DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Responsive to the communication dated 11/22/2022.
Claims 2 and 11 are cancelled.
Claims 1, 10, 19 are amended.
Claims 1, 3 – 10, 12 – 20 are presented for examination.

Final Action
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 


Response to Arguments
The Applicant argues that they have amended the claims and that due to the amendment the claims are now allowable.

In response, the Examiner has considered the arguments and the amendment and finds that the art of record does not explicitly teach identifying a failure in the network assurance appliance. Therefore, the previous rejection is withdrawn. A new search was conducted and a new ground of rejection is presented below.

End Response to Arguments



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


(1) Claims 1, 2 – 10, 12 - 20 are rejected under 35 U.S.C. 103 as being unpatentable over Handige_2017 (US 2017/0048126 A1) in view of Benc_2016 (US 2016/0254964 A1) in view of Dao_2009 (Live Debugging of Distributed Systems, LNCS 5501, pp. 94-108, 2009 Springer-Verlag Berlin Heidelberg) in view of Feng_2018 (CN 107992009 A 2018-05-04).


Claim 1. Handige_2017 makes obvious “A method (title: “method and system for debugging...”; abstract: “... debugging method are disclosed... the method is implemented...”; par 4: “temporal matching based debugging methods are disclosed...”), comprising: executing, within a network environment, a network assurance appliance; identifying a failure in the executing caused by the network  debugging, in response to the identifying, the network , comprising: receiving snapshot data for a network environment corresponding to a specific time in the network environment (FIG. 1: Network Elements 110, sending statistics of packet characteristics to anomaly analyzer 142 that are “temporally” matched with the messages “when there is a packet processing anomaly”; FIG. 2; FIG. 5; Fig. 7D, 7E; par 4: “... the method further includes obtaining at the SDN controller from the network device, a set of statistics from the network device, where the set of statistics indicates characteristics of packet processing at the network device...” NOTE: “set of statistics” is a snapshot par 38: “... the messages are stored based on timestamps of the messages...”), the snapshot data including network events occurring in the network environment (par 37: “... the recorded messages may include all the messages during a period of time (e.g., 1 day) and they are stored in a log...”; FIG. 3 illustrates packet counts. Packets at a node are events occurring in the network environment; par 5: “... a set of statistics from the network device, wherein the set of statistics indicates characteristics of packet processing at the network device...”) and generated by a network assurance appliance (par 29: “... an anomaly analyzer 142 is in the network controller 140 to monitor and debug anomalies identified, including the ones relating to packet processing in network element 110...”; par 37: “... anomaly analyzer 142 records messages between the network controller 140 and the network element 110...”; par 39: “... the anomaly analyzer 142 obtains a set of statistics indicating characteristics of packet processing in the network element 110... through polling... anomaly analyzer 142 may specifically request for statistics...” NOTE: because the generation of the statistics starts by the anomaly analyzer requesting data it is obvious that the anomaly analyzer is generating the snapshot.); [modeling] outside of the network environment (par 3: “... an anomaly in a network element ideally should be remotely debugged outside the network...”; par 46: “... an anomaly analyzer 242 may be a standalone unit outside a particular controller...” NOTE: the analyzer outside the controller is therefore outside the network. Being part of the network controller cluster merely indicates a logical association but does not necessarily indicate any particular physical location.) a state of the network environment at the specific time using the snapshot data to create an [modeled] state of the network environment corresponding to the specific time (FIG. 3);   [analyze] the network environment corresponding to the specific time (par 40: “... the set of statistics may be used for anomaly analysis...”; FIG. 3: Packet processing anomaly occurs at a specific time as illustrated in the diagram) ; and debugging the network)  outside the network environmentin the [modeled] state of the network environment corresponding to the specific time  (FIG. 3; par 4: “Temporal matching based debugging method are disclosed...”;  par 40: “... the set of statistics may be used for anomaly analysis by the anomaly analyzer 142...”; par 47: “... the anomaly analyzer 242 includes... identify one or more messages occurred when the set of statistics indicating a packet processing anomaly in the network element. The identified one or more messages are then analyzed to determine whether or not the messages caused the packet processing anomaly, and if the message did cause the anomaly, the anomaly analyzer... determines the proper remedial measure to remove the packet processing anomaly...”; par 53: “... the anomaly analyzer may investigate the flow modification message 322 and determine whether or not the flow modification messages 322 may have caused the packet processing drop, and how to remove the anomaly...”).



While Handige_2017 teaches to identify anomalous sates (i.e., failures) of the execution caused by network equipment and to re-create anomalous states of the network (FIG. 3) and to perform analysis and to debug (par 40, 47, 53) the anomalous state, Hangige_2017 does not explicitly teach the anomalous states is due to “failure in the executing caused by the network assurance appliance” nor “debugging, in response to the identifying, the network assurance appliance” nor the re-created anomalous state is an emulated state achieved by “re-executing the network assurance appliance in the emulated state” nor that the re-execution of the “assurance appliance outside the network environment based on re-execution of the network assurance applicant in the emulated state”


Benc_2016 makes obvious “emulating” a network and emulating “the network assurance appliance in the emulated state” network (abstract: “... querying a host computer system for network configuration data...and... connectivity between the network components... generates, in view of the network configuration data, a network configuration model...”; par 2: “network virtualization may be a software-emulated representation of physical network components of physical network infrastructure used to provide corresponding virtual network components... virtual network components may be software-emulated representations of corresponding physical network components...”; par 11: “A virtual-machine... may be a software-emulated representation of a physical machine...” par 19: “... a host network analyzer component may be a software application implementing one or more features of the systems and methods of the present disclosure... network analyzer component may query certain application containers and/or VMs to discover the network components... the host network analyzer... may determine the connectivity...” NOTE: a network analyzer is a network assurance applicant.).

Handige_2017 and Benc_2016 are analogous art because they are from the same field of endeavor called networks. Before the effective filing date it would have been obvious to a person of ordinary skill in the art to combine Handige_2017 and Benc_2016. The rationale for doing so would have been that Handige_2017 teaches to have a anomaly analyzer in a software defined network and Benc_2016 teaches that a analyzer may be an emulated one including a “software-emulated representation” that corresponds to components found in a physical network. Therefore, it would have been obvious to combine Handige_2017 and Benc_2016 for the benefit of having software-emulated anomaly analyzers  to obtain the invention as specified in the claims.

Therefore, while Handige_2017 teaches to model/analyze the state of the network and Benc_2016 teaches to emulate a network, Handige_2017 and Benc_2016 does not explicitly teach to model/analyze the state of the network by emulating a state of the network. 

Further; while Benc_2016 teaches to query physical network components and to create an emulated network including emulated network analyzers Handige_2017 and Benc_2016 does not explicitly teach
“re-executing” the network environment nor “re-execution of the network assurance appliance in the emulated state.”

“failure in the executing caused by the network assurance appliance” nor “debugging, in response to the identifying, the network assurance appliance” nor the re-created anomalous state is an emulated state achieved by “re-executing the network assurance appliance in the emulated state” nor that the re-execution of the “assurance appliance outside the network environment based on re-execution of the network assurance applicant in the emulated state”


Nevertheless; Dao_2009 makes obvious “emulating a state of the network” and “re-executing the network environment” and “the recreated anomalous state is an emulated state achieved by re-executing the network assurance applicant in the emulated state” and “re-execution of the network assurance applicance in the emulated state” (page 106 – 107 section 6: “... debugging distributed systems... replay-based checking... replay-based checking where the programmer has the ability to replay a program while replicating its order and environment... the benefit of... any replay tool is the ability to consistently reproduce bugs from previous executions... detect runtime bugs, and then use the replay-based checking for offline analysis...”; page 104: “... experiment on several different network topologies... these clients are emulated on 17 physical machines with the ModelNet network emulator... the emulated topologies consist of an INET network with 500 total nodes...”).


Handige_2017 and Benc_2016 and Dao_2009 are analogous art because they are from the same field of endeavor called networks (e.g., distributed systems). Before the effective filing date, it would have been obvious to a person of ordinary skill in the art to combine Handige_2017 and Dao_2009.
The rationale for doing so would have been that Hangige_2017 teaches to debug failures/anomalies in a network (e.g., distributed system). Dao_2009 teaches that “the benefit of... any replay tool is the ability to consistently reproduce bugs from previous executions... [and] enables offline analysis...” (page 107)
Therefore; it would have been obvious to combine Handige_2017 and Dao_2009 for the benefit of consistently reproduce bugs (anomalous states) of the network and enable analysis to debug the anomalous conditions to obtain the invention as specified in the claims.

while the combination of Handige_2017 and Benc_2016 and Dao_2009 make obvious to debug network components when an anomalous state of the network occurs and to do this by re-creating the state of the anomalous condition at a specified point in time; the combination does not teach the “failure in the executing caused by the network assurance appliance” nor “debugging, in response to the identifying, the network assurance appliance” nor that the re-execution of the “assurance appliance outside the network environment based on re-execution of the network assurance applicant in the emulated state”

Nevertheless; Feng_2018 makes obvious “failure in the executing caused by the network assurance appliance” nor “debugging, in response to the identifying, the network assurance appliance” nor that the re-execution of the “assurance appliance outside the network environment based on re-execution of the network assurance applicant in the emulated state” (page 3: “... the beneficial effects of the technical solution of the invention are as follows: the software emulator can be performed in the absence of physical hardware device, realizing off-line authentication of the FPGA algorithm and control strategy. Saves the hardware device and device for installing and debugging cost, and can simulate equipment trouble condition of the safety level platform, debugging and verification of the protection logic of the fault condition...”; page 5: “... realize algorithm offline debugging and verification support, on the basis of the emulation, debugging can be performed... for safety protection logic debug and verification... simulating the FPGA controller to each device in each DCS control system module of fault diagnosis, can simulate fault state debugging fault safety function; simulation based on maintaining the network protocol of data link layer, can be seamlessly replace by FPGA emulator FPGA hardware through engineer station for downloading and debugging operation...” NOTE: the above citations teach to debug faults in the “safety level platform” and “safety protection logic” of a network by emulating these devices (i.e., logic algorithm) in an “emulator can be performed in the absence of physical hardware device, realizing off-line authentication...”. Offline in the absence of the hardware clearly teaches that the debugging is outside of the network environment and the debugging is being done to debug “safety protection logic” and “safety level platforms” which provide network assurance. Therefore; Feng_2018 clearly teaches to identify a failure in network assurance appliances and then to debug these appliances in response to identifying a network failure caused by these appliances and to do this in a emulator outside the network environment.)

Handige_2017 and Benc_2016 and Dao_2009 and Feng_2018 are analogous art because they are from the same field of endeavor called networks (e.g., distributed systems). Before the effective filing date, it would have been obvious to a person of ordinary skill in the art to combine Handige_2017 and Feng_2018. The rationale for doing so would have been Handige_2017 teaches to debug a network that include network assurance appliances and Feng_2018 teaches that “beneficial effects” include “saves the hardware device and device for installing and debugging costs” (page 3) when debugging safety level platforms and safety protection logic by using offline emulators. Therefore,  it would have been obvious to combine Handige_2017 and Feng_2018 for the benefit of lowering debugging cost and saving the hardware devices for other uses to obtain the invention as specified in the claims.



Claim 10. The limitations of claim 10 are substantially the same of claim 1 and are rejected due to the same reasons as outlined above for claim 1. Additionally, Handige_2017 makes obvious the further limitations of “A system comprising: one or more processors; and a computer-readable medium comprising instructions stored therein, which when executed by the one or more processors, cause the one or more processors to:” (title: “... system for debugging...”; FIG. 1, 2, 7, 8).

Claim 19. The limitations of claim 19 are substantially the same of claim 1 and are rejected due to the same reasons as outlined above for claim 1. Additionally, Handige_2017 makes obvious the further limitations of “A non-transitory computer-readable storage medium comprising instructions stored therein, which when executed by one or more processors, cause the one or more processors to:” (page 13: “... non-transitory machine-readable storage medium containing instructions executable by the processor...”).


Claim 3, 12. Handige_2017 and Benc_2016 and Dao_2009 and Feng_2018 makes obvious all the limitations of claim 1, and 10. Benc_2016 makes obvious “wherein the snapshot data includes one or more combination of one or more statuses of one or more devices in a fabric of the network environment, one or more software versions of network devices in the network environment, a topology of the fabric 
, endpoint information of one or more endpoints in the network environment 
, tenant information of one or more tenants associated with the network environment, object information for one or more objects in the network environment
, and policy information for policy in the network environment” 

(par 9: “... querying a host computer system for network configuration data of one or more virtual network components...”; par 19: “... querying for network configuration data may include querying the host machine to find the containers and/or VMs associated with the host machine... to discover the network components... determine the connectivity between the network components...”; par 36: “... the configuration data  for the network component may include parameters and values indicating the type of network component... the version of the network component...”; par 38: “... configuration data... may include parameters and values indicating a path...” NOTE: the connectivity and paths make obvious the topology of the fabric and the endpoint information of one or more endpoints.).

Also, Handige_2017 makes obvious “wherein the snapshot data includes one or more combination of one or more statuses of one or more devices in a fabric of the network environment, one or more software versions of network devices in the network environment, a topology of the fabric 
, endpoint information of one or more endpoints in the network environment 
, tenant information of one or more tenants associated with the network environment, object information for one or more objects in the network environment
, and policy information for policy in the network environment” (par 54: “... message utilized... recorded at a network controller... for a group status...”; par 58: “... requests or provides status information of a port or a table of the network device...”).


Claim 4, 13. Handige_2017 and Benc_2016 and Dao_2009 and Feng_2018 makes obvious all the limitations of claim 1, and 10. Handige_2017 makes obvious “wherein the snapshot data includes one or more queries sent from the network assurance appliance to the network environment to generate one or more network events occurring in the network environment (par 39: “... the anomaly analyzer 142 obtains a set of statistics... through polling... anomaly analyzer 142 may specifically request for statistics... obtained through messages such as a multipart_request (e.g., a read-state message from a network controller to a network element...”) and the  [model] state of the network environment is created based on the one or more network events (FIG. 3).

Benc_2016 also makes obvious “emulated” network environment (abstract: “... query a host compute system for network configuration data... receiving, in response to the querying, the network configuration data... and configuration data of connectivity between the network components... the method also, generates, in view of the network configuration data, a network configuration model...”; FIG. 3. par 2: “... virtual network components may be software-emulated representations of corresponding physical network components...”).

Dao_2009 also makes obvious “wherein the snapshot data includes one or more queries  to the network environment to generate one or more network events occurring in the network environment” (page 97: “... the data exporter module operates on each node in the system, extracts data that describes the execution’s current state, an forwards the timestamped data to the central server...”)“ and the emulated state of the network environment is created based on the one or more network events...” (page 104: “these clients are emulated on 17 physical machines with the ModelNet network emulater... the emulated topologies consist of an INET network with 5000 total nodes...”; par 106 – 107: “replay-based checking... replay a program while replicating its order and environment... replay them deterministically. The benefit of... any replay tool is the ability to consistently reproduce bugs from previous executions...”; abstract: “debugging distributed systems... while deploying a system exposes it to realistic conditions, debugging requires the developer to: (i) detect a bug (ii) gather the system state necessary for diagnosis, and (iii) sift through the gathered state to determine a root cause... detects a violation, it provides the programmer with the information to determine its root cause...” NOTE: reproducing a bug (e.g., an anomalous state of the distributed system/network) is a recreation of the state of the network environment and it is recreated based on information gathered when a violation/bug is detected. The information gathered is “the system state” and the replay-based checking is re-creating the system state using an emulated network.

While Dao_2009 does not explicitly teach a “network assurance appliance” Handige_2017 does teach an anomaly analyzer that sends queries. Therefore, the combination makes obvious “sent from the network assurance appliance.”).

Claim 5, 14. Handige_2017 and Benc_2016 and Dao_2009 and Feng_2018 makes obvious all the limitations of claim 4, and 13. Dao_2009 makes obvious “wherein the network assurance appliance is re-executed in the emulated state of the network environment on the one or more queries” (page 104: “these clients are emulated on 17 physical machines with the ModelNet network emulater... the emulated topologies consist of an INET network with 5000 total nodes...”; par 106 – 107: “replay-based checking... replay a program while replicating its order and environment... replay them deterministically. The benefit of... any replay tool is the ability to consistently reproduce bugs from previous executions...”; abstract: “debugging distributed systems... while deploying a system exposes it to realistic conditions, debugging requires the developer to: (i) detect a bug (ii) gather the system state necessary for diagnosis, and (iii) sift through the gathered state to determine a root cause... detects a violation, it provides the programmer with the information to determine its root cause...”).

Claim 6, 15. Handige_2017 and Benc_2016 and Dao_2009 and Feng_2018 makes obvious all the limitations of claim 1, and 10. Handige_2017makes obvious “wherein the specific time corresponds to one or more failures occurring in the network environment and the emulated state of the network environment includes the one or more failures” (Figure 3).

Dao_2009 also makes obvious “wherein the specific time (page 97: “... the data exporter module operates on each node in the system, extracts data that describes the execution’s current state, an forwards the timestamped data to the central server...”) corresponds to one or more failures occurring in the network environment  (abstract: “debugging distributed systems... while deploying a system exposes it to realistic conditions, debugging requires the developer to: (i) detect a bug (ii) gather the system state necessary for diagnosis, and (iii) sift through the gathered state to determine a root cause... detects a violation, it provides the programmer with the information to determine its root cause...”) and the emulated state of the network environment includes the one or more failures” (page 104: “these clients are emulated on 17 physical machines with the ModelNet network emulater... the emulated topologies consist of an INET network with 5000 total nodes...”;par 106 – 107: “replay-based checking... replay a program while replicating its order and environment... replay them deterministically. The benefit of... any replay tool is the ability to consistently reproduce bugs from previous executions...”).

Claim 7, 16. Handige_2017 and Benc_2016 and Dao_2009 and Feng_2018 makes obvious all the limitations of claim 6, and 15. Dao_2009 makes obvious “wherein the network assurance appliance is re-executed in the emulated state of the network environment in response to the one or more failures occurring in the network environment” (abstract: “debugging distributed systems... while deploying a system exposes it to realistic conditions, debugging requires the developer to: (i) detect a bug (ii) gather the system state necessary for diagnosis, and (iii) sift through the gathered state to determine a root cause... detects a violation, it provides the programmer with the information to determine its root cause...” page 104: “these clients are emulated on 17 physical machines with the ModelNet network emulater... the emulated topologies consist of an INET network with 5000 total nodes...”;par 106 – 107: “replay-based checking... replay a program while replicating its order and environment... replay them deterministically. The benefit of... any replay tool is the ability to consistently reproduce bugs from previous executions...”).

Claim 8, 17. Handige_2017 and Benc_2016 and Dao_2009 and Feng_2018 makes obvious all the limitations of claims 1, 10, Dao_2009 makes obvious “wherein the network assurance applicant is re-executed in the emulated state of the network concurrently with the network environment continuing to provide network service access” (page 106 – 107 “... replay tool is the ability to consistently reproduce bugs from previous executions... enables offline analysis... use replay-based checking for offline analysis...” NOTE: the teaching of offline indicates to one of ordinary skill in the art that the function may be performed independently without regard for the operating mode of the physical network. Because there are only two options for the physical network (i.e., functioning/accessible or not functioning/inaccessible) and there is no unexpected outcome it would be obvious that when performing re-execution (i.e., replay) offline from the network that the network is either accessible or inaccessible.)

Claim 9, 18. Handige_2017 and Benc_2016 and Dao_2009 and Feng_2018 makes obvious all the limitations of claims 1, 10, Dao_2009 makes obvious “wherein the network assurance applicant is re-executed in the emulated state of the network environment while the network environment is inaccessible” (page 106 – 107 “... replay tool is the ability to consistently reproduce bugs from previous executions... enables offline analysis... use replay-based checking for offline analysis...” NOTE: the teaching of offline indicates to one of ordinary skill in the art that the function may be performed independently without regard for the operating mode of the physical network. Because there are only two options for the physical network (i.e., functioning/accessible or not functioning/inaccessible) and there is no unexpected outcome it would be obvious that when performing re-execution (i.e., replay) offline from the network that the network is either accessible or inaccessible.)

Claim 20. Handige_2017 and Benc_2016 and Dao_2009 and Feng_2018 makes obvious all the limitations of claim 19, Dao_2009 makes obvious “wherein the network assurance applicant is re-executed in the emulated state of the network environment either concurrently with the network environment continuing to provide network service access or while the network environment is inaccessible” (page 106 – 107 “... replay tool is the ability to consistently reproduce bugs from previous executions... enables offline analysis... use replay-based checking for offline analysis...” NOTE: the teaching of offline indicates to one of ordinary skill in the art that the function may be performed independently without regard for the operating mode of the physical network. Because there are only two options for the physical network (i.e., functioning/accessible or not functioning/inaccessible) and there is no unexpected outcome it would be obvious that when performing re-execution (i.e., replay) offline from the network that the network is either accessible or inaccessible.)


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRIAN S COOK whose telephone number is (571)272-4276. The examiner can normally be reached 8:00 AM - 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kamini S. Shah can be reached on 571-272-2279. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BRIAN S COOK/Primary Examiner, Art Unit 2146