DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


This Office Action is in response to the amendment filed on 9/13/2022.  This action is made FINAL.

Claims 1-7 and 9-20 are pending and they are presented for examinations.

Response to Arguments

Applicant's arguments filed regarding claim 1, “However, there is no discussion in Nainar that talks about configuring multiple service containers in each of multiple Pods in order for each of the Pods to perform multiple service on data messages”.  
The examiner would like to point out to instant application which describes service containers as: [PGPub paragraph 3], “Each configured service container performs a service operation (e.g., a middlebox service operation, such as firewall, load balancing, encryption, etc.) on data messages associated with a particular machine (e.g., on ingress and/or egress data messages to and/or from the particular machine).”
[PGPub paragraph 9], In some embodiments, the module successively passes the data message to successive service containers in the subset of containers after receiving the data message from each service container in the identified subset of containers (e.g., passes the data message to a second container in the identified container subset after receiving the data message from a first container).
	Instant application describes service containers as successive services (i.e. data flow logics/policies) to route messages/traffic to intended destination/target.

	Nainar discloses utilizing plurality of services such as VTEPs (virtual extensible local area network tunnel end points) to communicate/route traffic (i.e. messages).  Service flow definition and topology information are used to route messages to its intended destination via traffic routing/message passing services.  Furthermore, in order to receive and pass traffic/messages from source to destinations, multiple services must be running to process incoming traffic/messages from source to destinations based on traffic flow rules and intended destination as shown in Fig. 1.  For example, 102B has ingress service to receive data from service A container and two egress services to route traffic/messages to either Service C or Service C’ based on routing policies.	
[Paragraph 2], virtual extensible local area network tunnel end points (VTEPs) etc. to provide application workload reachability in both east to west and north to south directions, as well as workload mobility, whether the edge endpoint is located physically on a dedicated router or virtually on the server node. Cloud orchestration platforms, e.g., Kubemetes (K8S), Istio, etc., enable modern applications to leverage service definitions that describe services/microservices (referred to herein as services) and their relationship including routing rules, traffic, steering etc, and thereby allow operators of networks to automate and scale virtualized services by instantiating them as container pods across different worker nodes. Such platforms augment the application deployment with good scale, redundancy and visibility.
	Fig. 1 also discloses service container having two services to route messages via configuring services to route traffic flow to its intended target.
[Paragraph 1], The present disclosure relates generally to routing policies among services within cloud native environments, and more particularly, to optimizing routing policies among services to minimize unneeded addresses of services within routing policies for service containers that do not communicate with one another.
[Paragraph 14], Based at least in part on the service flow definition and the cluster topology, the corresponding route distribution policies may be determined for the endpoints. The corresponding route distribution policies may then be applied to the endpoints.
Therefore, argument is not persuasive.

Applicant's arguments filed regarding claim 1, “Second, Nainar does not disclose a module along a particular machine’s datapath to direct data messages associated with the particular machine to the particular machine’s Pods for at least a subset of services to be performed by service containers of the Pod”.  
The examiner would like to point out to instant application which describes “module” as: [PGPub paragraph 4], For each particular machine, the method also configures a module along the particular machine's datapath (e.g., ingress and/or egress datapath) to identify a subset of service operations to perform on a set of data messages associated with the particular machine, and to direct the set of data messages to a set of service containers configured for the particular machine to perform the identified set of service operations on the set of data messages.
Nainar disclose datapath routing/forwarding rules/policies to direct data messages/traffic to intended destination.
[Paragraph 30], In the present example, the fourth and fifth service container pods 102d, 102e may provide service C and service C′, respectively. As with service B and service B′, service C′ is a newer and/or updated version of service C. Once data packets have received service B at the service B container pod 102b, the data packets may be routed from the service B container pod 102b to either the service C container pod 102d or the service C′ container pod 102e. However, in the present example, data packets from the service B′ container pod 102c may only be routed to the service C′ container pod 102e. Per the Istio/Sidecar config in the example of FIG. 1, the service container pod communication flow for the virtual network function (vnf) service can be formulated as follows: the service A container pod 102a may load balance the traffic between the service B container pod 102b and the service B′ container pod 102c; the service B container pod 102b may load balance between the service C container pod 102d and the service C′ container pod 102e. Finally, as previously noted, the service B′ container pod 102c, in configurations, may forward traffic only to the service C′ container pod 102e. 
[Paragraph 2], virtual extensible local area network tunnel end points (VTEPs) etc. to provide application workload reachability in both east to west and north to south directions, as well as workload mobility, whether the edge endpoint is located physically on a dedicated router or virtually on the server node. Cloud orchestration platforms, e.g., Kubemetes (K8S), Istio, etc., enable modern applications to leverage service definitions that describe services/microservices (referred to herein as services) and their relationship including routing rules, traffic, steering etc, and thereby allow operators of networks to automate and scale virtualized services by instantiating them as container pods across different worker nodes. Such platforms augment the application deployment with good scale, redundancy and visibility.
	Fig. 1 also discloses service container having two services to route messages via configuring services to route traffic flow to its intended target.
[Paragraph 1], The present disclosure relates generally to routing policies among services within cloud native environments, and more particularly, to optimizing routing policies among services to minimize unneeded addresses of services within routing policies for service containers that do not communicate with one another.
[Paragraph 14], Based at least in part on the service flow definition and the cluster topology, the corresponding route distribution policies may be determined for the endpoints. The corresponding route distribution policies may then be applied to the endpoints.
Therefore, argument is not persuasive.


Claim Rejections - 35 USC § 102

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.



Claim(s) 1-6, 9-14 and 16-20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Nainar et al. (Pub 20210328913) (hereafter Nainar).

As per claim 1, Nainar teaches:
A method for providing services on a host computer that executes a plurality of machines, the method comprising:
configuring first and second Pods respectively for first and second machines executing on the host computer; ([Paragraph 60], In some instances, the cloud computing networks may provide computing resources, like application containers, VM instances, and storage, on a permanent or an as-needed basis. Among other types of functionality, the computing resources provided by cloud computing networks may be utilized to implement the various services described above. The computing resources provided by the cloud computing networks can include various types of computing resources, such as data processing resources like application containers and VM instances, data storage resources, networking resources, data communication resources, network services, and the like.) 
on each particular machine’s respective Pod, configuring a set of two or more service containers for performing a set of two or more services on data messages associated with the particular machine; ([Paragraph 28], FIG. 1 schematically illustrates a service flow in a DC/WAN environment 100 that includes 5 service container pods 102a-102e including corresponding sidecars 104a-104e. As previously noted, with current cloud-based networks, modern applications utilize Istio/Sidecar based service definitions to describe the services and their relationship including routing rules, traffic, steering, etc. The present disclosure leverages this information to analyze and formulate service flows (also known as container pod communication flows), e.g., which container pods talk to which container pods. For example, an Istio control plane 106 may provide routing rules 108 listed in Istio SideCar/Envoy. For example, routing rules for service A container pod 102a with respect to service B container pod 102b for the example of FIG. 1 may include…  [Paragraph 29], Accordingly, the first container pod 102a may provide service A for data packets while two other container pods 102b, 102c may provide service B and service B′, respectively. Once a data packet has been received by service A from service container pod 102a, the data packet may be forwarded to one of either the service B container pod 102b or the service B′ container pod 102c. In general, the service B′ is related to service B but may be a newer version of service B that includes updates, security patches, etc. Generally, prior to routing data packets to service B′ instead of service B, service B′ needs to be tested and verified before all data packets are routed from the service A container pod 102a to the service B′ container pod 102c instead of the service B container pod 102b, e.g., before the service B′ container pod 102c may replace the service B container pod 102b.)
configuring, for each particular machine, a module along the particular machine’s datapath to direct data messages associated with the particular machine to the particular machine’s Pod for at least a subset of the set of services to be performed by the set of service containers of the Pod. (Fig. 1 discloses service container having two services to route messages via configuring services to route traffic flow to its intended target. [Paragraph 30], In the present example, the fourth and fifth service container pods 102d, 102e may provide service C and service C′, respectively. As with service B and service B′, service C′ is a newer and/or updated version of service C. Once data packets have received service B at the service B container pod 102b, the data packets may be routed from the service B container pod 102b to either the service C container pod 102d or the service C′ container pod 102e. However, in the present example, data packets from the service B′ container pod 102c may only be routed to the service C′ container pod 102e. Per the Istio/Sidecar config in the example of FIG. 1, the service container pod communication flow for the virtual network function (vnf) service can be formulated as follows: the service A container pod 102a may load balance the traffic between the service B container pod 102b and the service B′ container pod 102c; the service B container pod 102b may load balance between the service C container pod 102d and the service C′ container pod 102e. Finally, as previously noted, the service B′ container pod 102c, in configurations, may forward traffic only to the service C′ container pod 102e. [Paragraph 2], virtual extensible local area network tunnel end points (VTEPs) etc. to provide application workload reachability in both east to west and north to south directions, as well as workload mobility, whether the edge endpoint is located physically on a dedicated router or virtually on the server node. Cloud orchestration platforms, e.g., Kubemetes (K8S), Istio, etc., enable modern applications to leverage service definitions that describe services/microservices (referred to herein as services) and their relationship including routing rules, traffic, steering etc, and thereby allow operators of networks to automate and scale virtualized services by instantiating them as container pods across different worker nodes. Such platforms augment the application deployment with good scale, redundancy and visibility. [Paragraph 1], The present disclosure relates generally to routing policies among services within cloud native environments, and more particularly, to optimizing routing policies among services to minimize unneeded addresses of services within routing policies for service containers that do not communicate with one another. [Paragraph 14], Based at least in part on the service flow definition and the cluster topology, the corresponding route distribution policies may be determined for the endpoints. The corresponding route distribution policies may then be applied to the endpoints.)

As per claim 2, rejection of claim 1 is incorporated:
Nainar teaches wherein the first and second machines belong to one logical network implemented over a physical network on which a plurality of logical networks are defined. ([Paragraph 30], FIG. 1, the service container pod communication flow for the virtual network function (vnf) service can be formulated as follows: the service A container pod 102a may load balance the traffic between the service B container pod 102b and the service B′ container pod 102c; the service B container pod 102b may load balance between the service C container pod 102d and the service C′ container pod 102e. Finally, as previously noted, the service B′ container pod 102c, in configurations, may forward traffic only to the service C′ container pod 102e. )

As per claim 3, rejection of claim 2 is incorporated:
Nainar teaches wherein the first and second Pods execute the same set of service containers. ([Paragraph 17], Thus, service A container pod may load balance the traffic between service B and service B′. The service B container pod may load balance between the service C container pod and the service C′ container pod. Finally, as previously noted, the service B′ container pod, in configurations, may forward traffic only to the service C′ container pod.)

As per claim 4, rejection of claim 2 is incorporated:
Nainar teaches wherein the first and second Pods execute different sets of service containers. ([Paragraph 16], With current cloud-based networks, modern applications utilize Istio/Sidecar based service definitions to describe the services and their relationship including routing rules, traffic, steering, etc. The present disclosure leverages this information to analyze and formulate service flows (also known as container pod communication flows), e.g., which container pods communicate with which container pods. For example, consider five container pods. A first container pod may provide service A for data packets while two other container pods may provide service B and service B′, respectively. Once a data packet has received service A, the data packet may be forwarded to one of either the service B container pod or the service B′ container pod. In general, the service B′ is related to service B but may be a newer version of service B that includes updates, security patches, etc. Prior to routing data packets to service B′ instead of service B, service B′ needs to be tested and verified before all data packets are routed from the service A container pod to the service B′ container pod instead of the service B container pod, e.g., before the service B′ container pod replaces the service B container pod.)

As per claim 5, rejection of claim 1 is incorporated:
Nainar teaches wherein the first and second machines belong to first and second logical networks implemented over a physical network on which a plurality of logical networks are defined. ([Paragraph 30], FIG. 1, the service container pod communication flow for the virtual network function (vnf) service can be formulated as follows: the service A container pod 102a may load balance the traffic between the service B container pod 102b and the service B′ container pod 102c; the service B container pod 102b may load balance between the service C container pod 102d and the service C′ container pod 102e. Finally, as previously noted, the service B′ container pod 102c, in configurations, may forward traffic only to the service C′ container pod 102e.  [Paragraph 2], Modem datacenters are increasingly using border gateway protocol (BGP) control plane (e.g., ethernet virtual private network (EVPN), Layer 3 virtual private network (L3VPN), etc.) on edge endpoints such as provider edge (PE), virtual extensible local area network tunnel end points (VTEPs) etc. to provide application workload reachability in both east to west and north to south directions, as well as workload mobility, whether the edge endpoint is located physically on a dedicated router or virtually on the server node. Cloud orchestration platforms, e.g., Kubemetes (K8S), Istio, etc., enable modern applications to leverage service definitions that describe services/microservices (referred to herein as services) and their relationship including routing rules, traffic, steering etc, and thereby allow operators of networks to automate and scale virtualized services by instantiating them as container pods across different worker nodes.)

As per claim 6, rejection of claim 1 is incorporated:
Nainar teaches wherein the first and second Pods execute on first and second service virtual machines (SVMs) that execute on the host computer. ([Paragraph 61], Each type of computing resource provided by the cloud computing networks can be general-purpose or can be available in a number of specific configurations. For example, data processing resources can be available as physical computers or VM instances in a number of different configurations. The VM instances can be configured to execute applications, including web servers, application servers, media servers, database servers, some or all of the network services, and/or other types of programs. Data storage resources can include file storage devices, block storage devices, and the like. The cloud computing networks can also be configured to provide other types of computing resources not mentioned specifically herein.  [Paragraph 13], This disclosure describes a method for defining a service flow definition among container pods that provide services in a network. The method may include an orchestrator of a computer network platform of the network performing a first instance of determining a first container pod with which a second container pod communicates. The first container pod provides a first service, while the second container pod provides a second service. The orchestrator may perform a second instance of determining a third container pod with which the first container pod communicates, where the third container pod provides a third service. The orchestrator may also perform a third instance of determining a fourth container pod with which the second container pod communicates, where the fourth container pod provides a fourth service. The orchestrator may also perform a fourth instance of determining a fifth container pod with which the second container pod communicates where the fifth container pod provides a fifth service. The orchestrator may also perform a fifth instance of determining that the third container pod communicates with the fifth container pod.  [Paragraph 16], With current cloud-based networks, modern applications utilize Istio/Sidecar based service definitions to describe the services and their relationship including routing rules, traffic, steering, etc. The present disclosure leverages this information to analyze and formulate service flows (also known as container pod communication flows), e.g., which container pods communicate with which container pods. )


As per claim 9, rejection of claim 1 is incorporated:
Nainar teaches wherein each particular machine’s configured module comprises a classifier that for each data message that it processes, identifies the subset of service operations that have to be performed on the data message, and provides the data message with a service identifier to the particular machine’s configured Pod in order to specify the identified subset of service operations that have to be performed on the data message by a subset of service containers of the Pod. ([Paragraph 47], applying the logic to the example topology of FIG. 4, the service A container pod 102a is expected to communicate with the service B container pod 102b and the service B′ container pod 102c but the service A container pod 102a is not required to communicate with the service C container pod 102d or the service C′ container pod 102e. However, the service B container pod 102b and the service B′ container pod 102c is expected to communicate with both the service A container pod 102a and the service C′ container pod 102d. Accordingly, the service B container pod 102b and the service B′ container pod 102c may be classified as regular container pods, while the other container pods may be classified as selective pods.  [Paragraph 4], Generally, the cloud administrator is the entity that has to figure out which distribution policies need to be attached to which MAC and/or IP route in which particular VPN/virtual network identifier (VNI), etc. on which edge endpoint such as VTEP. [Paragraph 14], In configurations, a cluster topology may be determined where the cluster topology indicates corresponding nodes of the network on which each container pod is hosted, as well as the endpoints of the network with which the corresponding nodes communicate. Based at least in part on the service flow definition and the cluster topology, the corresponding route distribution policies may be determined for the endpoints. The corresponding route distribution policies may then be applied to the endpoints.  [Paragraph 16], With current cloud-based networks, modern applications utilize Istio/Sidecar based service definitions to describe the services and their relationship including routing rules, traffic, steering, etc. The present disclosure leverages this information to analyze and formulate service flows (also known as container pod communication flows), e.g., which container pods communicate with which container pods. For example, consider five container pods. A first container pod may provide service A for data packets while two other container pods may provide service B and service B′, respectively. Once a data packet has received service A, the data packet may be forwarded to one of either the service B container pod or the service B′ container pod. In general, the service B′ is related to service B but may be a newer version of service B that includes updates, security patches, etc. Prior to routing data packets to service B′ instead of service B, service B′ needs to be tested and verified before all data packets are routed from the service A container pod to the service B′ container pod instead of the service B container pod, e.g., before the service B′ container pod replaces the service B container pod.)

As per claim 10, rejection of claim 9 is incorporated:
Nainar teaches wherein service operations in the subset of services identified by the classifier have a particular order, and the service identifier specifies the particular order. ([Paragraph 47], applying the logic to the example topology of FIG. 4, the service A container pod 102a is expected to communicate with the service B container pod 102b and the service B′ container pod 102c but the service A container pod 102a is not required to communicate with the service C container pod 102d or the service C′ container pod 102e. However, the service B container pod 102b and the service B′ container pod 102c is expected to communicate with both the service A container pod 102a and the service C′ container pod 102d. Accordingly, the service B container pod 102b and the service B′ container pod 102c may be classified as regular container pods, while the other container pods may be classified as selective pods.  [Paragraph 4], Generally, the cloud administrator is the entity that has to figure out which distribution policies need to be attached to which MAC and/or IP route in which particular VPN/virtual network identifier (VNI), etc. on which edge endpoint such as VTEP. [Paragraph 14], In configurations, a cluster topology may be determined where the cluster topology indicates corresponding nodes of the network on which each container pod is hosted, as well as the endpoints of the network with which the corresponding nodes communicate. Based at least in part on the service flow definition and the cluster topology, the corresponding route distribution policies may be determined for the endpoints. The corresponding route distribution policies may then be applied to the endpoints.  [Paragraph 16], With current cloud-based networks, modern applications utilize Istio/Sidecar based service definitions to describe the services and their relationship including routing rules, traffic, steering, etc. The present disclosure leverages this information to analyze and formulate service flows (also known as container pod communication flows), e.g., which container pods communicate with which container pods. For example, consider five container pods. A first container pod may provide service A for data packets while two other container pods may provide service B and service B′, respectively. Once a data packet has received service A, the data packet may be forwarded to one of either the service B container pod or the service B′ container pod. In general, the service B′ is related to service B but may be a newer version of service B that includes updates, security patches, etc. Prior to routing data packets to service B′ instead of service B, service B′ needs to be tested and verified before all data packets are routed from the service A container pod to the service B′ container pod instead of the service B container pod, e.g., before the service B′ container pod replaces the service B container pod.)

As per claim 11, rejection of claim 9 is incorporated:
Nainar teaches wherein a forwarding element executes on each particular machine’s Pod to process each provided service identifier in order to identify the subset of services that has to be performed on the provided data message, and to successively provide the data message to service containers in the subset of service containers to perform the subset of service operations. ([Paragraph 47], applying the logic to the example topology of FIG. 4, the service A container pod 102a is expected to communicate with the service B container pod 102b and the service B′ container pod 102c but the service A container pod 102a is not required to communicate with the service C container pod 102d or the service C′ container pod 102e. However, the service B container pod 102b and the service B′ container pod 102c is expected to communicate with both the service A container pod 102a and the service C′ container pod 102d. Accordingly, the service B container pod 102b and the service B′ container pod 102c may be classified as regular container pods, while the other container pods may be classified as selective pods.  [Paragraph 4], Generally, the cloud administrator is the entity that has to figure out which distribution policies need to be attached to which MAC and/or IP route in which particular VPN/virtual network identifier (VNI), etc. on which edge endpoint such as VTEP. [Paragraph 14], In configurations, a cluster topology may be determined where the cluster topology indicates corresponding nodes of the network on which each container pod is hosted, as well as the endpoints of the network with which the corresponding nodes communicate. Based at least in part on the service flow definition and the cluster topology, the corresponding route distribution policies may be determined for the endpoints. The corresponding route distribution policies may then be applied to the endpoints.  [Paragraph 16], With current cloud-based networks, modern applications utilize Istio/Sidecar based service definitions to describe the services and their relationship including routing rules, traffic, steering, etc. The present disclosure leverages this information to analyze and formulate service flows (also known as container pod communication flows), e.g., which container pods communicate with which container pods. For example, consider five container pods. A first container pod may provide service A for data packets while two other container pods may provide service B and service B′, respectively. Once a data packet has received service A, the data packet may be forwarded to one of either the service B container pod or the service B′ container pod. In general, the service B′ is related to service B but may be a newer version of service B that includes updates, security patches, etc. Prior to routing data packets to service B′ instead of service B, service B′ needs to be tested and verified before all data packets are routed from the service A container pod to the service B′ container pod instead of the service B container pod, e.g., before the service B′ container pod replaces the service B container pod.)

As per claim 12, rejection of claim 9 is incorporated:
Nainar teaches wherein each particular machine’s classifier identifies at least two different subsets of service operations for at least two different data message flows originating from the particular machine. ([Paragraph 47], applying the logic to the example topology of FIG. 4, the service A container pod 102a is expected to communicate with the service B container pod 102b and the service B′ container pod 102c but the service A container pod 102a is not required to communicate with the service C container pod 102d or the service C′ container pod 102e. However, the service B container pod 102b and the service B′ container pod 102c is expected to communicate with both the service A container pod 102a and the service C′ container pod 102d. Accordingly, the service B container pod 102b and the service B′ container pod 102c may be classified as regular container pods, while the other container pods may be classified as selective pods.  [Paragraph 4], Generally, the cloud administrator is the entity that has to figure out which distribution policies need to be attached to which MAC and/or IP route in which particular VPN/virtual network identifier (VNI), etc. on which edge endpoint such as VTEP. [Paragraph 14], In configurations, a cluster topology may be determined where the cluster topology indicates corresponding nodes of the network on which each container pod is hosted, as well as the endpoints of the network with which the corresponding nodes communicate. Based at least in part on the service flow definition and the cluster topology, the corresponding route distribution policies may be determined for the endpoints. The corresponding route distribution policies may then be applied to the endpoints.  [Paragraph 16], With current cloud-based networks, modern applications utilize Istio/Sidecar based service definitions to describe the services and their relationship including routing rules, traffic, steering, etc. The present disclosure leverages this information to analyze and formulate service flows (also known as container pod communication flows), e.g., which container pods communicate with which container pods. For example, consider five container pods. A first container pod may provide service A for data packets while two other container pods may provide service B and service B′, respectively. Once a data packet has received service A, the data packet may be forwarded to one of either the service B container pod or the service B′ container pod. In general, the service B′ is related to service B but may be a newer version of service B that includes updates, security patches, etc. Prior to routing data packets to service B′ instead of service B, service B′ needs to be tested and verified before all data packets are routed from the service A container pod to the service B′ container pod instead of the service B container pod, e.g., before the service B′ container pod replaces the service B container pod.)

As per claim 13, rejection of claim 9 is incorporated:
Nainar teaches wherein each particular machine’s classifier is called by a port of a software forwarding element that receives the data messages associated with the particular machine. ([Paragraph 47], applying the logic to the example topology of FIG. 4, the service A container pod 102a is expected to communicate with the service B container pod 102b and the service B′ container pod 102c but the service A container pod 102a is not required to communicate with the service C container pod 102d or the service C′ container pod 102e. However, the service B container pod 102b and the service B′ container pod 102c is expected to communicate with both the service A container pod 102a and the service C′ container pod 102d. Accordingly, the service B container pod 102b and the service B′ container pod 102c may be classified as regular container pods, while the other container pods may be classified as selective pods.  [Paragraph 4], Generally, the cloud administrator is the entity that has to figure out which distribution policies need to be attached to which MAC and/or IP route in which particular VPN/virtual network identifier (VNI), etc. on which edge endpoint such as VTEP. [Paragraph 14], In configurations, a cluster topology may be determined where the cluster topology indicates corresponding nodes of the network on which each container pod is hosted, as well as the endpoints of the network with which the corresponding nodes communicate. Based at least in part on the service flow definition and the cluster topology, the corresponding route distribution policies may be determined for the endpoints. The corresponding route distribution policies may then be applied to the endpoints.  [Paragraph 16], With current cloud-based networks, modern applications utilize Istio/Sidecar based service definitions to describe the services and their relationship including routing rules, traffic, steering, etc. The present disclosure leverages this information to analyze and formulate service flows (also known as container pod communication flows), e.g., which container pods communicate with which container pods. For example, consider five container pods. A first container pod may provide service A for data packets while two other container pods may provide service B and service B′, respectively. Once a data packet has received service A, the data packet may be forwarded to one of either the service B container pod or the service B′ container pod. In general, the service B′ is related to service B but may be a newer version of service B that includes updates, security patches, etc. Prior to routing data packets to service B′ instead of service B, service B′ needs to be tested and verified before all data packets are routed from the service A container pod to the service B′ container pod instead of the service B container pod, e.g., before the service B′ container pod replaces the service B container pod.  [Paragraph 38], For example, an example of an IP/MAC route distribution policy 300 may be formulated for the service A container pod 102a and the service B container pod 102b flow. A similar process may be followed for the route distribution policies among all service container pods 102. The abstracted IP/MAC route distribution policy may be viewed as:..)

As per claim 14, rejection of claim 1 is incorporated:
Nainar teaches wherein the first and second Pods are configured when the first and second machines are configured to operate on the host computer, and the first and second Pods are terminated when the first and second machines are respectively terminated on the host computer. ([Paragraph 27], As previously noted, in configurations, when any service container pod is moved or gets terminated, the K8S master node may have either the update Istio/Sidecar config update the route distribution policy or may have the appropriate notification that can be used as a trigger to update the route distribution policy. The notification may be a message related to service container pod creation, service container pod deletion, or service container pod modification that is observed by the K8S master node.)

As per claims 16-20.  These are non-transitory machine readable medium claims corresponding to the method claims 1-5.  Therefore, rejected based on similar rationale. 
Furthermore as per claim 16, Nainar further discloses a module operating outside of the particular machine along the particular machine’s datapath…
said module receiving the data messages through a port associated with a software forwarding element that execute on the host computer outside of the particular machine.  [Paragraph 36], Such logic enables an automatic formulation of cluster topology-physical connectivity among each ToR/VTEP 204 with which service container pods 102 may directly communicate. The SDN controller may use this information to formulate the VTEP configuration and routing distribution policies, as described further herein.  [Paragraph 44], Referring to FIG. 4, once the route distribution policies 300 are created, the route distribution policies 300 may be applied on VTEPs 204. For example, in configurations an SDN controller 400 may be a dedicated process that runs on the K8S master controller (and/or Istio controller) 112 and establishes an EVPN-BGP session with all VTEPs 204 that are part of the cluster topology 200 (worker-node 202/VTEPs 204 and one or more external VTEP(s) (ext-VTEP(s) 402). The SDN controller 400 may thus also be known as a K8S-BGP-controller.  [Paragraph 45], In FIG. 4, VTEP 204a, VTEP 204b, VTEP 204c, VTEP 204d, VTEP 204e and VTEP 204f are the worker node VTEPs connecting to K8S worker nodes 202. In configurations, VTEP 204b, VTEP 204d, and VTEP 204f may be included for redundancy. One or more ext-VTEP(s) 402 may serve as the front end VTEP for the service container pods 102 and provides connectivity outside the cluster 200. The SDN controller 400 may be, in configurations, a route controller daemon or process that may be running on the orchestrator node 112 or, in other configurations, on a dedicated node (not illustrated). Multiple controllers 400 (not illustrated) may be included for redundancy. In a configuration, Contiv may be leveraged (or BGP may be used/extended) as a control plane. Contiv may be used to exchange the routing policy info between the VTEPs 204.


Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim(s) 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nainar in view of Mishra et al. (Pub 20190379579) (hereafter Mishra).

As per claim 7, rejection of claim 6 is incorporated:
Nainar teaches wherein the first and second machines are first and second guest virtual machines (GVMs), and ([Paragraph 61], Each type of computing resource provided by the cloud computing networks can be general-purpose or can be available in a number of specific configurations. For example, data processing resources can be available as physical computers or VM instances in a number of different configurations. The VM instances can be configured to execute applications, including web servers, application servers, media servers, database servers, some or all of the network services, and/or other types of programs.  [Paragraph 16], With current cloud-based networks, modern applications utilize Istio/Sidecar based service definitions to describe the services and their relationship including routing rules, traffic, steering, etc. The present disclosure leverages this information to analyze and formulate service flows (also known as container pod communication flows), e.g., which container pods communicate with which container pods.)
However, Nainar does not explicitly disclose the SVMs consume less storage resources and have faster bootup times than the GVMs.
Mishra teaches the SVMs consume less storage resources and have faster bootup times than the GVMs. ([Paragraph 88], The container-based SVM approach of some embodiments, on the other hand, is rather fast because once the container-based SVM is installed on a host, new services can be quickly deployed for a customer by just enabling these services for the customer on this SVM.  [Paragraph 26], Such containers are more lightweight than VMs.  [Paragraph 41], specifically, in some embodiments, virtualization architecture 200 includes a service engine 215 that (1) identifies a set of one or more service operations that have to be performed on a data message associated with one of the guest virtual machines (GVMs) executing on the host, (2) assigns a tag with the data message to identify a set of one or more service operations that have to be performed on the data message, and (3) provides the data message and its assigned tag to a SVM 235 so that one or more service containers 270 executing on this SVM can perform the set of service operations on the data message.)
It would have been obvious to a person with ordinary skill in the art, before the effective filing date of the invention, to combine the teaches of Nainar wherein plurality of Pods are configured, service containers are configured for each Pod for communications (i.e. routing) and message(s) is/are routed according to messages associated with a particular machine for services to be performed by service containers, into teachings of Mishra wherein virtual machines that provide service (i.e. service virtual machines) are lightweight virtual machines that consumes/utilizes less resources thus provision/boot faster, because this would enhance the teachings of Nainar wherein by implementing a service virtual machine as a lightweight virtual machine, it allows a user to quickly deploy/provision services as needed while improving overall responsiveness of computing services.

Claim(s) 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nainar in view of Denyer et al. (Pub 20190288915) (hereafter Denyer).

As per claim 15, rejection of claim 1 is incorporated:
However, Nainar does not explicitly disclose identifying the first and second Pods respectively as being part of first and second resource groups respectively of the first and second machines, in order to allow the first Pod to be migrated with the first machine to another host computer and the second Pod to be migrated with the second machine to another host computer.
Denyer teaches identifying the first and second Pods respectively as being part of first and second resource groups respectively of the first and second machines, in order to allow the first Pod to be migrated with the first machine to another host computer and the second Pod to be migrated with the second machine to another host computer. ([Paragraph 168], Other examples of predictive grouping performed by the migration planning API 38 can include analysis of the culmination of nodes Sn in a migration pod Pn, predictive grouping based to optimize pod workload/sizing at source infrastructure, predicting which nodes Sn result in the greatest consolidation of resources, and the like.  [Paragraph 102], The auto-podding feature 514 involves the grouping of nodes Sn into migration pods Pn. Such grouping implicates the migration planning API 38 and is further shown in FIG. 5 and described below (e.g., at step 246).  [Paragraph 31], Examples of the computing node include a physical and/or a virtual component, server, database, storage device, cloud (public or private), hypervisor, virtual machine, router, network devices, software, tools, services, applications, printer, computing device, laptop, desktop, virtual desktop, tablet, smart phone, personal computer, and the like.  [Paragraph 70], Data collection about computing nodes Sn may be a dependency-based data collection. In other words, the collector node 30 not only discovers data 44 for a single computing node Sn, but also data for any other computing nodes Sn that depend on the given computing node Sn. Dependency, in one example, means that the one or more computing nodes Sn depend on one another for network communication at the source infrastructure 22. Dependency also refers to a communication profile of the computing node Sn, which is the interaction of one computing node to another, including all the applications and connection points.  [Paragraph 71], Dependent computing nodes Sn may be connected through the network directly or indirectly. For instance, servers may be directly connected, whereas web clients are connected indirectly. Dependent computing nodes Sn may any type of dependency, such as co-dependency, multiple dependency, singular dependency, nested dependency, parent-child, master-slave dependency, etc. A computing node Sn may be at any part of a dependency chain. Defined collections of dependent computing nodes Sn are called migration pods and are described in detail below.)
It would have been obvious to a person with ordinary skill in the art, before the effective filing date of the invention, to combine the teaches of Nainar wherein plurality of Pods are configured, service containers are configured for each Pod for communications (i.e. routing) and message(s) is/are routed according to messages associated with a particular machine for services to be performed by service containers, into teachings of Denyer wherein Pods with respective machines are identified and migrated to another host, because this would enhance the teachings of Denyer wherein by identifying Pods as being part of machine resource groups allows identification of dependent resource groups (i.e. communication resources, applications, etc.) necessary to seamlessly migrate to another host with minimum disturbance and ensures all necessary resources/components are migrated together.  

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DONG U KIM whose telephone number is (571)270-1313. The examiner can normally be reached 9:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emerson Puente can be reached on 5712723652. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DONG U KIM/Primary Examiner, Art Unit 2196