating system … in a second operating system running in a second container …” – para. [0010]; “… there is provided an embedded device, comprising: a processor; a memory containing computer-readable instructions for execution by said processor …” – para. [0020]).
In regard to claim 12, claim 11 is incorporated. Claim 12 corresponds to claim 2 and is therefore rejected for similar reasoning.
In regard to claim 19, claim 11 is incorporated. Claim 19 corresponds to claim 10 and is therefore rejected for similar reasoning.
Claim 20 is an independent claim corresponding to independent claim 1 and is therefore rejected for similar reasoning. Additionally, Papo teaches a non-transitory machine-readable medium having executable instructions to cause one or more processing devices to perform a method (“… there is provided an embedded device, comprising: a processor; a memory containing computer-readable instructions for execution by said processor …” – para. [0020]).
In regard to claim 21, Papo teaches wherein the first container does not include a primary host operating system of the network device (e.g. the first container not including the primary host operating system 421 as exemplified in FIG. 4 and see also para. [0052], [0053]).
In regard to claim 22, Papo teaches wherein a central processing unit (CPU) in a control plane executes a primary host operating system (FIG. 2; “… an operating system includes a kernel 121 that is the central core of the operating system … The kernel space 210 is typically reserved for specific operations associated with the kernel, referred to herein as system programs 220. For example, the system programs 220 may handle system start-up processes and input/output requests from application software by translating requests into data-processing instructions for the processor 102 …” – para. [0050]).
In regard to claim 23, Papo teaches wherein one or more of the first container and the second container is a virtual machine (FIG. 3; “… FIG. 3 depicts an example configuration of virtual memory 200 in an embedded computing device 100 which supports multiple containers …” – para. [0051]; “… Each container 310, 350 may execute an instance of an operating system …” – para. [0052]).
In regard to claim 24, Papo teaches the method further comprising providing a result of the operation to the second container (e.g. the first OS deciding the data packets routed to the second container; FIG. 6A; “… In one example embodiment, an application (e.g. a bar code scanning application) is running in second OS 550 and requires a network connection …” – para. [0070]; “… Data packets received at external network interface 534 are routed using rules from IP table 532 to shared interface 536, then to network bridge 590, and then shared interface 556 in second OS 550, which then delivers the data packets to the bar code scanning application running in second OS 550. Thus, the bar code scanning application in second OS 550 (which does not have access to external network interface 534) is able to send and receive data packets by routing packets from the second container to the first container and ultimately to external network interface 534 …” – para. [0072]).
Claims 3-4 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Papo et al. (U.S. Pub. No. US 2019/0013963 A1), herein referred to as Papo, in view of Assarpour (U.S. Pub. No. US 2014/0086241 A1), in view of Cain et al. (U.S. Patent No. US 7,950,017 B1), herein referred to as Cain, and in further view of Djordjevic et al. (U.S. Pub. No. US 2018/0191782 A1), herein referred to as Djordjevic.
In regard to claim 3, Papo in view of Assarpour and further in view of Cain do not explicitly teach, but Djordjevic teaches further comprising: determining, by the first container (e.g. the container manager – para. [0127]), that the forwarding engine (e.g. I/O interface or routing engine – para. [0127]) has detected an event (e.g. the incoming traffic or message or event; “... incoming traffic will end up in/be controlled by the container manager. Implementation-wise, the container manager may control the internal routing engine ...” - para. [0127]; “... The incoming message for a certain application in a certain container might be an event trigger for activating the application ...” - para. [0128]); and transmitting, by the first container (e.g. the container manager – para. [0127]) to the second container (e.g. a container – para. [0127]), a message indicating that the event was detected (e.g. the message is sent to a container for which it intends; “... It is then up to the container manager to determine if a signal or message is for itself or for a container. The combination of interface and slice identity of the messages indicates for which container the message is intended. This information is used for routing the message ...” - para. [0127]).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Papo in view of Assarpour in view of Cain and further in view of Djordjevic in order to incorporate a method of configuring a container manager to control communication between the applications in the containers and network connections (Djordjevic, para. [0008]). One of ordinary skilled in the art would have been motivated because such incorporation would provide different services/products in isolated fashion and adapt these services/products to meet specific requirements (Djordjevic, para. [0007]).
In regard to claim 4, Papo in view of Assarpour and further in view of Cain do not explicitly teach, but Djordjevic teaches wherein determining that the forwarding engine has detected the event comprises one or more of: receiving, by the first container (e.g. the container manager – para. [0127]), a second message (e.g. the incoming traffic or message or event – para. [0127]) from the forwarding engine (e.g. I/O interface or routing engine; “... incoming traffic will end up in/be controlled by the container manager. Implementation-wise, the container manager may control the internal routing engine ...” - para. [0127]; “... The incoming message for a certain application in a certain container might be an event trigger for activating the application ...” - para. [0128]); and detecting, by the first container (e.g. the container manager – para. [0133]), an interrupt (e.g. the container manager manages the interrupt system – para. [0133]) from the forwarding engine (e.g. device resources such as I/O interfaces and/or network connection; FIG. 5; “... The container manager may be solely responsible for managing device resources. Certain exceptions include memory and disk storage, and internal bus direct memory access (DMA), interrupt system etc., which are typically incorporated by the operating system. A distinct case is a merged device container manager that also performs operating system tasks ...” - para. [0133]).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Papo in view of Assarpour in view of Cain and further in view of Djordjevic in order to incorporate a method of configuring a container manager to handle communication between the applications in the containers and device resources (Djordjevic, para. [0009]). One of ordinary skilled in the art would have been motivated because such incorporation would provide different services/products in isolated fashion and adapt these services/products to meet specific requirements (Djordjevic, para. [0007]).
In regard to claim 13, claim 11 is incorporated. Claim 13 corresponds to claim 3 and is therefore rejected for similar reasoning.
Claims 6 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Papo et al. (U.S. Pub. No. US 2019/0013963 A1), herein referred to as Papo, in view of Assarpour (U.S. Pub. No. US 2014/0086241 A1), in view of Cain et al. (U.S. Patent No. US 7,950,017 B1), herein referred to as Cain, and in further view of Jiang et al. (U.S. Pub. No. US 2019/0272205 A1), herein referred to as Jiang.
In regard to claim 6, Papo in view of Assarpour and further in view of Cain do not explicitly teach, but Jiang teaches wherein: the first container (e.g. the container for the first service – para. [0008]) is associated with a first network namespace (e.g. a first network namespace; FIG. 2; “... The corresponding container is created for the first service based on the container image information, and a first network namespace and a first IPC namespace that are corresponding to a container for the first service are created ...” - para. [0008]); and the second container (e.g. the container for the second service – para. [0014]) is associated with a second network namespace (e.g. a second network namespace – para. [0014]) that is separate from the first network namespace (e.g. FIG. 2 exemplifies the two network namespaces are separated; “... The network device has created and run a container for a second service and a corresponding second load balancing container, and the container for the second service has a corresponding second network namespace and a second IPC namespace …” - para. [0014]).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Papo in view of Assarpour in view of Cain and further in view of Jiang in order to incorporate a method of isolating the resources used by different containers in a computing host by using a namespace technology (Jiang, para. [0003]). One of ordinary skilled in the art would have been motivated because such incorporation would provide each container with its own logically separate device and networking resources and allow the container to be generally independent from functions of other containers operating in the computing host (Jiang, para. [0003]).
In regard to claim 15, claim 11 is incorporated. Claim 15 corresponds to claim 6 and is therefore rejected for similar reasoning.
Claims 7-8 and 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Papo et al. (U.S. Pub. No. US 2019/0013963 A1), herein referred to as Papo, in view of Assarpour (U.S. Pub. No. US 2014/0086241 A1), in view of Cain et al. (U.S. Patent No. US 7,950,017 B1), herein referred to as Cain, in view of Jiang et al. (U.S. Pub. No. US 2019/0272205 A1), herein referred to as Jiang, and in further view of Lisle et al. (U.S. Pub. No. US 2019/0296962 A1), herein referred to as Lisle.
In regard to claim 7, Papo in view of Assarpour in view of Cain and further in view of Jiang do not explicitly teach, but Lisle teaches wherein: modifications to a first network stack (e.g. container 150A in FIG. 3 maintains its own network stack information – para. [0026]) do not affect a second network stack (e.g. the network stack for container 150B in FIG. 3 – para. [0026]) of the second network namespace (FIG. 3; “... containers 150 also present a limited perspective of the underlying network stack used to communicate with entities external to the containers 150. For example, as will be described with FIG. 3, a container 150 may be responsible for maintaining its own network stack information and is unaware of network stack information maintained by other containers or by the host computer system’s operating system ...” - para. [0026]).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Papo in view of Assarpour in view of Cain in view of Jiang and further in view of Lisle in order to incorporate a method of isolating the management of the network stack used by different containers in a computing host (Lisle, para. [0026]). One of ordinary skilled in the art would have been motivated because such incorporation would provide each container “operable to isolate its contents from the contents of other containers” and potentially increase the network storage security for users (Lisle, para. [0016]).
In regard to claim 8, Papo in view of Assarpour in view of Cain and further in view of Jiang do not explicitly teach, but Lisle teaches wherein the first container (e.g. the management controller 140 in FIG. 2 – para. [0025]) is allowed to create a kernel interface (e.g. a virtual interface – para. [0026]) in the second network stack (e.g. the network stack for containers 150 in FIG. 3; “... multi-tenant management controller 140 is also configured to perform various management operations associated with containers 150 ...” - para. [0025]; “... The container 150 may also be presented with a virtual interface through which traffic is to be directed (as opposed to having direct access to the physical interface controlling a network interface card) ...” - para. [0026]).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Papo in view of Assarpour in view of Cain and in view of Jiang and further in view of Lisle in order to incorporate a method of managing the network stack used by different containers in a computing host (Lisle, para. [0026]). One of ordinary skilled in the art would have been motivated because such incorporation would provide management for containers to adjust their operation flexibility and potentially increase the network storage security for users (Lisle, para. [0016]).
In regard to claim 16, Papo in view of Assarpour in view of Cain and further in view of Jiang do not explicitly teach, but Lisle teaches wherein: the first container (e.g. the container 150A in FIG. 3 – para. [0026]) is allowed to modify a first network stack of the first network namespace (e.g. container 150A maintains its own network stack information – para. [0026]); and modifications to the first network stack (e.g. container 150A maintains its own network stack information – para. [0026]) do not affect a second network stack (e.g. the network stack for container 150B in FIG. 3 – para. [0026]) of the second network namespace (FIG. 3; “... containers 150 also present a limited perspective of the underlying network stack used to communicate with entities external to the containers 150. For example, as will be described with FIG. 3, a container 150 may be responsible for maintaining its own network stack information and is unaware of network stack information maintained by other containers or by the host computer system's operating system ...” - para. [0026]).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Papo in view of Assarpour in view of Cain in view of Jiang and further in view of Lisle in order to incorporate a method of isolating the management of the network stack used by different containers in a computing host (Lisle, para. [0026]). One of ordinary skilled in the art would have been motivated because such incorporation would provide each container “operable to isolate its contents from the contents of other containers” and potentially increase the network storage security for users (Lisle, para. [0016]).
In regard to claim 17, Papo in view of Assarpour in view of Cain and further in view of Jiang do not explicitly teach, but Lisle teaches wherein the first container (e.g. the management controller 140 in FIG. 2 – para. [0025]) is allowed to create network interfaces (e.g. a virtual interface – para. [0026]) in the second network stack (e.g. the network stack for containers 150 in FIG. 3; “... multi-tenant management controller 140 is also configured to perform various management operations associated with containers 150 ...” - para. [0025]; “... The container 150 may also be presented with a virtual interface through which traffic is to be directed (as opposed to having direct access to the physical interface controlling a network interface card) ...” - para. [0026]).
	It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Papo in view of Assarpour in view of Cain in view of Jiang and further in view of Lisle in order to incorporate a method of managing the network stack used by different containers in a computing host (Lisle, para. [0026]). One of ordinary skilled in the art would have been motivated because such incorporation would provide management for containers to adjust their operation flexibility and potentially increase the network storage security for users (Lisle, para. [0016]).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Koponen et al., US 2013/0058215 A1. This reference discloses that a table mapping engine maps the input logic forwarding plane data to output physical control plane data. The physical control plane data is subsequently translated to direct the forwarding of data (Koponen, Abstract).
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZONGHUA DU whose telephone number is (408)918-7596. The examiner can normally be reached Monday - Friday 7:30 AM - 4:00 PM PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Peter-Anthony Pappas can be reached on (571) 272-7646. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Z.D./Examiner, Art Unit 2448                                                                                                                                                                                                        
/JONATHAN A BUI/Primary Examiner, Art Unit 2448