Ex Parte Zhang et alDownload PDFPatent Trial and Appeal BoardJan 24, 201814068658 (P.T.A.B. Jan. 24, 2018) Copy Citation United States Patent and Trademark Office UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O.Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 14/068,658 10/31/2013 Ronghua Zhang N056 (NCRA.P0150) 5710 109858 7590 VMware, Inc. 3401 Hill view Avenue Palo Alto, CA 94304 01/26/2018 EXAMINER RIVAS, SALVADOR E ART UNIT PAPER NUMBER 2479 NOTIFICATION DATE DELIVERY MODE 01/26/2018 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): ipadmin@vmware.com ipteam @ vmware. com mail@ adelillp.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte RONGHUA ZHANG and JESSE E. GROSS IV Appeal 2017-008134 Application 14/068,658 Technology Center 2400 Before DENISE M. POTHIER, SCOTT B. HOWARD, and STEVEN M. AMUNDSON, Administrative Patent Judges. POTHIER, Administrative Patent Judge. DECISION ON APPEAL STATEMENT OF THE CASE Appellants1 appeal under 35 U.S.C. § 134(a) from the Examiner’s rejection of claims 1, 3—16, and 19-22. App. Br. I.2 Claim 2 has been canceled {id. at 28), and claims 17 and 18 are objected to but would be allowable if rewritten in independent form to include all of the limitations of 1 The real party in interest is listed as Nicira, Inc. App. Br. 2. 2 Throughout this opinion, we refer to (1) the Final Action (Final Act.) mailed May 5, 2016, (2) the Appeal Brief (App. Br.) filed November 22, 2016, (3) the Examiner’s Answer (Ans.) mailed March 10, 2017, and (4) the Reply Brief (Reply Br.) filed May 8, 2017. Appeal 2017-008134 Application 14/068,658 their base claim and any intervening claims (Final Act. 26). We have jurisdiction under 35 U.S.C. § 6(b). We reverse. Invention Appellants’ invention relates to optimizing managing tenant networks that transmit substantially more data outside the managed network than these networks receive. See Spec. 12. For example, a managed network manages forwarding elements operating on host machines to “send packets out onto the external network through a direct connection that bypasses the gateways,” which in some embodiments involves “a specific logical port (called a direct host return (‘DHR’) port) of a logical forwarding element implemented by the managed forwarding elements.” Id. 13; see also id. 11 19-20, 26,30, Fig. 1. Claim 1 is reproduced below with emphasis: 1. A method for managing a network for a network controller, the method comprising: configuring a first managed forwarding element in the network, operating in a host machine that hosts a virtual machine belonging to a particular logical network and connected to the managed network through the first managed forwarding element, to implement a first logical port of a logical router of the particular logical network, the first logical port used only for egress traffic directed outside of the managed network, the first managed forwarding element implementing the first logical port by connecting directly to a physical network element outside of the managed network in order to send egress traffic directly to the physical network element without the egress traffic passing through any intervening managed forwarding elements in the managed network; and configuring a second managed forwarding element in the managed network to implement a second logical port of the 2 Appeal 2017-008134 Application 14/068,658 logical router, the second logical port used for both ingress traffic received from outside the managed network and egress traffic directed outside the managed network, wherein the second managed forwarding element receives ingress traffic addressed to the first virtual machine directly from the physical network element and transmits said ingress traffic to the first managed forwarding element. The Examiner relies on the following as evidence of unpatentability: McDysan Sanden Nilakantan Sridharan Kannan US 2010/0175125 A1 US 2012/0173757 A1 US 2012/0278802 A1 US 2013/0058346 A1 US 2013/0145002 A1 July 8, 2010 July 5, 2012 Nov. 1,2012 Mar. 7,2013 June 6, 2013 Martin Casado et al., Virtualizing the Network Forwarding Plane 1—6 (Dec. 2010) (“Casado”).3 The Rejections Claims 1, 3, and 4 are rejected under 35 U.S.C. § 103(a) (pre-AIA) or § 103 as unpatentable over Nilakantan and Casado. Final Act. 3—10. Claim 5 is rejected under 35 U.S.C. § 103(a) (pre-AIA) or § 103 as unpatentable over Nilakantan, Casado, and McDysan. Final Act. 10-11. Claims 6—11, 13—16, and 20—22 are rejected under 35 U.S.C. § 103(a) (pre-AIA) or § 103 as unpatentable over Sridharan and Casado. Final Act. 11-23. Claim 12 is rejected under 35 U.S.C. § 103(a) (pre-AIA) or § 103 as unpatentable over Sridharan, Casado, and Sanden. Final Act. 24—25. 3 See also 6th Inf 1 CoNEXT 2010 Conference, ACM PRESTO Workshop (Nov. 30, 2010), available at https://conferences.sigcomm.org/co- next/2010/Workshops/PRESTO/PRESTO_papers/06-Casado.pdf. 3 Appeal 2017-008134 Application 14/068,658 Claim 19 is rejected under 35 U.S.C. § 103(a) (pre-AIA) or § 103 as unpatentable over Sridharan, Casado, and Kannan. Final Act. 25—26. OBVIOUSNESS REJECTION OVER NILAKANTAN AND CASADO Regarding independent claim 1, the Examiner finds that Nilakantan and Casado teach its limitations. In particular, the Examiner determines Nilakantan teaches configuring a first managed forwarding element (MFE) in a network (e.g., host 208 in Figs. 3—4 or 206 in Figs. 5—6). Final Act. 4 (citing Nilakantan, Figs. 3—6). The Examiner states Nilakantan does not teach implementing a first logical port used only for egress traffic directed outside the managed network and configuring a second MFE having a second logical port used for both ingress traffic received from outside the managed network and egress traffic directed outside the managed network. Id. at 5. The Examiner turns to Casado, when combined with Nilakantan, to teach these features. Id. at 5—8 (citing Casado, pp. 2—5, Fig. 1). Among other arguments, Appellants argue Nilakantan and Casado do not teach or suggest a method that configures a first MFE to implement a first logical port of a logical router used to send only egress traffic outside of the managed network. App. Br. 11—13 (citing Casado, pp. 2—4). Appellants contend Casado does not mention logical ports restricted by ingress or egress. Id. at 12—13. Appellants specifically assert Casado discusses generic logical ports and does not differentiate between these discussed ports, such that Casado fails “adequately [to] address the specifically recited features of the first and second logical ports.” Id. at 13 (underlining omitted). 4 Appeal 2017-008134 Application 14/068,658 ISSUE Under § 103, has the Examiner erred in rejecting claim 1 by finding that Nilakantan and Casado collectively would have taught or suggested a method that configures (a) “a first managed forwarding element in the network ... to implement a first logical port of a logical router . . . the first logical port used only for egress traffic directed outside of the managed network,” and (b) “a second managed forwarding element in the managed network to implement a second logical port of the logical router, the second logical port used for both ingress traffic received from outside the managed network and egress traffic directed outside the managed network”? ANALYSIS Based on the record before us, we find error in the Examiner’s rejection of claim 1. Regarding the recitation of “the first logical port used only for egress traffic,” the Examiner cites both Nilakantan and Casado. Ans. 2—3 (citing Nilakantan || 6, 30—31, Figs. 3—6 and Casado, p. 3). Nilakantan teaches a host (e.g., 208) having a hypervisor (e.g., 302), including a virtual machine (e.g., 300) and a virtual switch (e.g., 304), that is mapped to the recited “first managed forwarding element.” Final Act. 4 (discussing, e.g., host 208 in Figure 3). Specifically, Nilakantan teaches configuring a host’s network connections/setup, including configuring the hypervisor’s switch (e.g., a part of the mapped MFE, discussed in Final Act. 4), by analyzing the network connectivity requirements of persona 252 and creating virtual ports (e.g., logical ports) to access the VLANs. See Nilakantan || 30—31, Figs. 2—3. 5 Appeal 2017-008134 Application 14/068,658 This suggests to one skilled in the art that switches can be configured to transmit traffic in a given direction (e.g., egress traffic to access the VLANs) based on a persona’s network connectivity requirements. See id. However, Nilakantan does not provide a sufficient suggestion to include a second managed forwarding element or the recited first and second ports as noted by the Examiner. Final Act. 5. Nor does this citation adequately suggest including two ports, one used only for egress traffic directed outside of a managed network and a second used for both ingress and egress traffic to and from the managed network as recited in claim 1. App. Br. 28 (Claims App’x). Casado also teaches a “network hypervisor” in the context of a logical forwarding plane. Casado 2. Specifically, Casado teaches a network hypervisor maps a logical forwarding plane into physical hardware, and such logical forwarding plane is the network’s logical abstraction (e.g., lookup tables, ports, and primitives for forwarding packets). Id. at 2—3. For example, Casado discusses forwarding elements containing a set of logical ports and discusses both “ingress ports” and “egress ports.” Id. at 3^4 (stating both (i) “[i]t could be . . . the ingress port” and (ii) “the network must send the packets to the physical objects to which these egress ports are bound”); see also id. at 4 (further discussing “the logical egress port” and “table to map a logical egress port to a physical location”). As such, Casado teaches that a hypervisor, such as Nilakantan’s hypervisor 302, can include a forwarding element having (1) an egress port that sends traffic to a physical location or (2) an ingress port. See id. at 3^4. Even presuming that Casado’s egress port teaches or suggests a port restricted to egress or the recited “first logical port used only for egress 6 Appeal 2017-008134 Application 14/068,658 traffic,” Casado does not further teach or suggest a second logical port on a second managed MFE used for both ingress traffic and egress traffic as additionally recited in claim 1. See App. Br. 13. At best, Casado teaches ports may appear and leave dynamically and can be ingress or egress ports. Casado 3, cited in Final Act. 6. We therefore agree with Appellants that Casado discusses “generic logical ports” and “does not adequately address the specifically recited features of the first and second logical ports.” App. Br. 13 (underlining omitted); see also Reply Br. 3. That is, Casado does not discuss a logical port that provides both ingress and egress traffic. Casado 3^4. Nor does the Examiner sufficiently elaborate on this point. See Ans. 2—6 (providing no response related to “the second logical port used for both ingress traffic received from outside the managed network and egress traffic directed outside of the managed system” as recited). Granted, Casado teaches a table to map incoming packets to their logical forwarding context. Casado 4, cited in both Final Act. 7 and Ans. 5. Nonetheless, the Examiner has not explained sufficiently how one skilled in the art would have recognized this teaching of mapping an incoming packet to logical context suggests the recited “second logical port used for . . . ingress traffic received” along with “egress traffic directed outside the managed network” in claim 1. Moreover, even presuming without agreeing that Casado’s general teaching of a table that maps logical egress ports to physical locations suggests the recited “first logical port... to a physical network element outside of the managed network” as the Examiner determines (Ans. 6),4 there is an insufficient explanation in the record that 4 Nilakantan teaches and shows in Figure 3 hypervisor 302 within host 208 is connected to VLANs 240, 242. These VLANs are described as part of 7 Appeal 2017-008134 Application 14/068,658 this mapping of an incoming packet to logical context also teaches or suggests the recited “second logical port. . . used for . . . ingress traffic received from outside the managed network” in claim 1. For the foregoing reasons, Appellants have persuaded us of error in the rejection of (1) independent claim 1 and (2) dependent claims 3 and 4 for similar reasons. OBVIOUSNESS REJECTION OVER NILAKANTAN, CAS ADO, AND MCDYSAN Claim 5 depends from claim 1 and is rejected under 35 U.S.C. § 103(a) (pre-AIA) or § 103 as unpatentable over Nilakantan, Casado, and McDysan. Final Act. 10—11. The rejection does not rely on McDysan to teach or suggest the above-noted deficiencies of the Nilakantan-Casado rejection. See id. As such, for reasons similar to those above for claim 1, we will not sustain the rejection of claim 5. OBVIOUSNESS REJECTION OVER SRIDHARAN AND CASADO Claims 6—11 Independent claim 6 recites “a second managed forwarding element . . . performed logical processing on the first packet as having received the first packet at a first logical port of a logical router, the first logical port used for both ingress traffic received from outside the managed network and egress traffic directed outside the managed network” and “performing managed system 200 in Figure 2. Nilakantan 122, Figs. 2—3. Casado discusses using the hypervisor within a multi-tenant network environment, describing the tenant networks separately from the VLANs. Casado 5. 8 Appeal 2017-008134 Application 14/068,658 logical processing on the second packet to logically send the packet to a second logical port of the logical router that is used only for egress traffic directed outside of the managed network.” App. Br. 29 (Claims App’x). These recitations are similar to those discussed above for claim 1. For this claim, the Examiner relies on Sridharan to teach the recited program having instructions that (1) when executed by a processing unit, implements a first MFE (e.g., NVGRE (network virtualization Generic Routing Encapsulation) router shown in Figure 5 as 509, 510 and Figure 10 at 1041—1044, discussed in Final Act. 11) and (2) receives a first packet from a second MFE from a particular source through a physical network outside the managed network (NVGRE routers 1041—1044 between host 1003—1005 and devices on network 1002, discussed in Final Act. 12). The Examiner further states Sridharan does not disclose the first or second logical ports or that the second logical port is “used only for egress traffic directed outside of the managed network” as recited, turning to Casado. Final Act. 13—14 (citing Casado 3—4). Appellants present arguments similar to claim 1. Among them, Appellants argue Casado only provides a general teaching related to logical ports and fails to address the specific features of the recited first and second logical ports. App. Br. 16—17. ISSUE Under § 103, has the Examiner erred in rejecting claim 6 by finding that Sridharan and Casado teach or suggest a medium storing a program which when executed by at least one processing unit of a host machine implements a first managed forwarding element. . . the program comprising sets of 9 Appeal 2017-008134 Application 14/068,658 instructions for: receiving a first packet from a second managed forwarding element, wherein the second managed forwarding element. . . performed logical processing on the first packet as having received the first packet at a first logical port of a logical router, the first logical port used for both ingress traffic received from outside the managed network and egress traffic directed outside the managed network . . . [and] performing logical processing on the second packet to logically send the packet to a second logical port of the logical router that is used only for egress traffic directed outside of the managed network[?] ANALYSIS Although the Examiner cites Sridharan—not Nilakantan—to teach some of the features of claim 6, the rejection still relies on Casado to teach the recitations related to the “first” and “second logical” ports. Final Act. 11—14; see also Ans. 7—8. As noted above, Casado’s general teaching of logical ports (e.g., ingress or egress ports) does not sufficiently teach or suggest to one skilled in the art the recited “first logical port used for both ingress traffic received from outside the managed network and egress traffic directed outside the managed network” in claim 6. We refer to the above analysis for details. Also, to the extent Sridharan teaches transmitting packets from a MFE to “a physical network element outside of the managed network” as recited (Final Act. 12 (citing Sridharan | 68 and discussing hosts 1003—1005 and corporate network 1002)), we agree this teaching does not sufficiently demonstrate transmitting packets to the physical network element using a connection “between the host machine and the physical network element that does not include any intervening managed forwarding elements” as recited. App. Br. 17—18. “In fact, the cited Figure 10 illustrates that a 10 Appeal 2017-008134 Application 14/068,658 virtual network gateway” having a NVGRE router “is located between” a host machine (e.g., 1003) and the physical network element (e.g., 1002). Id. at 18 (discussing Sridharan | 68, Fig. 10). To be sure, Sridharan also teaches delivering packets between hosts “without going through a separate virtual router on the datacenter network.'1'’ Sridharan 148 (emphasis added). Yet, the record does not clearly explain how paragraph 48’s teaching applies to sending packets to a destination host located outside the datacenter network, such as devices (e.g., computer 1 or Cl) on Figure 10’s corporate network 1002. Compare id. with id. 63—68, Fig. 10. As such, based on the record, Sridharan does not teach or suggest “transmitting the second packet directly from the” MFE “to the physical network element via a connection . . . between the host machine and the physical network element that does not include any intervening managed forwarding elements” in claim 6. For the foregoing reasons, Appellants have persuaded us of error in the rejection of (1) independent claim 6 and (2) dependent claims 7—11 for similar reasons. Claims 13—16 and 20—22 Independent claim 13 recites a method with similar recitations to claim 6 and is rejected similarly based on Sridharan and Casado. Final Act. 14—18. Appellants present analogous arguments for claim 13 as claim 6. App. Br. 18—22. We are persuaded of error for similar reasons to those previously discussed. Accordingly, Appellants have persuaded us of error in the rejection of (1) independent claim 13 and (2) dependent claims 14—16 and 20-22. 11 Appeal 2017-008134 Application 14/068,658 THE REMAINING OBVIOUSNESS REJECTIONS Claim 12 indirectly depends from claim 6 and is rejected under 35 U.S.C. § 103(a) (pre-AIA) or § 103 as unpatentable over Sridharan, Casado, and Sanden (Final Act. 24—25); claim 19 depends from claim 13 and is rejected under 35 U.S.C. § 103(a) (pre-AIA) or § 103 as unpatentable over Sridharan, Casado, and Kannan. Id. at 25—26. These rejections do not rely on Sanden or Kannan to illustrate the above-noted deficiencies of the Sridharan-Casado rejection. See id. at 24—26. As such, for reasons similar to those above for claims 6 and 13, we will not sustain the rejections of claims 12 and 19. DECISION We reverse the Examiner’s rejections of claims 1, 3—16, and 19—22 under § 103. Pending claims 17 and 18 have been objected to but would be allowable if rewritten in independent form to include all of the limitations of their base claim and any intervening claims. REVERSED 12 Copy with citationCopy as parenthetical citation