DYNAMIC DISTRIBUTION OF CLIENT DEVICES IN GATEWAY CLUSTER

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment The amendments filed on September 2nd, 2025 have been entered. Claims 1-2, 8, 10-11, 17, 19, 20, and 23 have been amended. Response to Arguments Applicant’s arguments filed on September 2nd, 2025 have been considered and persuasive. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1-5, 7-14, 16-20 and 22-23 are rejected under 35 U.S.C. 103 as being unpatentable over Hegde et al. (Pub. No. US 2020/0351182), hereinafter Hegde; in view of Srinivas et al. (Pub. No. US 2024/0073137), hereinafter Srinivas. Claim 1. Hegde discloses a method comprising: selecting, by an access node and for a client device, a first primary gateway and a first standby gateway from a list of gateways associated with a gateway cluster (See Parag. [0013-0014]; connected controller (e.g., a wireless controller, such as an access point (AP)) (an access node) determines, based on information provided by the new anchored device (client device), the appropriate anchor controller, and selects a BG (gateway) of the cluster to anchor the new anchored device to. The connected controller uses a characteristic of the new anchored device, such as a hash of a portion of the MAC address of the new anchored device, to look up a BG assignment from a bucketmap (selecting from a list of gateways associated with a gateway cluster). The connected controller may be able to access multiple bucketmaps or multiple sections of the bucketmap to select different assignments (such as assignment to a primary anchor controller (first primary gateway) and assignment to a secondary anchor controller (a first standby gateway)) … The connected controller may then send requests and/or commands to the new anchored device and to the assigned BG(s) to establish a tunnel between the new anchored device and its assigned BG(s) (first primary gateway and a first standby gateway). See Parag. [0015]; High availability can be achieved in a clustered scenario by assigning secondary anchor controllers (first standby gateway) and establishing independent tunnels between an anchored device and the primary and secondary anchor controllers. Then, when a BG fails, the anchored device can quickly failover to the secondary anchor controller using the heretofore idle secondary user tunnel. See also Parag. [0029] and Fig. 1); forwarding, by the access node, traffic from the client device to the first primary gateway (See Parag. [0013]; New client devices, such as laptops, mobile devices, IoT devices, etc., may anchor to a controller and transceive data with the wider network through a tunnel (e.g. a user tunnel) established between the new client device and the anchor controller; the user tunnel is established between an intermediary network infrastructure device (e.g. an access point) and the anchor controller. See Parag. [0065]; A network infrastructure device (access node) is a device that receives network traffic and forwards the network traffic to a destination); receiving, by the access node, a policy, wherein the policy is based on a change in a set of parameters associated with the gateway cluster (See Parag. [0018]; network orchestrator gathers operating health information for each branch gateway of the cluster, including, for example, process memory consumption, process memory leaks, central processing unit (CPU) load, CPU spinlock, CPU scheduling errors, process spinlock, fan status, device temperature, and power supply unit (PSU) status. The network orchestrator then compares each parameter of the operating health information to a set of thresholds. See also Parag. [0019-0021]; Each operating health class may trigger certain actions, including remapping one or more bucketmaps for user anchoring … bucketmaps may be transmitted to the access points for client device assignment (a policy based on a change in a set of parameters associated with the gateway cluster). See Parag. [0022]; if a branch gateway is added to the red class, indicating imminent device failure (change in a set of parameters associated with the gateway cluster), an updated bucketmap may be generated for the secondary user tunnels for existing devices connected to the cluster, excluding the now-red-class branch gateway… APs anchored to a now-red-class branch gateway may be instructed to switch over); and base on the policy: selecting, by the access node, the second primary gateway for the client device; redirecting, by the access node, traffic from the client device to the second primary gateway (See Parag. [0022-0021]; certain relevant bucketmaps may be transmitted to the access points for client device assignment … APs anchored to a now-red-class branch gateway may be instructed to switch over to their respective secondary AP tunnels. See also Parag. [0015]; High availability can be achieved in a clustered scenario by assigning secondary anchor controllers and establishing independent tunnels between an anchored device and the primary and secondary anchor controllers. Then, when a BG fails, the anchored device can quickly failover to the secondary anchor controller using the heretofore idle secondary user tunnel). Hegde doesn’t explicitly disclose the traffic as both a control traffic and a data traffic; the policy designating: a subset of the gateways for a particular type of control operation, the subset of the gateways designated by the policy comprising the first primary gateway, and a second primary gateway for the client device; and based on the policy: redirecting, by the access node, the data traffic from the client device to the second primary gateway, and forwarding, by the access node, the control traffic of the particular type of control operation from the client device to the first primary gateway. However, Srinivas discloses: the traffic as both a control traffic and a data traffic (See Abstract; forwarding control and data plane messages in an SD-PMN that includes a split control plane architecture ... determines the first and second data messages are a control plane first message and a data plane second message … forwards the control plane first message to the AMF at the branch site and the data plane second message to the UPF at the branch site. See Parag. [0037]; The access nodes 122 and 152 in the local RAN's 120 and 150 receive control plane and data plane data message traffic from the user device 130-135); the policy designating: a subset of the gateways for a particular type of control operation, the subset of the gateways designated by the policy comprising the first primary gateway, and a second primary gateway for the client device (See Parag. [0047]; Each of the branch sites 310-314 includes a respective gateway list 370, 372, and 374 provided to the SD-WAN edge routers 330-334 for use in connecting their respective branch sites 310-314 to resources 360 located in the PoPs 320-324, with each gateway list 370-374 including a primary gateway and a secondary gateway. See Parag. [0039]; The security gateways 124 and 154 decapsulate the received encapsulated data message traffic, and depending on the traffic type (i.e., control traffic or dataplane traffic), forward the data message traffic as IP traffic to either their respective UPFs 126 and 156 (second primary gateway), or their respective AMFs/SMFs 128 and 158 (the first primary gateway). See Parag. [0057]); and based on the policy: selecting, by the access node, the second primary gateway for the client device (See Parag. [0039]; The security gateways 124 and 154 decapsulate the received encapsulated data message traffic, and depending on the traffic type (i.e., control traffic or dataplane traffic), forward the data message traffic as IP traffic to either their respective UPFs 126 and 156 (second primary gateway), or their respective AMFs/SMFs 128 and 158 … The UPFs 126 and 156 handle data plane traffic), redirecting, by the access node, the data traffic from the client device to the second primary gateway (See Parag. [0039]; forward the data message traffic as IP traffic to either their respective UPFs 126 and 156, or their respective AMFs/SMFs 128 and 158 … The UPFs 126 and 156 (second primary gateway) handle data plane traffic. See also Parag. [0048]), and forwarding, by the access node, the control traffic of the particular type of control operation from the client device to the first primary gateway (See Parag. [0039]; forward the data message traffic as IP traffic to either their respective UPFs 126 and 156, or their respective AMFs/SMFs 128 and 158 … the AMFs/SMFs 128 and 158 are responsible for control plane traffic. See also Parag. [0048]). It would be obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify the policy, taught by Hegde, to designate a subset of the gateways for a particular type of control operation, the subset of the gateways designated by the policy comprising the first primary gateway, and a second primary gateway for the client device; and based on the policy: redirecting, by the access node, the data traffic from the client device to the second primary gateway, and forwarding, by the access node, the control traffic of the particular type of control operation from the client device to the first primary gateway, as taught by Srinivas. This would be convenient to implementing a software-defined private mobile network (SD-PMN) for an entity (Srinivas, Parag. [0002]). Claim 2. Hegde in view of Srinivas discloses the method of claim 1, Hegde further discloses wherein the set of parameters indicates one or more of: a traffic load of a gateway, a number of client devices served by the gateway, a processing response time for traffic, or a processor utility level of the gateway (See Parag. [0018]; network orchestrator gathers operating health information for each branch gateway of the cluster, including, for example, process memory consumption, process memory leaks, central processing unit (CPU) load, CPU spinlock, CPU scheduling errors, process spinlock, fan status, device temperature, and power supply unit (PSU) status. The network orchestrator then compares each parameter of the operating health information to a set of thresholds). Claim 3. Hegde in view of Srinivas discloses the method of claim 2, Hegde further discloses wherein the policy is generated in response to a parameter of the set of parameters reaching a threshold (See Parag. [0018]; The network orchestrator compares each parameter of the operating health information to a set of thresholds… See Also Parag. [0019]; Each threshold is associated with an operating health class of a set of operating health classes. Operating health classes categorize the health of each branch gateway… See Parag. [0020]. See Parag. [0021]; Each operating health class may trigger certain actions, including remapping one or more bucketmaps for user anchoring…). Claim 4. Hegde in view of Srinivas discloses the method of claim 1, Hegde further discloses wherein the access node is one of: an access switch or a wireless access point (AP), and wherein the access node wirelessly couples to the client device (See Parag. [0013-0014]; connected controller (e.g., a wireless controller, such as an access point (AP))). Claim 5. Hegde in view of Srinivas discloses the method of claim 1, Hegde further discloses: wherein the list of gateways is indicated in a bucket map published by a leader gateway of the gateway cluster (See Parag. [0021]; certain relevant bucketmaps (list of gateways) may be transmitted to the access points for client device assignment. See Parag. [0054]; FIG. 5 is an illustration of an example leader branch gateway of a cluster of branch gateways of a SD-WAN. As previously mentioned, actions and operations described in this disclosure can be executed on a leader branch gateway, and wherein the selecting of the first primary gateway comprises: applying a binary logical operation to an identifier of the client device to determine an index; and determining that the first primary gateway corresponds to the index in the bucket map (See Parag. [0013-0014]; connected controller determines, based on information provided by the new anchored device (client device), the appropriate anchor controller, and selects a BG of the cluster to anchor the new anchored device to. The connected controller uses a characteristic of the new anchored device, such as a hash of a portion of the MAC address of the new anchored device (an identifier of the client device), to look up a BG assignment from a bucketmap. See Parag. [0030]; a bucketmap may include primary anchor controller assignments for each hashed final byte of a new device's MAC address). Claim 7. Hegde in view of Srinivas discloses the method of claim 1, Hegde doesn’t explicitly disclose wherein the policy designates the subset of the gateways for an authentication operation for the client device, and wherein the control traffic forwarded by the access node from the client device to the first primary gateway comprises control traffic for the authentication operation. However, Srinivas discloses wherein the policy designates the subset of the gateways for an authentication operation for the client device, and wherein the control traffic forwarded by the access node from the client device to the first primary gateway comprises control traffic for the authentication operation (See Parag. [0054]; a control message (e.g., an authentication request)). Claim 8. Hegde in view of Srinivas discloses the method of claim 1, Hegde doesn’t explicitly disclose wherein the policy specifies that another gateway of the list of gateways is to be used as the second primary gateway for the client device, the method further comprising: based on the policy, synchronizing, by the first primary gateway with the second primary gateway, a state associated with the client device and maintained at the first primary gateway. However, Srinivas discloses wherein the policy specifies that another gateway of the list of gateways is to be used as the second primary gateway for the client device, the method further comprising: based on the policy, synchronizing, by the first primary gateway with the second primary gateway, a state associated with the client device and maintained at the first primary gateway (See Parag. [0047]; Each of the branch sites 310-314 includes a respective gateway list 370, 372, and 374 provided to the SD-WAN edge routers 330-334 for use in connecting their respective branch sites 310-314 to resources 360 located in the PoPs 320-324, with each gateway list 370-374 including a primary gateway and a secondary gateway ...). Claim 9. Hegde in view of Srinivas discloses the method of claim 1, Hegde discloses the method further comprising applying, by the access node, a selection mechanism to the subset of gateways to determine the second primary gateway, wherein the selection mechanism is based on one of: a hash function applied to an identifier of the client device, or a priority value associated with a respective gateway of the subset of gateways (See Parag. [0014]; The connected controller uses a characteristic of the new anchored device, such as a hash of a portion of the MAC address of the new anchored device (a hash function applicable to the identifier of the client device), to look up a BG assignment from a bucketmap. The connected controller may be able to access multiple bucketmaps or multiple sections of the bucketmap to select different assignments (such as assignment to a primary anchor controller and assignment to a secondary anchor controller)). Claim 10. Hegde in view of Srinivas discloses the method of claim 1, Srinivas further discloses wherein the policy designates the subset of the gateways for an intrusion detection operation, an intrusion prevention operation, or an anti-virus scanning operation for the client device, and wherein the control traffic forwarded by the access node from the client device to the first primary gateway comprises control traffic for the intrusion detection operation, the intrusion prevention operation, or the anti-virus scanning operation (See Parag. [0039]; The security gateways 124 and 154 decapsulate the received encapsulated data message traffic, and depending on the traffic type (i.e., control traffic or dataplane traffic), forward the data message traffic as IP traffic to either their respective UPFs 126 and 156, or their respective AMFs/SMFs 128 and 158). Claim 11. Hegde discloses a non-transitory computer-readable storage medium storing instructions that when executed cause a system comprising an access node of a network to: (See Parag. [0013]; network infrastructure device (e.g. an access point). Note: An access point is a networking hardware device) select, by the access node for a client device, a first primary gateway and a first standby gateway from a list of gateways associated with a gateway cluster (See Parag. [0013-0014]; connected controller (e.g., a wireless controller, such as an access point (AP)) (an access node) determines, based on information provided by the new anchored device (client device), the appropriate anchor controller, and selects a BG (gateway) of the cluster to anchor the new anchored device to. The connected controller uses a characteristic of the new anchored device, such as a hash of a portion of the MAC address of the new anchored device (an identifier of the client device), to look up a BG assignment from a bucketmap (selecting from a list of gateways associated with a gateway cluster). The connected controller may be able to access multiple bucketmaps or multiple sections of the bucketmap to select different assignments (such as assignment to a primary anchor controller (first primary gateway) and assignment to a secondary anchor controller (a first standby gateway)) … The connected controller may then send requests and/or commands to the new anchored device and to the assigned BG(s) to establish a tunnel between the new anchored device and its assigned BG(s) (first primary gateway and a first standby gateway). See Parag. [0015]; High availability can be achieved in a clustered scenario by assigning secondary anchor controllers (first standby gateway) and establishing independent tunnels between an anchored device and the primary and secondary anchor controllers. Then, when a BG fails, the anchored device can quickly failover to the secondary anchor controller using the heretofore idle secondary user tunnel. See also Parag. [0029] and Fig. 1); forward, by the access node, traffic from the client device to the first primary gateway (See Parag. [0013]; New client devices, such as laptops, mobile devices, IoT devices, etc., may anchor to a controller and transceive data with the wider network through a tunnel (e.g. a user tunnel) established between the new client device and the anchor controller; the user tunnel is established between an intermediary network infrastructure device (e.g. an access point) and the anchor controller. See Parag. [0065]; A network infrastructure device (access node) is a device that receives network traffic and forwards the network traffic to a destination); receive, at the access node, a policy, wherein the policy is based on a change in a set of parameters associated with the gateway cluster (See Parag. [0018]; network orchestrator gathers operating health information for each branch gateway of the cluster, including, for example, process memory consumption, process memory leaks, central processing unit (CPU) load, CPU spinlock, CPU scheduling errors, process spinlock, fan status, device temperature, and power supply unit (PSU) status. The network orchestrator then compares each parameter of the operating health information to a set of thresholds. See also Parag. [0019-0021]; Each operating health class may trigger certain actions, including remapping one or more bucketmaps for user anchoring … bucketmaps may be transmitted to the access points for client device assignment (a policy based on a change in a set of parameters associated with the gateway cluster). See Parag. [0022]; if a branch gateway is added to the red class, indicating imminent device failure (change in a set of parameters associated with the gateway cluster), an updated bucketmap may be generated for the secondary user tunnels for existing devices connected to the cluster, excluding the now-red-class branch gateway… APs anchored to a now-red-class branch gateway may be instructed to switch over); and based on the policy: select, by the access node, the second primary gateway for the client device; and redirect, by the access node, the traffic from the client device to the second primary gateway (See Parag. [0022]; APs anchored to a now-red-class branch gateway may be instructed to switch over to their respective secondary AP tunnels. See also Parag. [0015]; High availability can be achieved in a clustered scenario by assigning secondary anchor controllers and establishing independent tunnels between an anchored device and the primary and secondary anchor controllers. Then, when a BG fails, the anchored device can quickly failover to the secondary anchor controller using the heretofore idle secondary user tunnel). Hegde doesn’t explicitly disclose the traffic as both a control traffic and a data traffic; the policy designating: a subset of the gateways for a particular type of control operation, the subset of the gateways designated by the policy comprising the first primary gateway, and a second primary gateway for the client device; and based on the policy: redirect, by the access node, the data traffic from the client device to the second primary gateway, and forward, by the access node, the control traffic of the particular type of control operation from the client device to the first primary gateway. However, Srinivas discloses: the traffic as both a control traffic and a data traffic (See Abstract; forwarding control and f data plane messages in an SD-PMN that includes a split control plane architecture ... determines the first and second data messages are a control plane first message and a data plane second message … forwards the control plane first message to the AMF at the branch site and the data plane second message to the UPF at the branch site. See Parag. [0037]; The access nodes 122 and 152 in the local RAN's 120 and 150 receive control plane and data plane data message traffic from the user device 130-135); the policy designating: a subset of the gateways for a particular type of control operation, the subset of the gateways designated by the policy comprising the first primary gateway, and a second primary gateway for the client device (See Parag. [0047]; Each of the branch sites 310-314 includes a respective gateway list 370, 372, and 374 provided to the SD-WAN edge routers 330-334 for use in connecting their respective branch sites 310-314 to resources 360 located in the PoPs 320-324, with each gateway list 370-374 including a primary gateway and a secondary gateway. See Parag. [0039]; The security gateways 124 and 154 decapsulate the received encapsulated data message traffic, and depending on the traffic type (i.e., control traffic or dataplane traffic), forward the data message traffic as IP traffic to either their respective UPFs 126 and 156 (second primary gateway), or their respective AMFs/SMFs 128 and 158 (the first primary gateway). See Parag. [0057]); and based on the policy: select, by the access node, the second primary gateway for the client device (See Parag. [0039]; The security gateways 124 and 154 decapsulate the received encapsulated data message traffic, and depending on the traffic type (i.e., control traffic or dataplane traffic), forward the data message traffic as IP traffic to either their respective UPFs 126 and 156 (second primary gateway), or their respective AMFs/SMFs 128 and 158 … The UPFs 126 and 156 handle data plane traffic), redirect, by the access node, the data traffic from the client device to the second primary gateway (See Parag. [0039]; forward the data message traffic as IP traffic to either their respective UPFs 126 and 156, or their respective AMFs/SMFs 128 and 158 … The UPFs 126 and 156 (second primary gateway) handle data plane traffic. See also Parag. [0048]), and forward, by the access node, the control traffic of the particular type of control operation from the client device to the first primary gateway (See Parag. [0039]; forward the data message traffic as IP traffic to either their respective UPFs 126 and 156, or their respective AMFs/SMFs 128 and 158 … the AMFs/SMFs 128 and 158 are responsible for control plane traffic. See also Parag. [0048]). It would be obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify the policy, taught by Hegde, to designate a subset of the gateways for a particular type of control operation, the subset of the gateways designated by the policy comprising the first primary gateway, and a second primary gateway for the client device; and based on the policy: redirecting, by the access node, the data traffic from the client device to the second primary gateway, and forwarding, by the access node, the control traffic of the particular type of control operation from the client device to the first primary gateway, as taught by Srinivas. This would be convenient to implementing a software-defined private mobile network (SD-PMN) for an entity (Srinivas, Parag. [0002]). Claim 12. Hegde in view of Srinivas discloses the non-transitory computer-readable storage medium of claim 11, Hegde further discloses wherein the set of parameters indicates one or more of: a traffic load of a gateway, a number of client devices served by the gateway, or a processor utility level of the gateway (See Parag. [0018]; network orchestrator gathers operating health information for each branch gateway of the cluster, including, for example, process memory consumption, process memory leaks, central processing unit (CPU) load, CPU spinlock, CPU scheduling errors, process spinlock, fan status, device temperature, and power supply unit (PSU) status. The network orchestrator then compares each parameter of the operating health information to a set of thresholds), and wherein the policy is generated in response to a parameter of the set of parameters reaching a threshold (See Parag. [0019]; Each threshold is associated with an operating health class of a set of operating health classes. Operating health classes categorize the health of each branch gateway… See Parag. [0020]. See Parag. [0021]; Each operating health class may trigger certain actions, including remapping one or more bucketmaps for user anchoring…). Claim 13-14 is taught by Hegde in view of Srinivas as described for claims 4-5, respectively. Claim 16 is taught by Hegde in view of Srinivas as described for claims 7. Claim 17 is taught by Hegde in view of Srinivas as described for claims 10. Claim 18 is taught by Hegde in view of Srinivas as described for claims 9. Claim 19. Hegde in view of Srinivas discloses the non-transitory computer-readable storage medium of claim 17, Hegde doesn’t explicitly disclose wherein the policy specifies that another gateway of the list of gateways is to be used as the second primary gateway for the client device, and wherein the instructions upon execution cause the system to further: based on the policy, synchronize, by the first primary gateway with the second primary gateway, a state associated with the client device and maintained at the first primary gateway, the state comprising a virtual local area network (VLAN) mapping associated with the client device. However, Srinivas discloses wherein the policy specifies that another gateway of the list of gateways is to be used as the second primary gateway for the client device, and wherein the instructions upon execution cause the system to further: based on the policy, synchronize, by the first primary gateway with the second primary gateway, a state associated with the client device and maintained at the first primary gateway, the state comprising a virtual local area network (VLAN) mapping associated with the client device (See Parag. [0047]; Each of the branch sites 310-314 includes a respective gateway list 370, 372, and 374 provided to the SD-WAN edge routers 330-334 for use in connecting their respective branch sites 310-314 to resources 360 located in the PoPs 320-324, with each gateway list 370-374 including a primary gateway and a secondary gateway. See Parag. [0066]; For devices that are authorized, the SMF 875 then communicates with the UPF 860 to have the UPF 860 set up a bearer for the new user device to enable the new user device to use the SD-PMN. The UPF 860 and 865 then provides the user device with an IP address, enables a particular QoS (quality of service) for the user device's communications, and indicates which subnets (e.g., VLANs) to put the user device's traffic on). Claim 20. Hegde discloses [a]n access node comprising: a hardware processor; a non-transitory storage medium storing instructions executable on the hardware processor to (See Parag. [0013]; network infrastructure device (e.g. an access point). Note: An access point is a networking hardware device): select, for a client device, a first primary gateway and a first standby gateway from a list of gateways associated with a gateway cluster (See Parag. [0013-0014]; connected controller (e.g., a wireless controller, such as an access point (AP)) (an access node) determines, based on information provided by the new anchored device (client device), the appropriate anchor controller, and selects a BG (gateway) of the cluster to anchor the new anchored device to. The connected controller uses a characteristic of the new anchored device, such as a hash of a portion of the MAC address of the new anchored device (an identifier of the client device), to look up a BG assignment from a bucketmap (selecting from a list of gateways associated with a gateway cluster). The connected controller may be able to access multiple bucketmaps or multiple sections of the bucketmap to select different assignments (such as assignment to a primary anchor controller (first primary gateway) and assignment to a secondary anchor controller (a first standby gateway)) … The connected controller may then send requests and/or commands to the new anchored device and to the assigned BG(s) to establish a tunnel between the new anchored device and its assigned BG(s) (first primary gateway and a first standby gateway). See Parag. [0015]; High availability can be achieved in a clustered scenario by assigning secondary anchor controllers (first standby gateway) and establishing independent tunnels between an anchored device and the primary and secondary anchor controllers. Then, when a BG fails, the anchored device can quickly failover to the secondary anchor controller using the heretofore idle secondary user tunnel. See also Parag. [0029] and Fig. 1); forward, by the access node, traffic from the client device to the first primary gateway (See Parag. [0013]; New client devices, such as laptops, mobile devices, IoT devices, etc., may anchor to a controller and transceive data with the wider network through a tunnel (e.g. a user tunnel) established between the new client device and the anchor controller; the user tunnel is established between an intermediary network infrastructure device (e.g. an access point) and the anchor controller. See Parag. [0065]; A network infrastructure device (access node) is a device that receives network traffic and forwards the network traffic to a destination); receive, at the access node, a policy, wherein the policy is based on a change in a set of parameters associated with the gateway cluster (See Parag. [0018]; network orchestrator gathers operating health information for each branch gateway of the cluster, including, for example, process memory consumption, process memory leaks, central processing unit (CPU) load, CPU spinlock, CPU scheduling errors, process spinlock, fan status, device temperature, and power supply unit (PSU) status. The network orchestrator then compares each parameter of the operating health information to a set of thresholds. See also Parag. [0019-0021]; Each operating health class may trigger certain actions, including remapping one or more bucketmaps for user anchoring … bucketmaps may be transmitted to the access points for client device assignment (a policy based on a change in a set of parameters associated with the gateway cluster). See Parag. [0022]; if a branch gateway is added to the red class, indicating imminent device failure (change in a set of parameters associated with the gateway cluster), an updated bucketmap may be generated for the secondary user tunnels for existing devices connected to the cluster, excluding the now-red-class branch gateway… APs anchored to a now-red-class branch gateway may be instructed to switch over), and based on the policy: select the second primary gateway for the client device; redirect, by the access node, the traffic from the client device to the second primary gateway (See Parag. [0022]; APs anchored to a now-red-class branch gateway may be instructed to switch over to their respective secondary AP tunnels. See also Parag. [0015]; High availability can be achieved in a clustered scenario by assigning secondary anchor controllers and establishing independent tunnels between an anchored device and the primary and secondary anchor controllers. Then, when a BG fails, the anchored device can quickly failover to the secondary anchor controller using the heretofore idle secondary user tunnel). Hegde doesn’t explicitly disclose the traffic as both a control traffic and a data traffic; the policy designating: a subset of the gateways for a particular type of control operation, the subset of the gateways designated by the policy comprising the first primary gateway, and a second primary gateway for the client device; and based on the policy: redirect, by the access node, the data traffic from the client device to the second primary gateway, and forward, by the access node, the control traffic of the particular type of control operation from the client device to the first primary gateway. However, Srinivas discloses: the traffic as both a control traffic and a data traffic (See Abstract; forwarding control and f data plane messages in an SD-PMN that includes a split control plane architecture ... determines the first and second data messages are a control plane first message and a data plane second message … forwards the control plane first message to the AMF at the branch site and the data plane second message to the UPF at the branch site. See Parag. [0037]; The access nodes 122 and 152 in the local RAN's 120 and 150 receive control plane and data plane data message traffic from the user device 130-135); the policy designating: a subset of the gateways for a particular type of control operation, the subset of the gateways designated by the policy comprising the first primary gateway, and a second primary gateway for the client device (See Parag. [0047]; Each of the branch sites 310-314 includes a respective gateway list 370, 372, and 374 provided to the SD-WAN edge routers 330-334 for use in connecting their respective branch sites 310-314 to resources 360 located in the PoPs 320-324, with each gateway list 370-374 including a primary gateway and a secondary gateway. See Parag. [0039]; The security gateways 124 and 154 decapsulate the received encapsulated data message traffic, and depending on the traffic type (i.e., control traffic or dataplane traffic), forward the data message traffic as IP traffic to either their respective UPFs 126 and 156 (second primary gateway), or their respective AMFs/SMFs 128 and 158 (the first primary gateway). See Parag. [0057]); and based on the policy: select, by the access node, the second primary gateway for the client device (See Parag. [0039]; The security gateways 124 and 154 decapsulate the received encapsulated data message traffic, and depending on the traffic type (i.e., control traffic or dataplane traffic), forward the data message traffic as IP traffic to either their respective UPFs 126 and 156 (second primary gateway), or their respective AMFs/SMFs 128 and 158 … The UPFs 126 and 156 handle data plane traffic), redirect, by the access node, the data traffic from the client device to the second primary gateway (See Parag. [0039]; forward the data message traffic as IP traffic to either their respective UPFs 126 and 156, or their respective AMFs/SMFs 128 and 158 … The UPFs 126 and 156 (second primary gateway) handle data plane traffic. See also Parag. [0048]), and forward, by the access node, the control traffic of the particular type of control operation from the client device to the first primary gateway (See Parag. [0039]; forward the data message traffic as IP traffic to either their respective UPFs 126 and 156, or their respective AMFs/SMFs 128 and 158 … the AMFs/SMFs 128 and 158 are responsible for control plane traffic. See also Parag. [0048]). It would be obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify the policy, taught by Hegde, to designate a subset of the gateways for a particular type of control operation, the subset of the gateways designated by the policy comprising the first primary gateway, and a second primary gateway for the client device; and based on the policy: redirecting, by the access node, the data traffic from the client device to the second primary gateway, and forwarding, by the access node, the control traffic of the particular type of control operation from the client device to the first primary gateway, as taught by Srinivas. This would be convenient to implementing a software-defined private mobile network (SD-PMN) for an entity (Srinivas, Parag. [0002]). Claim 22. Hegde in view of Srinivas discloses the method of claim 1, Hegde discloses the method further comprising, detecting, by the access node, a second client device; sending, by the access node and based on the list of gateways, a message indicating the presence of the second client device to the first primary gateway (See Parag. [0013]; when a new anchored device, such as a client device or an access point, joins a branch of a SD-WAN, the anchored device requires connections with a branch gateway (BG) for use of at least two services provided by the BG … New client devices that are connected to network infrastructure device, such as an access point, may be assigned an anchor controller by the access point, which retains one or more bucketmaps for assigning anchor controllers to client devices. The subsequently established user tunnels may pass through the access point to the destination anchor controller. See also Parag. [0036]); and forwarding, by the access node and based on the policy, traffic from the second client device to the second primary gateway (See Parag. [0022]; APs anchored to a now-red-class branch gateway may be instructed to switch over to their respective secondary AP tunnels. See also Parag. [0015]; High availability can be achieved in a clustered scenario by assigning secondary anchor controllers and establishing independent tunnels between an anchored device and the primary and secondary anchor controllers. Then, when a BG fails, the anchored device can quickly failover to the secondary anchor controller using the heretofore idle secondary user tunnel). Hegde doesn’t explicitly disclose forwarding data traffic. However, Srinivas discloses forwarding data traffic from the second client device to the second primary gateway (See Parag. [0039]; forward the data message traffic as IP traffic to either their respective UPFs 126 and 156, or their respective AMFs/SMFs 128 and 158 … The UPFs 126 and 156 (second primary gateway) handle data plane traffic. See also Parag. [0048]). Claim 23. Hegde in view of Srinivas discloses the method of claim 8, Hegde doesn’t explicitly disclose wherein the state associated with the client device synchronized with the second primary gateway comprises a virtual local area network (VLAN) mapping associated with the client device However, Srinivas discloses wherein the state associated with the client device synchronized with the second primary gateway comprises a virtual local area network (VLAN) mapping associated with the client device (See Parag. [0066]; For devices that are authorized, the SMF 875 then communicates with the UPF 860 to have the UPF 860 set up a bearer for the new user device to enable the new user device to use the SD-PMN. The UPF 860 and 865 then provides the user device with an IP address, enables a particular QoS (quality of service) for the user device's communications, and indicates which subnets (e.g., VLANs) to put the user device's traffic on). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Dodd-Noble et al. (Patent No. US 12,317,347) – Related art in the area of telecommunications technology, (Abstract; In one example, a first connectivity request for a first network connection between a user equipment and a first network is obtained. A control plane serving gateway node for the first network connection is selected. The control plane serving gateway node is co-located with a control plane packet data network gateway node configured to support a second network connection between the user equipment and a second network that is different from the first network. A second connectivity request for the second network connection is obtained. The second network connection is established with the control plane serving gateway node and the control plane packet data network gateway node). Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDELBASST TALIOUA whose telephone number is (571)272-4061. The examiner can normally be reached on Monday-Thursday 7:30 am - 5:30 pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar Louie can be reached on 571-270-1684. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Abdelbasst Talioua/Examiner, Art Unit 2445