DETAILED ACTION

This communication is in response to Application No. 17/651,417 filed on 2/16/2022. Claims 1-20 have been examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 2/16/2022 is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-7, 9-17, 19, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Xiao (US 2015/0281059) in view of Agrawal et al. (hereinafter Agrawal)(US 2017/0317901).
Regarding claims 1 and 11, Xiao teaches as follows:
a system (interpreted as an electronic system 3100) comprising: 
data processing hardware (interpreted as a processing unit 3110); and 
memory hardware (interpreted as a system memory 3125, a read-only memory 3130, or a permanent storage device 3135) in communication with the data processing hardware, the memory hardware storing instructions that when executed on the data processing hardware cause the data processing hardware to perform operations (see, paragraph [0174]-[0177] and figure 31) comprising: 
receiving, from a first virtual machine (VM) of a first private-cloud computing environment (the process receives (at 305) a packet from a tenant VM to send to a service VM, see, paragraph [0059] and figure 3) via a network tunnel established between the first private-cloud computing environment and the public-cloud computing environment (when the two VMs are not on the same host, the process bypasses (at 330) the gateway by forwarding the packet to the VM of the requested cloud service through a tunnel in the virtualized infrastructure domain, see, paragraph [0061] and figure 3), a packet comprising: 
a source address comprising a first private IP address of the first VM (the NAT agent intercepts a packet that is sent by a tenant VM to one of the service VMs based on a set of forwarding rules that specify when to intercept packets to service VMs based on the destination IP address of the packets. The packet includes a source IP address and a source port number of the tenant VM, see, paragraph [0011]); and 
translating, using a network address translation (NAT) mapping (the NAT agent, prior to the packet leaving the PFE, replaces the source IP address and the source port number with a replacement address and port number from a set of replacement IP address and port number pairs that are allocated to the host for accessing service VMs, see, paragraph [0011]), the source address of the packet from the first private IP address of the first VM to a private IP address of the public-cloud computing environment (the process replaces (at 315) the source IP address and virtual port number in the packet with a replacement IP address and port number pair that uniquely identifies the tenant VM in the virtualized infrastructure domain when accessing a VM of the requested service, see, paragraph [0060] and figure 3).
Xiao teaches of communications between two clouds by tunneling but does not explicitly teach the private-cloud and public-cloud computing environments. 
Agrawal teaches as follows:
the example cloud network environment can include a plurality of networks or clouds, such as the hybrid cloud network including a private cloud 102 (equivalent to applicant’s private-cloud computing environment) and a public cloud 104 (equivalent to applicant’s public-cloud computing environment) separated by a WAN 106, such as the Internet. Although a hybrid cloud is sometimes defined as consisting of a private cloud and a public cloud, it should be understood that many aspects of this disclosure can be practiced in various configurations (e.g., two or more public clouds hosted by third party cloud providers and/or two or more private clouds of an enterprise located in different locations)(see, paragraph [0020] and figure 1).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify Xiao with Agrawal to include the hybrid cloud consisting of multiple private and public clouds as taught by Agrawal in order to provide tunneling between two private clouds via the public cloud. 
Regarding claims 2 and 12, Xiao teaches as follows:
receiving, from the second VM of the second private-cloud computing environment, a second packet (interpreted as a reply packet)(the process receives (at 335) a reply packet from the requested service VM destined to the requesting tenant VM, see, paragraph [0062] and figure 3) comprising: 
a second source address comprising the second private IP address of the second VM of the second private-cloud computing environment; and a second destination address comprising the private IP address of the public-cloud computing environment; translating, using the NAT mapping, the second source address of the second packet from the second private IP address of the second VM to the first private IP address of the first VM (the process then replaces (at 340) the unique replacement address and port number pair of the requesting tenant VM contained in the received packet with the actual IP address and port number of the requesting tenant VM (i.e., the IP address and port number assigned for use in the logical network of the tenant VM), see, paragraph [0062] and figure 3); and 
sending the second packet to the first private IP address of the first VM of the first private-cloud computing environment (the process then forwards (at 345) the packet received from the requested service VM to the requested tenant VM, see, paragraph [0062] and figure 3).
Xiao does not explicitly teach tunneling between two private clouds via the public cloud. 
Agrawal teaches a hybrid cloud interconnecting multiple private and public clouds as presented above.
Therefore, they are rejected for similar reason as presented above.
Regarding claims 3 and 13, Xiao teaches as follows:
wherein the second packet was received in response to sending the packet (a reply packet from the requested service VM destined to the requesting tenant VM, see, paragraph [0062] and 305 in figure 3).
Regarding claims 4 and 14, Xiao teaches as follows:
storing, in the NAT mapping, the first private IP address of the first VM (the NAT agent replaces the source IP address and the source port number with a replacement address and port number from a set of replacement IP address and port number pairs that are allocated to the host for accessing service VMs, see, paragraph [0011]).
Regarding claims 5 and 15, Xiao teaches as follows:
wherein the network tunnel comprises a VxLAN tunnel (tunnels in some embodiments are setup by the host's network stack, and the IP connectivity is provided using, e.g., generic routing encapsulation (GRE), network virtualization using GRE (NVGRE), virtual extensible local area network (VxLAN), or stateless transport tunneling (STT), see, paragraph [0114]).
Regarding claims 6 and 16, Xiao teaches as follows:
wherein translating the source address of the packet from the first private IP address of the first VM to the private IP address of the public-cloud computing environment comprises de-encapsulating the packet (the process decapsulates (at 2505) the reply packet by the uplink on the requesting tenant VM's host, see, paragraph [0146]).
Regarding claims 7 and 17, Agrawal teaches as follows:
cloud computing resources, for example, can include any type of resource, such as computing, storage, and network devices, virtual machines (VMs), etc. For instance, resources may include service devices (firewalls, deep packet inspectors, traffic monitors, load balancers, etc.), compute/processing devices (servers, CPU's, memory, brute force processing capability), storage devices (e.g., network attached storages, storage area network devices), etc. (see, paragraph [0018]).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify Xiao with Agrawal to include the well-known load balancer as taught by Agrawal in order to efficiently distribute packet traffic load. 
Regarding claims 9 and 19, Xiao teaches as follows:
wherein: the public-cloud computing environment comprises a public-cloud VM (the process receives (at 305) a packet from a tenant VM to send to a service VM, see, paragraph [0059] and figure 3); and 
the public-cloud VM receives the packet from the first VM of the first private- cloud computing environment (the process bypasses (at 330) the gateway by forwarding the packet to the VM of the requested cloud service through a tunnel in the virtualized infrastructure domain, see, paragraph [0061] and figure 3).
Regarding claims 10 and 20, Xiao teaches as follows:
wherein the NAT mapping comprises a lookup table (the process searches the mapping table 2105 (equivalent to applicant’s lookup table) described by reference to FIG. 21 to determine that the replacement IP address is associated with a tunnel, see, paragraph [0142]).

Claims 8 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Xiao (US 2015/0281059) in view of Agrawal et al. (hereinafter Agrawal)(US 2017/0317901), and further in view of Tembey et al. (hereinafter Tembey)(US 2019/0327144).
Regarding claims 8 and 18, Xiao in view of Agrawal teaches all limitations as presented above except for the well-known leaf-spine network topology.
Tembey teaches as follows:
an SDDC manager can provide automation of workflows for lifecycle management and operations of a self-contained private cloud instance. Such an instance may span multiple racks of servers connected via a leaf-spine network topology and connects to the rest of the enterprise network for north-south connectivity via well-defined points of attachment. The leaf-spine network topology is a two-layer data center topology including leaf switches and spine switches. In such a topology, the spine switches form a backbone of a network, where every leaf switch is interconnected with each and every spine switch (see, paragraph [0020]).
	It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify Xiao in view of Agrawal with Tembey to include the well-known leaf-spine network topology as taught by Tembey in order to improve performance and efficiencies of network communications between different virtual or physical resources.

Double Patenting
A rejection based on double patenting of the "same invention" type finds its support in the language of 35 U.S.C. 101 which states that "whoever invents or discovers any new and useful process ... may obtain a patent therefor ..."  (Emphasis added).  Thus, the term "same invention," in this context, means an invention drawn to identical subject matter.  See Miller v. Eagle Mfg. Co., 151 U.S. 186 (1894); In re Ockert, 245 F.2d 467, 114 USPQ 330 (CCPA 1957); and In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970).
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.   A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and  In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).

Claims 1-20 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-16 of U.S. Patent No. 11,271,905 (hereinafter Patent ‘905) in view of Agrawal et al. (hereinafter Agrawal)(US 2017/0317901).  Although the conflicting claims are not identical, they are not patentably distinct from each other because Patent ‘905 teaches as follows:
Applicant’s claims 1 and 11
Patent ‘905
a system comprising: data processing hardware; and memory hardware in communication with the data processing hardware, the memory hardware storing instructions that when executed on the data processing hardware cause the data processing hardware to perform operations comprising: 

A system comprising: 
a plurality of first host machines implementing a public-cloud computing environment, wherein at least one of the first host machines comprises at least one public-cloud virtual machine (VM) that performs network address translation (NAT); and 
a plurality of second host machines implementing a private-cloud computing environment, wherein at least one of the second host machines comprises at least one private-cloud VM, wherein the public-cloud VM is configured to: 
receiving, from a first virtual machine (VM) of a first private-cloud computing environment, via a network tunnel established between the first private-cloud computing environment and the public-cloud computing environment, a packet comprising: 
receive, via a network tunnel from the private-cloud VM, one or more first packets to be sent to a public Internet Protocol (IP) address of a public network host, 
a source address comprising a first private IP address of the first VM; and 

the one or more first packets when received at the public-cloud VM from the private-cloud VM each comprising a source address that includes a private IP address of the private-cloud VM; 
a destination address comprising a second private IP address of a second VM of a second private-cloud computing environment; 

translating, using a network address translation (NAT) mapping, the source address of the packet from the first private IP address of the first VM to a private IP address of the public-cloud computing environment; and 

translate, using a NAT mapping, the source address of each first packet received from the private-cloud VM from the private IP address of the private-cloud VM to an IP address of the public-cloud VM so that each first packet to be sent to the public IP address of the public network host appears to be from the public-cloud VM; and
sending the packet to second private IP address of the second VM of the second private-cloud computing environment.	
send each first packet to the public IP address of the public network host, each first packet sent to the public IP address of the public network host comprising the translated source address that includes the IP address of the public-cloud VM. 


Patent ‘905 teaches similar limitations as presented above except for tunneling between two private clouds via the public cloud. 
Agrawal teaches a hybrid cloud interconnecting multiple private and public clouds as presented above.
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify Patent ‘905 with Agrawal to include the hybrid cloud consisting of multiple private and public clouds as taught by Agrawal in order to provide tunneling between two private clouds via the public cloud. 
Rest of dependent claims 2-10 and 12-20 are rejected for the dependency on the rejected claims 1 and 11 respectively.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jeong S Park whose telephone number is (571)270-1597. The examiner can normally be reached Monday through Friday 8:00-4:30 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Glenton B Burgess can be reached on 571-272-3949. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JEONG S PARK/Primary Examiner, Art Unit 2454                                                                                                                                                                                                        
December 13, 2022