DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Information Disclosure Statement
The information disclosure statement (IDS) submitted on 01/21/2021 was filed. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Applicant did not submit the NPL documents cite No. 40-44 to review by the examiner. But examiner tried his best ability retrieve those documents from Google. It would have been better if applicant provide those documents in the next replay. 


Drawings
The drawings fig .2c and Fig .2d are objected to because fig .2c and Fig .2d ‘s text is not clear to read.  Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.


Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/forms/. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1,5,7-8,12,14-15 and 19 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1,4,7-8,11,14-15 and 18 of U.S. Patent No. 10,944783. Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1,4,7-8,11,14-15 and 18 of U.S. Patent No. 10,944783 contains every element of claim 1,5,7-8,12,14-15 and 19 of the instant application and thus anticipates the claims of the instant application.   Claims of the instant application therefore is not patently distinct from the earlier patent claim and as such is unpatentable over obvious-type double patenting. A later patent/application claim is not patentably distinct from an earlier claim if the later claim is anticipated by the earlier claim.

Instant Application # 17/147081
Patent Application # 10,944,783
1. A network device comprising a processor, an input/output device coupled to the processor, and a memory coupled with the processor, the memory comprising executable instructions that when executed by the processor cause the processor to effectuate operations comprising: 

instantiating a first virtual private network transport tunnel extending from an ingress virtual provider edge router (vPE) to a head-end and a provider edge (HE-PE); instantiating a second network transport tunnel extending from the HE-PE to an egress vPE;













 diverting dirty traffic from the ingress vPE toward a scrubber via a first virtual private network transport tunnel; and 

directing clean traffic to the egress vPE via a second virtual private network transport tunnel.  














.  

5. The network device of claim 1, wherein diverting dirty traffic from the ingress vPE toward a scrubber occurs without changing IP best path information.  
7. The network device of claim 6, wherein the processor further effectuates operations comprising broadcasting a flow specification diversion route from a destination route reflector to a vPE router.  


8. A method comprising: instantiating, by a processor, a first virtual private network transport tunnel extending from an ingress virtual provider edge router (vPE) to a head-end and a provider edge (HE- PE);
 instantiating, by the processor, a second network transport tunnel extending from the HE-PE to an egress vPE; 
diverting, by the processor, dirty traffic from the ingress vPE toward a scrubber via a first virtual private network transport tunnel; and directing, by the processor, clean traffic to the egress vPE via a second virtual private network transport tunnel.  






















12. The method of claim 8, wherein diverting dirty traffic from the ingress vPE toward a scrubber occurs without changing IP best path information.  

14. The method of claim 13 further comprising broadcasting a flow specification diversion route from a destination route reflector to a vPE router.  

15. A computer-readable storage medium storing executable instructions that when executed by a processor causes said processor to effectuate operations comprising:

 instantiating a first virtual private network transport tunnel extending from an ingress virtual provider edge router (vPE) to a head-end and a provider edge (HE-PE); instantiating a second network transport tunnel extending from the HE-PE to an egress vPE; 
diverting dirty traffic from the ingress vPE toward a scrubber via a first virtual private network transport tunnel; and 
directing clean traffic to the egress vPE via a second virtual private network transport tunnel.  

























19. The computer-readable storage medium of claim 15, wherein diverting dirty traffic from the ingress vPE toward a scrubber occurs without changing IP best path information.  


1. A network device comprising a processor, an input/output device coupled to the processor, and a memory coupled with the processor, the memory comprising executable instructions that when executed by the processor cause the processor to effectuate operations comprising: 

instantiating a border gateway protocol (BGP) address family exchange (BAFX) in a network; connecting a BAFX to an address family specific dynamic denial of service function (DDoS) mitigation service route reflector; connecting the BAFX to a destination route reflector using a flow specification address family; 
instantiating a first virtual private network transport tunnel extending from an ingress virtual provider edge router (vPE) to a head-end and a provider edge (HE-PE); and
 instantiating a second network transport tunnel extending from the HE-PE to an egress vPE;
 wherein the BAFX translates at least one diversion route from the DDoS mitigation service route reflector to a flow specification diversion route, wherein the BAFX maps a diversion address to a flow specification format during the translation, wherein the diversion address comprises affinity information corresponding to a forwarding action or a redirecting action to a specific location, and 

wherein the flow specification diversion route diverts dirty traffic from the ingress vPE toward a scrubber via a first virtual private network transport tunnel, and 

wherein clean traffic from the scrubber is directed to the egress vPE via a second virtual private network transport tunnel.



7. The network device of claim 1, wherein diverting dirty traffic from the ingress vPE toward the scrubber occurs without changing IP best path information.
4. The network device of claim 1 further comprising broadcasting the flow specification diversion route from the destination route reflector to a vPE router.



8. A computer-implemented method comprising: instantiating a border gateway protocol (BGP) address family exchange (BAFX) in a network; connecting a BAFX to an address family specific dynamic denial of service function (DDoS) mitigation service route reflector; connecting the BAFX to a destination route reflector using a flow specification address family; instantiating a first virtual private network transport tunnel extending from an ingress virtual provider edge router (vPE) to a head-end and a provider edge (HE-PE); and instantiating a second network transport tunnel extending from the HE-PE to an egress vPE; wherein the BAFX translates at least one diversion route from the DDoS mitigation service route reflector to a flow specification diversion route, wherein the BAFX maps a diversion address to a flow specification format during the translation, wherein the diversion address comprises affinity information corresponding to a forwarding action or a redirecting action to a specific location, and
 wherein the flow specification diversion route diverts dirty traffic from the ingress PE toward a scrubber via a first virtual private network transport tunnel, and wherein clean traffic from the scrubber is directed to the egress vPE via a second virtual private network transport tunnel.

14. The method of claim 8, wherein diverting dirty traffic from the ingress vPE toward the scrubber occurs without changing IP best path information.

11. The method of claim 8 further comprising broadcasting the flow specification diversion route from the destination route reflector to a vPE router.

15. A non-transitory computer-readable storage medium storing executable instructions that when executed by a processor causes said processor to effectuate operations comprising: instantiating a border gateway protocol (BGP) address family exchange (BAFX) in a network; connecting a BAFX to an address family specific dynamic denial of service function (DDoS) mitigation service route reflector; connecting the BAFX to a destination route reflector using a flow specification address family; instantiating a first virtual private network transport tunnel extending from an ingress virtual provider edge router (vPE) to a head-end and a provider edge (HE-PE); and instantiating a second network transport tunnel extending from the HE-PE to an egress vPE; wherein the BAFX translates at least one diversion route from the DDoS mitigation service route reflector to a flow specification diversion route, wherein the BAFX maps a diversion address to a flow specification format during the translation, wherein the diversion address comprises affinity information corresponding to a forwarding action or a redirecting action to a specific location, and wherein the flow specification diversion route diverts dirty traffic from the ingress vPE toward a scrubber via a first virtual private network transport tunnel, and wherein clean traffic from the scrubber is directed to the egress vPE via a second virtual private network transport tunnel.



18. The computer-readable storage medium of claim 15 further comprising broadcasting the flow specification diversion route from the destination route reflector to a vPE router.







“A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001). “Claim 12 and Claim 13 are generic to the species of invention covered by claim 3 of the patent. Thus, the generic invention is "anticipated" by the species of the patented invention. Cf., Titanium Metals Corp. v. Banner, 778 F.2d 775, 227 USPQ 773 (Fed. Cir. 1985) (holding that an earlier species disclosure in the prior art defeats any generic claim) 4 . This court's predecessor has held that, without a terminal disclaimer, the species claims preclude issuance of the generic application. In re Van Ornum, 686 F.2d 937, 944, 214 USPQ 761, 767 (CCPA 1982).  Accordingly, absent a terminal disclaimer, claims 12 and 13 were properly rejected under the doctrine of obviousness-type double patenting.” (In re Goodman (CA FC) 29 USPQ2d 2010 (12/3/1993).



                                Examiner notes

As per claim 15, the medium can not be interpreted as a signal because specification, 0047 discloses any computer-readable storage medium described herein, is not to be construed as a signal. Memory as well as any computer-readable storage medium described herein, is not to be construed as a transient signal. Memory, as well as any computer-readable storage medium described herein, is not to be construed as a propagating signal. Memory, as well as any computer-readable storage medium described herein, is to be construed as an article of manufacture.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1,5, 18,12,15, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Spatscheck et al US 2006/0185014 in view of Dunbar et al US 2015/0326473.

 	As per claim 1, Spatscheck discloses a network device comprising a processor, an input/output device coupled to the processor, and a memory coupled with the processor, the memory comprising executable instructions that when executed by the processor cause the processor to effectuate operations (par 0025 Information device 3000 can comprise any of numerous components, such as for example, one or more network interfaces 3100, one or more processors 3200, one or more memories 3300 containing instructions 3400, one or more input/output (I/O) devices 3500, and/or one or more user interfaces 3600 coupled to I/O device 3500 and par 0017 that traffic 1820, which flows , i.e. first virtual tunnel , from source 1120, is attack, malicious, and/or DDOS traffic. Both traffic 1810 and 1820 are simultaneously carried by backbone network 1300 and/or are addressed to a particular target, namely destination 1710. Via interface, path, and/or communication 1920) comprising: 
 	instantiating a first tunnel ( i.e. 1820 tunnel ) extending from an ingress virtual provider edge router (vPE) to a head-end and a provider edge (HE-PE) (fig.1, par 0013  any of backbone network ingress points 1210, 1220, i.e. an ingress, 1230, 1240 (any of which can function, instantiating,  also and/or instead as egress points) can be monitored by a traffic monitoring  and  [0101] tunnel--a path followed by encapsulated packets, a point-to-point connection over which packets are exchanged which carry the data of another protocol, and/or a virtual encrypted connection formed between two systems over a network, such as a backbone network., i.e. a first virtual private network transport tunnel); 
 	 instantiating a second tunnel ( i.e. 1810 tunnel )  extending from the Ingress to an egress vPE (par 0016, traffic 1810 can flow, i.e. second tunnel through backbone network 1230 to router and/or backbone network egress point 1230, i.e. instantiating…,  from which traffic 1810 can flow to its destination 1710  [0101] tunnel--a path followed by encapsulated packets, a point-to-point connection over which packets are exchanged which carry the data of another protocol, and/or a virtual encrypted connection formed between two systems over a network, such as a backbone network, i.e. a second network transport tunnel ); 
 	diverting dirty traffic from the ingress vPE toward a scrubber via a first virtual private network transport tunnel ( fig.2, par 0024 At activity 2100, traffic can enter the backbone network, such as via an ingress point, routing entity, and/or router. At activity 2200, at least a portion of the entering traffic can be recognized as potential attack traffic, such as DDOS traffic. At activity 2300, at least a portion of the entering traffic can be recognized as non-attack traffic, such as non-DDOS traffic. At activity 2400, the suspected attack traffic can be redirected,i.e. diverting dirty traffic , potentially by a route controller, to a scrubbing complex, i.e. scrubber, ); and 
 	directing clean traffic to the egress vPE via a second virtual private network transport tunnel( par 0024 At activity 2300, at least a portion of the entering traffic can be recognized as non-attack traffic, such as non-DDOS traffic. a second tunnel ( i.e. 1810 tunnel )  At activity 2800, all traffic can be allowed to traverse the backbone without scrubbing. [0101] tunnel--a path followed by encapsulated packets, a point-to-point connection over which packets are exchanged which carry the data of another protocol, and/or a virtual encrypted connection formed between two systems over a network, such as a backbone network, i.e. a second network transport tunnel).  
    Spatscheck does not explicitly disclose a virtual tunnel from an ingress vPE to a head-end and provider edge(HE-PE); a virtual tunnel  extended from HE-PE to an egress vPE.
 	However, Dunbar discloses a virtual tunnel (i.e. 0038 a first tunnel  ) from an ingress vPE to a head-end and provider edge (HE-PE) (fig.7,par 0026 Network node 106 is configured as a service function chain or service function path,i.e. a virtual tunnel,  ingress node. A service function path ingress node 106  may also be referred to as a head-end of the service function path. Network nodes 108 are service function forwarder (SFF), i.e. HE-PE, network nodes that comprise a plurality of ports and one or more service functions attached to each of the ports  and par 0038 Service functions , i.e. SFF, 412A-412E can be realized as virtual elements, physical network elements, and/or embedded in a physical network elements and are similar to service functions in FIG. 1. Network node 404 is configured to establish tunnels (e.g., MPLS tunnels or VxLAN tunnels) to network nodes 402, 406, and 408, to associate or to map a tunnel, a port, and/or one or more data packet attributes to a service chain ID for routing data packets, to provide service function path routing, and to implement service functions on data packets. For example, network node 404 establishes a first tunnel 460 with network node 402 at port 410A, a second tunnel 462 with network node 406 at port 410G, and a third tunnel 464 with network node 408 at port 410G); 

 	a virtual tunnel  (par 0038 a second tunnel  )extending from the HE-PE to an egress vPE ( fig,7 par 0026 Network nodes 112 are configured as service function chain or service function path egress nodes, i.e. vPE. A service function path egress node may also be referred to as a tail-end of the service function path,i.e. virtual links. SC-PCE 104 and network nodes 106-112 may be coupled to one another via one or more tunnels and/or links. Examples of tunnels include virtual extensible local area network (VxLAN) tunnels. Links may include logical links (e.g., virtual links) and Network nodes 108 are service function forwarder (SFF), i.e. HE-PE, network nodes that comprise a plurality of ports and one or more service functions attached to each of the ports ).
 	Spatscheck and Dunbar are both considered to be analogous to the claimed invention because they are in the same field of virtual route provide. 
 	Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Spatscheck to incorporate the teaching of Network nodes 108 are service function forwarder (SFF) of Dunbar and provide service function path routing, and to implement service functions on data packets( par 0038).
 	Doing so would establishing  a first tunnel 460 with network node 402 at port 410A, a second tunnel 462 with network node 406 at port 410G, and a third tunnel 464 with network node 408 at port 410G, thereby improving the internal packet routing path by generate steering policies based on the service function path information, and to generate local or internal forwarding policies.


 	As per claim 5, Spatscheck and Dunbar discloses the network device of claim 1, Spatscheck discloses wherein diverting dirty traffic from the ingress vPE toward a scrubber occurs without changing IP best path information (fig.2, At activity 2300, at least a portion of the entering traffic can be recognized as non-attack traffic, such as non-DDOS traffic. At activity 2400, the suspected attack traffic can be redirected,i.e. diverting dirty traffic , potentially by a route controller, to a scrubbing complex, i.e. scrubber,  without the changing the IP path).  

 	 As per claims 8, and 12, those method claims are rejected based on the same rational set forth the claims 1, and 5 respectively.
 	As per claims 15 and 19, those medium claims are rejected based on the same rational set forth the claims 1 and 5 respectively. 

Claim(s) 2-4, 9-11and 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Spatscheck et al US 2006/0185014 in view of Dunbar et al US 2015/0326473 in view of Bhandarkar US 9,577,943  in view of Reddy et al US 2017/0331854.

   	As per claim 2, Spatscheck in view of Dunbar discloses the network device of claim 1, the combination fails to disclose  wherein the processor further effectuates operations comprising:
 	 instantiating a border gateway protocol (BGP) address family exchange (BAFX) in a network ; and 
 	translating, by the BAFX, at least one diversion route from a DDoS mitigation service route reflector to a flow specification diversion route.  
 	However, Bhandarkar  discloses instantiating a border gateway protocol (BGP) address family exchange (BAFX) in a network (col 3, lines 45-51  a particular edge device may analyze the BGP extended community attribute to determine that DDoS mitigation and traffic steering are to be executed, i.e. instantiating…, and the particular edge device may map the BGP extended community attribute to a tier of service based on the services policy. The particular edge device may determine a prioritization for executing multiple network traffic services based on the tier of service and/or based on one or more other factors.) ; and 
 	translating, by the BAFX, at least one diversion route from a DDoS mitigation service route reflector to a flow specification diversion route ( col 7, lines 55-64 edge device 220 may receive information indicating that a DDoS mitigation network traffic service, a traffic steering network traffic service, a source network address translation network traffic service, a variable offset firewall filter network traffic service, a differentiated service remarking network traffic service, or the like are to be executed on flows being received by edge device 220. And FIG. 1A, a particular network may include a route reflector and a set of edge devices (e.g., edge routers). The route reflector may be configured to enable prioritized BGP flow specification and may include access to a data structure storing a services policy. In some implementations, the route reflector may create the services policy. The services policy may store information, such as a set of comparative priorities (e.g., tiers) for a set of network traffic services, information identifying actions associated with the network traffic services (e.g., computing actions associated with executing the network traffic services, such as forwarding network traffic to a particular destination, filtering network traffic, marking network traffic, etc.), and information identifying the network traffic services (e.g., information identifying prefixes that may be utilized when propagating information regarding a malicious flow. The services policy may be utilized to map BGP flow specification tiers to BGP extended communities. For example, the services policy may indicate that an extended community value corresponds DDoS mitigation network traffic service with a comparatively high priority and a traffic steering network traffic service with a comparatively low priority, and may include information associated with identifying and executing the DDoS mitigation network traffic service and the traffic steering network traffic service. The route reflector may propagate information associated with the services policy to the set of edge devices. The edge device may receive the information associated with the services policy, and may store the information associated with the services policy to enable recognition of tiers and execution of the network traffic service ).  
 	Spatscheck and Dunbar and Bhandarkar are both considered to be analogous to the claimed invention because they are in the same field of virtual route provide. 
 	Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Spatscheck to incorporate the teaching of Network nodes 108 are service function forwarder (SFF) of Dunbar, incorporate the extending the server by the BGP router of Bhandarkar and provide the route reflector may receive information identifying network traffic as being associated with a malicious flow. A malicious flow may refer to network traffic suspected and/or determined to be associated with an attack( col 3, line 28-32) 
 	Doing so would ensure provisioning of computing resources toward higher priority network traffic services over lower priority network traffic services. thereby network performance would be improved.
 	The combination fails to disclose a border gateway protocol address family exchange for the DDoS service.
 	However, Reddy discloses a border gateway protocol address family exchange for the DDoS service ( [0032] The BGP message or BGP announcement steers subsequent traffic to the DDoS protection service 114 before it reaches the protected network. BGP is a gateway protocol for the exchanging routing, i.e. a border gateway protocol address family exchange,  and reachability information between networks. The BGP message may include the address of the DDoS protection service 114 so that routers redirect packets intended for the secure server 116 to the DDoS protection service 114. The BGP message may include the prefixes for the affected traffic (e.g., for example 100.200.300.* includes all addresses with the prefix 100.200.300)).

 	 Spatscheck and Dunbar and Bhandarkar and Reddy are both considered to be analogous to the claimed invention because they are in the same field of virtual route provide. 
 	Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Spatscheck to incorporate the teaching of Network nodes 108 are service function forwarder (SFF) of Dunbar, incorporate the extending the server by the BGP router of Bhandarkar , incorporate the exchanging routing of Reddy and provide router to redirect packets intended for the secure server  to the DDoS protection service( par 0032) 
 	Doing so would provide the protected network, thereby the network would be more secure and protected network (par 0032).


 	As per claim 3, Spatscheck in view of Dunbar discloses the network device of claim 1,  the combination fails to disclose wherein the processor further effectuates operations comprising:
 	 connecting a border gateway protocol (BGP) address family exchange (BAFX) to an address family specific dynamic denial of service function (DDoS) mitigation service route reflector; and 
 	connecting the BAFX to a destination route reflector using a flow.  
 	However, Bhandarkar discloses connecting a border gateway protocol (BGP) to an address family specific dynamic denial of service function (DDoS) mitigation service route reflector (col 3, lines 45-51  a particular edge device may analyze the BGP extended community attribute to determine that DDoS mitigation and traffic steering are to be executed, i.e. instantiating…, and the particular edge device may map the BGP extended community attribute to a tier of service based on the services policy. The particular edge device may determine a prioritization for executing multiple network traffic services based on the tier of service and/or based on one or more other factors); and 
 	connecting the BGP to a destination route reflector using a flow (  col 7, lines 55-64 edge device 220 may receive information indicating that a DDoS mitigation network traffic service, a traffic steering network traffic service, a source network address translation network traffic service, a variable offset firewall filter network traffic service, a differentiated service remarking network traffic service, or the like are to be executed on flows being received by edge device 220. And FIG. 1A, a particular network may include a route reflector and a set of edge devices (e.g., edge routers). The route reflector may be configured to enable prioritized BGP flow specification and may include access to a data structure storing a services policy. In some implementations, the route reflector may create the services policy. The services policy may store information, such as a set of comparative priorities (e.g., tiers) for a set of network traffic services, information identifying actions associated with the network traffic services (e.g., computing actions associated with executing the network traffic services, such as forwarding network traffic to a particular destination, filtering network traffic, marking network traffic, etc.), and information identifying the network traffic services (e.g., information identifying prefixes that may be utilized when propagating information regarding a malicious flow. The services policy may be utilized to map BGP flow specification tiers to BGP extended communities. For example, the services policy may indicate that an extended community value corresponds DDoS mitigation network traffic service with a comparatively high priority and a traffic steering network traffic service with a comparatively low priority, and may include information associated with identifying and executing the DDoS mitigation network traffic service and the traffic steering network traffic service. The route reflector may propagate information associated with the services policy to the set of edge devices. The edge device may receive the information associated with the services policy, and may store the information associated with the services policy to enable recognition of tiers and execution of the network traffic service).

 	Spatscheck and Dunbar and Bhandarkar are both considered to be analogous to the claimed invention because they are in the same field of virtual route provide. 
 	Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Spatscheck to incorporate the teaching of Network nodes 108 are service function forwarder (SFF) of Dunbar, incorporate the extending the server by the BGP router of Bhandarkar and provide the route reflector may receive information identifying network traffic as being associated with a malicious flow. A malicious flow may refer to network traffic suspected and/or determined to be associated with an attack( col 3, line 28-32) 
 	Doing so would ensure provisioning of computing resources toward higher priority network traffic services over lower priority network traffic services. thereby network performance would be improved.
 	The combination fails to disclose a border gateway protocol address family exchange (BAFX).
 	However, Reddy discloses a border gateway protocol address family exchange ( [0032] The BGP message or BGP announcement steers subsequent traffic to the DDoS protection service 114 before it reaches the protected network. BGP is a gateway protocol for the exchanging routing, i.e. a border gateway protocol address family exchange,  and reachability information between networks. The BGP message may include the address of the DDoS protection service 114 so that routers redirect packets intended for the secure server 116 to the DDoS protection service 114. The BGP message may include the prefixes for the affected traffic (e.g., for example 100.200.300.* includes all addresses with the prefix 100.200.300)).

 	 Spatscheck and Dunbar and Bhandarkar and Reddy are both considered to be analogous to the claimed invention because they are in the same field of virtual route provide. 
 	Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Spatscheck to incorporate the teaching of Network nodes 108 are service function forwarder (SFF) of Dunbar, incorporate the extending the server by the BGP router of Bhandarkar , incorporate the exchanging routing of Reddy and provide router to redirect packets intended for the secure server  to the DDoS protection service( par 0032) 
 	Doing so would provide the protected network, thereby the network would be more secure and protected network (par 0032).


 	As per claim 4, Spatscheck in view of Dunbar discloses the network device of claim 1, the combination fails to disclose wherein the processor further effectuates operations comprising mapping, by a border gateway protocol (BGP) address family exchange (BAFX), a diversion address to a flow specification format during a translation, wherein the diversion address comprises affinity information corresponding to a forwarding action or a redirecting action for a specific location.  
 	However, Bhandarkar discloses mapping, by a border gateway protocol (BGP) ,a diversion address to a flow specification format during a translation, wherein the diversion address comprises affinity information corresponding to a forwarding action or a redirecting action for a specific location (col 7, lines 55-64 edge device 220 may receive information indicating that a DDoS mitigation network traffic service, a traffic steering network traffic service, a source network address translation network traffic service, a variable offset firewall filter network traffic service, a differentiated service remarking network traffic service, or the like are to be executed on flows being received by edge device 220. And FIG. 1A, a particular network may include a route reflector and a set of edge devices (e.g., edge routers). The route reflector may be configured to enable prioritized BGP flow specification and may include access to a data structure storing a services policy. In some implementations, the route reflector may create the services policy. The services policy may store information, such as a set of comparative priorities (e.g., tiers) for a set of network traffic services, information identifying actions associated with the network traffic services (e.g., computing actions associated with executing the network traffic services, such as forwarding network traffic to a particular destination, filtering network traffic, marking network traffic, etc.), and information identifying the network traffic services (e.g., information identifying prefixes that may be utilized when propagating information regarding a malicious flow. The services policy may be utilized to map BGP flow specification tiers to BGP extended communities. For example, the services policy may indicate that an extended community value corresponds DDoS mitigation network traffic service with a comparatively high priority and a traffic steering network traffic service with a comparatively low priority, and may include information associated with identifying and executing the DDoS mitigation network traffic service and the traffic steering network traffic service. The route reflector may propagate information associated with the services policy to the set of edge devices. The edge device may receive the information associated with the services policy, and may store the information associated with the services policy to enable recognition of tiers and execution of the network traffic service ).  

 	Spatscheck and Dunbar and Bhandarkar are both considered to be analogous to the claimed invention because they are in the same field of virtual route provide. 
 	Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Spatscheck to incorporate the teaching of Network nodes 108 are service function forwarder (SFF) of Dunbar, incorporate the extending the server by the BGP router of Bhandarkar and provide the route reflector may receive information identifying network traffic as being associated with a malicious flow. A malicious flow may refer to network traffic suspected and/or determined to be associated with an attack( col 3, line 28-32) 
 	Doing so would ensure provisioning of computing resources toward higher priority network traffic services over lower priority network traffic services. thereby network performance would be improved.
 	The combination fails to disclose a border gateway protocol address family exchange(BAFX).
 	However, Reddy discloses a border gateway protocol address family exchange(BAFX) [0032] The BGP message or BGP announcement steers subsequent traffic to the DDoS protection service 114 before it reaches the protected network. BGP is a gateway protocol for the exchanging routing, i.e. a border gateway protocol address family exchange,  and reachability information between networks. The BGP message may include the address of the DDoS protection service 114 so that routers redirect packets intended for the secure server 116 to the DDoS protection service 114. The BGP message may include the prefixes for the affected traffic (e.g., for example 100.200.300.* includes all addresses with the prefix 100.200.300)).

 	 Spatscheck and Dunbar and Bhandarkar and Reddy are both considered to be analogous to the claimed invention because they are in the same field of virtual route provide. 
 	Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Spatscheck to incorporate the teaching of Network nodes 108 are service function forwarder (SFF) of Dunbar, incorporate the extending the server by the BGP router of Bhandarkar , incorporate the exchanging routing of Reddy and provide router to redirect packets intended for the secure server  to the DDoS protection service( par 0032) 
 	Doing so would provide the protected network, thereby the network would be more secure and protected network (par 0032).

 	As per claims 9-11, those method claims are rejected based on the same rational set forth the claims 2-4 respectively.
 	As per claims 16-18, those medium claims are rejected based on the same rational set forth the claims 2-4 respectively. 


Claim(s) 6, 13 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Spatscheck et al US 2006/0185014 in view of Dunbar et al US 2015/0326473 in view of Deutsch et al US 2014/0181248.

 	As per claim 6, Spatscheck and Dunbar discloses The network device of claim 1, the combination does not discloses wherein the processor further effectuates operations comprising translating a non-flow specification address to a flow specification address.  
 	However, Deutsch discloses wherein the processor further effectuates operations comprising translating a non-flow specification address to a flow specification address ( [0009] Another technique to overcome the problems of non-routable addresses is to perform so-called "network address translation" (NAT), which involves complex reconfiguration of border routers to automatically map network address/port combinations to and from routable to non-routable addresses. This technique does allow the use of a single publically routable IP address to provide access to multiple devices with non-routable addresses but only at the cost of increased system complexity. NAT-enabled networks do not generally allow incoming connections unless mappings have been pre-configured from specific port/address combinations to specific devices, which may in turn conflict with software that attempts to use default or non-standard address/port combinations.).  
  	
 	Spatscheck and Dunbar and Deutsch are both considered to be analogous to the claimed invention because they are in the same field of virtual route provide. 
 	Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Spatscheck to incorporate the teaching of Network nodes 108 are service function forwarder (SFF) of Dunbar into incorporate the teaching of translating the address to configuring the border routers and provide reconfiguration of border routers to automatically map network address/port combinations to and from routable to non-routable addresses(par 0009),
 	Doing so would allow the use of a single publically routable IP address to provide access to multiple devices with non-routable addresses but only at the cost of increased system complexity, thereby increased system complexity.

 	As per claims 13, those method claim is rejected based on the same rational set forth the claim 6.

 	As per claims 20, those medium claim is rejected based on the same rational set forth the claim 6.


Claim(s) 7 is rejected under 35 U.S.C. 103 as being unpatentable over Spatscheck et al US 2006/0185014 in view of Dunbar et al US 2015/0326473 in view of Deutsch et al US 2014/0181248 in view of Osborne et al US 2017/0250894.


 	As per claim 7, Spatscheck and Dunbar and Deutsch  disclose The network device of claim 6, the combination fails to disclose wherein the processor further effectuates operations comprising broadcasting a flow specification diversion route from a destination route reflector to a vPE router.  
 	However, Osborne discloses wherein the processor further effectuates operations comprising broadcasting a flow specification diversion route from a destination route reflector to a vPE router ( par 0023  the route reflector 214 is configured to select a “best path” based on network metrics and broadcast the single “best path” to other network devices (such as PE-D 216). Thus, each device in the network 202 may only receive a single routing path through one of the possible multiple egress ports to the particular customer network. As such, all traffic for a customer network connected to the telecommunications network 202 is limited to egress through selected “best path” or selected provider edge, reducing the potential network performance gained through multiple connections to the network).  

 	Spatscheck and Dunbar and Deutsch and Osborne are both considered to be analogous to the claimed invention because they are in the same field of virtual route provide. 
 	Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Spatscheck to incorporate the teaching of Network nodes 108 are service function forwarder (SFF) of Dunbar into incorporate the teaching of translating the address to configuring the border routers  of Deutsch , incorporating broadcasting the best route from the router reflector of Osborne, and provide all traffic for a customer network connected to the telecommunications network 202 is limited to egress through selected “best path” or selected provider edge, reducing the potential network performance gained through multiple connections to the network ( par 0024).
 	Doing so would limited to egress through selected best path or selected provider edge, thereby reducing the potential network performance gained through multiple connections to the network.







Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
 	Guichard et al US 2011/0080911 discloses BGP extensions advertise routes for a Virtual Private Network (VPN). A VPN-IPv4 address is a 12-byte string, beginning with an 8-byte Route Distinguisher (RD) and ending with a 4-byte IPv4 address. If several VPNs use the same IPv4 address prefix, these will be translated into unique VPN-IPv4 address prefixes, making it possible for BGP to carry several completely different routes to that IP address.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABU S SHOLEMAN whose telephone number is (571)270-7314. The examiner can normally be reached EST: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JORGE ORTIZ CRIADO can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ABU S SHOLEMAN/Primary Examiner, Art Unit 2496