Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsCisco Technology Inc. › 18448873
Last updated: April 19, 2026
Application No. 18/448,873

SOFTWARE DEFINED BRANCH SINGLE INTERNET PROTOCOL ORCHESTRATION

Final Rejection §103§DP
Filed
Aug 11, 2023
Examiner
NAJI, YOUNES
Art Unit
2445
Tech Center
2400 — Computer Networks
Assignee
Cisco Technology Inc.
OA Round
2 (Final)
75%
Grant Probability
Favorable
3-4
OA Rounds
3y 1m
To Grant
99%
With Interview

Interview Optional

+72.8% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 437 resolved cases, 2023–2026

Examiner Intelligence

NAJI, YOUNES View full profile →
Grants 75% — above average
75%
Career Allow Rate
327 granted / 437 resolved
+16.8% vs TC avg
Strong +73% interview lift
Without
With
+72.8%
Interview Lift
resolved cases with interview
Typical timeline
3y 1m
Avg Prosecution
51 currently pending
Career history
488
Total Applications
across all art units

Statute-Specific Performance

§101
8.4%
-31.6% vs TC avg
§103
49.9%
+9.9% vs TC avg
§102
14.9%
-25.1% vs TC avg
§112
17.9%
-22.1% vs TC avg
Black line = Tech Center average estimate • Based on career data from 437 resolved cases

Office Action

§103 §DP
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to Applicant’s communication filed on 11/13/2025. Claims 1-20 have been examined. Response to Arguments With regards to Double Patenting rejection, Applicant filed a Terminal Disclaimer (TD). Therefore, the rejection is withdrawn. Applicant’s argument #1 Applicant argues that Chang does not explicitly teach that the secure tunnel agent is between a network device and an orchestrator, wherein the secure tunnel agent and the orchestrator are part of the same virtualized infrastructure of a virtual branch site. Examiner Response to Applicant’s Argument #1 The examiner respectfully disagrees. Chang teaches that the private cloud agent can be configured as a VM or network appliance that can be used to establish a tunnel endpoint for the secure tunnels. The private cloud agent can be used for instantiating the public cloud evaluation agent in the public cloud. The private cloud agent can capture network performance measurement between the private cloud and the pubic cloud using the secure tunnel. The Private cloud 102 can also include a hybrid cloud orchestration engine 120, which can be a management plane VM for auto-provisioning resources within the hybrid cloud environment 100. The hybrid cloud orchestration engine 120 can be a management platform running in the private cloud 102, and may be responsible for providing hybrid cloud operations, translating between private cloud and public cloud interfaces, managing cloud resources, instantiating cloud gateways and cloud VMs though a private virtualization platform. The hybrid cloud orchestration engine 120 may also monitor the health of all of the components of the network ( e.g., cloud gateways, VMs, and tunnels) (¶0026, ¶ 0036, Fig.2) Therefore, Chang teaches the private cloud agent ( secure tunnel agent) establish a tunnel endpoint for the secure tunnels from the private cloud. The private cloud agent resides between the network appliance gateway ( network device) and an orchestration engine (orchestrator) , wherein the private cloud agent and the orchestration engine are part of the same private cloud infrastructure. The private cloud acts as localized virtualized environment for these components which can be equivalent to a virtual branch site. Applicant’s argument #2 Applicant’s argues that the combination of Joshi and Chang is erroneous. Examiner Response to Applicant’s Argument #2 Applicant relied on his argument is that the combination of Joshi and Chang can be summarized into reducing VRRP traffic and choosing clouds which is different from management plane survivability with single IP orchestration at a virtual branch – See Remarks – Page 9. In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007). In this case, the examiner respectfully disagrees. The cited arts are combinable. Joshi’s invention provides a redundant asset of physical gateway devices that operate in a single logical virtual router, ensuring that when one of the physical gateway device fails, a backup gateway device in the redundant set can assume the gateway functions transparently ( Abstract, ¶0003) . Chang’s invention is drawn to implementing high availability by managing network and security policies of the overlay network using an active-standby model to ensure high availability (¶ 0025). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Joshi to include the teachings of Chang. The motivation for doing so is to allow system to monitor the health of all of the components of the network and any component failures to ensure high availability of those components (¶ 0026, ¶ 0030 – Chang). By monitoring all the component of the network, Chang’s orchestration engine can detect component failures or performance drops and automatically migrate workloads to ensure high availability. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-4,7-11,14-18 are rejected under 35 U.S.C. 103 as being unpatentable over Joshi et al. Publication No. US 2011/0141881 A1 ( Joshi hereinafter) in view of Chang et al. Publication No. US 2018/0373558 A1 ( Chang hereinafter) further in view Asati et al. Publication No. US 2018/0293363 A1 (Asati hereinafter). Regarding claim 1, Joshi teaches a method comprising: managing reachability of a single IP address on the virtual router for the virtual branch site; controlling use of the single IP address between the network appliance and the virtual router based on the reachability of the virtual router to maintain a connection between the orchestrator and the virtual branch site through [..] an agent when the virtual router in unreachable (Fig.1-3, ¶ 0019 - FIG. 1 is a diagram of an exemplary system in which concepts described herein may be implemented. System may include a number of physical or logical networks. As particularly shown, system may include a network connected to one or more additional networks, such as VLANs collectively referred to as VLANs) and a computing device – ¶ 0028 - Nodes configured to act as a gateway, such as one of gateways, to network. In one implementation, multiple nodes may be configured as a virtual router that acts as a gateway for VLAN. The multi node virtual router may be assigned a single IP address that is the gateway address for VLAN. Further, one node in virtual router may be designed as the master node, which will act as the actual gateway device, while the other nodes may be the backup devices. Devices may send packets that are destined to an external network, such as network, to this address. If the master node in virtual router fails, a backup node may take over as the new master node for virtual router. From the point of view of devices, the failure of the first master node should not be noticed, as the devices continue to send out-of-VLAN data units to use the same gateway address – ¶0030 - The increased reliability may be achieved by advertising virtual router (an abstract representation of master and backup routers acting as a group) as a default gateway instead of one physical router. Two or more nodes may be configured to stand for the virtual router, with only one doing the actual routing at any given time. If the current physical node that is routing the data on behalf of the virtual router fails, a backup node may automatically replace it. Note: controlling use of the single IP address between Virtual router and gateway device based on reachability of the virtual router to maintain connection between server computer 205 (orchestrator) and VLAN (virtual branch site) through switching/routing components (agent) that transmit the data to server computer 205 when the master gateway inside the virtual router is unreachable). However, Joshi does not explicitly teach that the agent is a secure tunnel agent establishing, by a network appliance implemented through a virtualized infrastructure of the virtual branch site, a secure tunnel agent to an orchestrator. The secure agent and the orchestrator being components of the virtualized infrastructure of the virtual branch site, wherein the network appliance is a network function virtualization infrastructure software ( NFVIS). Chang teaches establishing, by a network appliance implemented through a virtualized infrastructure of the virtual branch site, a secure tunnel agent to an orchestrator. The secure agent and the orchestrator being components of the virtualized infrastructure of the virtual branch site ( Fig.1-3 - ¶0024 - The private cloud and public cloud can be connected via a secure site-to-site tunnel between a private cloud gateway and a public cloud gateway. The private cloud gateway can be configured as a VM for extending the private cloud across the Internet to the public cloud 104 through the secure site-to-site tunnel. The public cloud gateway can be configured as a VM switch overlay for interconnecting workloads running in the public cloud via secure access tunnels, and for forwarding network traffic to the private network using the site-to site tunnel ¶0036 - The private cloud agent can be configured as a VM or a network appliance that can be used to establish a tunnel endpoint for the secure tunnels from the private cloud. The private cloud agent can also be used for instantiating the public cloud evaluation agents in the public clouds. ¶0030 - the public cloud gateway can establish, from the public cloud , the secure site-to-site tunnel to interconnect with the private cloud gateway , secure access tunnels to connect public cloud VMs, and monitor and report statistics for the public cloud VMs and any component failures in the public cloud. the public cloud gateway can include a cloud virtual switch or cloud Virtual Ethernet Module that communicates with the VSM to retrieve VM-specific network policies (e.g., port profiles), switches network traffic between public cloud VMs, switches network traffic between public cloud VMs and the private cloud , applies network policies, and monitors and reports related statistics - Some example embodiments may establish the secure transport layer tunnel (e.g. DTLS, SSL) over the public network, and can build a secure L2 switch overlay that interconnects public cloud resources with private clouds ( e.g., enterprise network backbones). In other words, the secure transport layer tunnel can provide a link layer network extension between the private cloud and the public cloud - Note: the examiner interprets the branch site as equivalent to virtual public cloud and secure agent as equivalent to cloud agent within the gateway that establish the secure tunnel between public cloud and orchestration engine within the private cloud) . It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Joshi to include the teachings of Chang. The motivation for doing so is to allow system to monitor the health of all of the components of the network and any component failures to ensure high availability of those components. (¶ 0026, ¶ 0030 – Chang). Joshi in view of Chang does not explicitly teach that the network appliance is NFVIS. However, Asati teaches network appliance is a Network Function Virtualization Infrastructure Software (NFVIS) (¶0014 - In an NFV environment, a VNF handles specific network functions that run on one or more virtual machines (VMs) on top of the hardware networking infrastructure in routers, switches, gateways, firewalls, etc. Individual virtual network functions can be connected or combined together as building blocks to offer a full-scale networking communication service ¶0016 - A Network Functions Virtualization Infrastructure Software (NFVIS) platform facilitates the deployment and operation of VNFs and hardware components. X-86-based compute resources to provide the CPU, memory, and storage required to deploy and operate VNFs and run applications). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Joshi in view of Chang to include the teachings of Asati. The motivation for doing so is to allow system to facilitate the deployment and operation of VNFs and hardware components. X-86-based compute resources to provide the CPU, memory, and storage required to deploy and operate VNFs and run applications (¶ 0018 – Asati). Regarding claim 2, Joshi further teaches wherein managing reachability of the single IP address comprises: generating the single IP address on the virtual router of the virtual branch site; and monitoring the reachability of the single IP address (Fig.1-3, ¶ 0019 - FIG. 1 is a diagram of an exemplary system in which concepts described herein may be implemented. System may include a number of physical or logical networks. As particularly shown, system may include a network connected to one or more additional networks, such as virtual local area networks (VLANs) collectively referred to as VLANs 120) and a computing device . – ¶0028 - Nodes may be configured to act as a gateway, such as one of gateways130, to network. In one implementation, multiple nodes may be configured as a virtual router that acts as a gateway for VLAN 120A. The multi node virtual router may be assigned a single Internet Protocol (IP) address that is the gateway address for VLAN Further, one node in virtual router may be designed as the master node, which will act as the actual gateway device, while the other nodes may be the backup devices. Devices 205 may send packets that are destined to an external network, such as network, to this address. If the master node in virtual router fails, a backup node may take over as the new master node for virtual router. From the point of view of devices 205, the failure of the first master node should not be noticed, as the devices 205 can continue to send out-of-VLAN data units to use the same gateway address – Note: assigning the gateway address to virtual router of the VLAN and monitoring virtual router for failure) . Regarding claim 3, Joshi further teaches wherein the monitoring of the reachability of the single IP address on the virtual router includes receiving, by a network appliance [..], reachability data from a gateway associated with virtual router ((Fig.1-3, ¶ 0019 - FIG. 1 is a diagram of an exemplary system in which concepts described herein may be implemented. System may include a number of physical or logical networks. As particularly shown, system may include a network 110 connected to one or more additional networks, such as virtual local area networks (VLANs) 120A and 120B collectively referred to as VLANs 120) and a computing device. – ¶0028 - Nodes may be configured to act as a gateway, such as one of gateways 130, to network. In one implementation, multiple nodes may be configured as a virtual router that acts as a gateway for VLAN 120A. The multi node virtual router may be assigned a single Internet Protocol (IP) address that is the gateway address for VLAN. Further, one node in virtual route may be designed as the master node, which will act as the actual gateway device, while the other nodes may be the backup devices. Devices may send packets that are destined to an external network, such as network, to this address. If the master node in virtual router fails, a backup node may take over as the new master node for virtual router. From the point of view of devices 205, the failure of the first master node should not be noticed, as the devices 205 can continue to send out-of-VLAN data units to use the same gateway address – ¶0030 - The increased reliability may be achieved by advertising virtual router (an abstract representation of master and backup routers acting as a group) as a default gateway instead of one physical router. Two or more nodes may be configured to stand for the virtual router, with only one doing the actual routing at any given time. If the current physical node that is routing the data on behalf of the virtual router fails, a backup node may automatically replace it. – Note: receiving reachability data (failure data) from gateway node in order for the backup node to take control ). However, Joshi does not explicitly teach that the network appliance is an NFVIS Asati teaches Node is a Network Function Virtualization Infrastructure Software (NFVIS) (¶ 0016 - A Network Functions Virtualization Infrastructure Software (NFVIS) platform facilitates the deployment and operation of VNFs and hardware components. X-86-based compute resources to provide the CPU, memory, and storage required to deploy and operate VNFs and run applications). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Joshi to include the teachings of Asati. The motivation for doing so is to allow system to facilitate the deployment and operation of VNFs and hardware components. X-86-based compute resources to provide the CPU, memory, and storage required to deploy and operate VNFs and run applications (¶ 0018 – Asati). Regarding claim 4, Joshi further teaches determining, by the network appliance, that the reachability of the single IP address on the virtual router is lost; and reallocating, by the network appliance, the single IP address (Fig.1-3, ¶ 0019 - FIG. 1 is a diagram of an exemplary system 100 in which concepts described herein may be implemented. System 100 may include a number of physical or logical networks. As particularly shown, system 100 may include a network 1connected to one or more additional networks, such as virtual local area networks (VLANs) collectively referred to as VLANs 120) and a computing device . – ¶0028 - Nodes 220 may be configured to act as a gateway, such as one of gateways 130, to network. In one implementation, multiple nodes may be configured as a virtual router that acts as a gateway for VLAN 120A. The multi node virtual router may be assigned a single Internet Protocol (IP) address that is the gateway address for VLAN 120A. Further, one node 220 in virtual router 230 may be designed as the master node, which will act as the actual gateway device, while the other nodes 220 may be the backup devices. Devices 205 may send packets that are destined to an external network, such as network 110, to this address. If the master node in virtual router 230 fails, a backup node 220 may take over as the new master node for virtual router 230. From the point of view of devices 205, the failure of the first master node should not be noticed, as the devices 205 can continue to send out-of-VLAN data units to use the same gateway address – Note: re-assigning the address to the backup node (new master) within virtual router when the master node failed within the virtual router) . Regarding claim 7, Joshi further teaches wherein the monitoring of the reachability of the single IP address on the virtual router includes receiving, by an appliance [...], health-related data of the virtual router (Fig.1-3, ¶ 0019 - FIG. 1 is a diagram of an exemplary system in which concepts described herein may be implemented. System may include a number of physical or logical networks. As particularly shown, system may include a network 110 connected to one or more additional networks, such as virtual local area networks (VLANs) collectively referred to as VLANs 120) and a computing device – ¶0028 - Nodes may be configured to act as a gateway, such as one of gateways, to network. In one implementation, multiple nodes may be configured as a virtual router that acts as a gateway for VLAN 120A. The multi node virtual router may be assigned a single Internet Protocol (IP) address that is the gateway address for VLAN 120A. Further, one node 220 in virtual router 230 may be designed as the master node, which will act as the actual gateway device, while the other nodes may be the backup devices. Devices 205 may send packets that are destined to an external network, such as network, to this address. If the master node in virtual router fails, a backup node may take over as the new master node for virtual router. From the point of view of devices 205, the failure of the first master node should not be noticed, as the devices 205 can continue to send out-of-VLAN data units to use the same gateway address – ¶ 0030 - The increased reliability may be achieved by advertising virtual router (an abstract representation of master and backup routers acting as a group) as a default gateway instead of one physical router. Two or more nodes may be configured to stand for the virtual router, with only one doing the actual routing at any given time. If the current physical node that is routing the data on behalf of the virtual router fails, a backup node may automatically replace it. –Note: receiving failure data so that the backup node can take control ). However, Joshi does not explicitly teach that the appliance is a Network Function Virtualization Infrastructure Software (NFVIS). Asati teaches An appliance is a Network Function Virtualization Infrastructure Software (NFVIS) (¶ 0016 - A Network Functions Virtualization Infrastructure Software (NFVIS) platform facilitates the deployment and operation of VNFs and hardware components. X-86-based compute resources to provide the CPU, memory, and storage required to deploy and operate VNFs and run applications). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Joshi to include the teachings of Asati. The motivation for doing so is to allow system to facilitate the deployment and operation of VNFs and hardware components. X-86-based compute resources to provide the CPU, memory, and storage required to deploy and operate VNFs and run applications (¶ 0018 – Asati). Regarding claim 8, Joshi teaches a system comprising: one or more processors; and at least one computer-readable storage medium having stored therein instructions which, when executed by the one or more processors, cause the system to manage reachability of the single IP address on the virtual router for the virtual branch site; controlling use of the single IP address between the network appliance and the virtual router based on the reachability of the virtual router to maintain a connection between the orchestrator and the virtual branch site through an [..] agent when the virtual router in unreachable (Fig.1-3, ¶ 0019 - FIG. 1 is a diagram of an exemplary system in which concepts described herein may be implemented. System may include a number of physical or logical networks. As particularly shown, system may include a network connected to one or more additional networks, such as VLANs collectively referred to as VLANs) and a computing device – ¶ 0028 - Nodes configured to act as a gateway, such as one of gateways, to network. In one implementation, multiple nodes may be configured as a virtual router that acts as a gateway for VLAN. The multi node virtual router may be assigned a single IP address that is the gateway address for VLAN. Further, one node in virtual router may be designed as the master node, which will act as the actual gateway device, while the other nodes may be the backup devices. Devices may send packets that are destined to an external network, such as network, to this address. If the master node in virtual router fails, a backup node may take over as the new master node for virtual router. From the point of view of devices, the failure of the first master node should not be noticed, as the devices continue to send out-of-VLAN data units to use the same gateway address – ¶0030 - The increased reliability may be achieved by advertising virtual router (an abstract representation of master and backup routers acting as a group) as a default gateway instead of one physical router. Two or more nodes may be configured to stand for the virtual router, with only one doing the actual routing at any given time. If the current physical node that is routing the data on behalf of the virtual router fails, a backup node may automatically replace it. Note: controlling use of the single IP address between Virtual router and gateway device based on reachability of the virtual router to maintain connection between server computer 205 (orchestrator) and VLAN (virtual branch site) through switching/routing components (agent) that transmit the data to server computer 205 when the master gateway inside the virtual router is unreachable). However, Joshi does not explicitly teach that the agent is a secure tunnel agent establish, by a network appliance implemented through a virtualized infrastructure of a virtual branch site, a secure tunnel agent to an orchestrator, the secure tunnel agent and the orchestrator being components of the virtualized infrastructure of the virtual branch site; wherein the network appliance is a network function virtualization infrastructure software ( NFVIS). Chang teaches establish, by a network appliance implemented through a virtualized infrastructure of the virtual branch site, a secure tunnel agent to an orchestrator. The secure agent and the orchestrator being components of the virtualized infrastructure of the virtual branch site ( Fig.1-3 - ¶0024 - The private cloud and public cloud can be connected via a secure site-to-site tunnel between a private cloud gateway and a public cloud gateway. The private cloud gateway can be configured as a VM for extending the private cloud across the Internet to the public cloud 104 through the secure site-to-site tunnel. The public cloud gateway can be configured as a VM switch overlay for interconnecting workloads running in the public cloud via secure access tunnels, and for forwarding network traffic to the private network using the site-to site tunnel ¶0036 - The private cloud agent can be configured as a VM or a network appliance that can be used to establish a tunnel endpoint for the secure tunnels from the private cloud. The private cloud agent can also be used for instantiating the public cloud evaluation agents in the public clouds. ¶0030 - the public cloud gateway can establish, from the public cloud , the secure site-to-site tunnel to interconnect with the private cloud gateway , secure access tunnels to connect public cloud VMs, and monitor and report statistics for the public cloud VMs and any component failures in the public cloud. the public cloud gateway can include a cloud virtual switch or cloud Virtual Ethernet Module that communicates with the VSM to retrieve VM-specific network policies (e.g., port profiles), switches network traffic between public cloud VMs, switches network traffic between public cloud VMs and the private cloud , applies network policies, and monitors and reports related statistics - Some example embodiments may establish the secure transport layer tunnel (e.g. DTLS, SSL) over the public network, and can build a secure L2 switch overlay that interconnects public cloud resources with private clouds ( e.g., enterprise network backbones). In other words, the secure transport layer tunnel can provide a link layer network extension between the private cloud and the public cloud - Note: the examiner interprets the branch site as equivalent to virtual public cloud and secure agent as equivalent to cloud agent within the gateway that establish the secure tunnel between public cloud and orchestration engine within the private cloud) . It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Joshi to include the teachings of Chang. The motivation for doing so is to allow system to monitor the health of all of the components of the network and any component failures to ensure high availability of those components. (¶ 0026, ¶ 0030 – Chang). Joshi in view of Chang does not explicitly teach that the network appliance is NFVIS. However, Asati teaches network appliance is a Network Function Virtualization Infrastructure Software (NFVIS) (¶0014 - In an NFV environment, a VNF handles specific network functions that run on one or more virtual machines (VMs) on top of the hardware networking infrastructure in routers, switches, gateways, firewalls, etc. Individual virtual network functions can be connected or combined together as building blocks to offer a full-scale networking communication service ¶0016 - A Network Functions Virtualization Infrastructure Software (NFVIS) platform facilitates the deployment and operation of VNFs and hardware components. X-86-based compute resources to provide the CPU, memory, and storage required to deploy and operate VNFs and run applications). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Joshi in view of Chang to include the teachings of Asati. The motivation for doing so is to allow system to facilitate the deployment and operation of VNFs and hardware components. X-86-based compute resources to provide the CPU, memory, and storage required to deploy and operate VNFs and run applications (¶ 0018 – Asati). Regarding claim 9, Joshi further teaches wherein the instructions which, when executed by the one or more processors, cause the system to: generate the single IP address on the virtual router of the virtual branch site; and monitor the reachability of the single IP address. (Fig.1-3, ¶ 0019 - FIG. 1 is a diagram of an exemplary system in which concepts described herein may be implemented. System may include a number of physical or logical networks. As particularly shown, system may include a network connected to one or more additional networks, such as virtual local area networks (VLANs) collectively referred to as VLANs 120) and a computing device . – ¶0028 - Nodes may be configured to act as a gateway, such as one of gateways130, to network. In one implementation, multiple nodes may be configured as a virtual router that acts as a gateway for VLAN 120A. The multi node virtual router may be assigned a single Internet Protocol (IP) address that is the gateway address for VLAN Further, one node in virtual router may be designed as the master node, which will act as the actual gateway device, while the other nodes may be the backup devices. Devices 205 may send packets that are destined to an external network, such as network, to this address. If the master node in virtual router fails, a backup node may take over as the new master node for virtual router. From the point of view of devices 205, the failure of the first master node should not be noticed, as the devices 205 can continue to send out-of-VLAN data units to use the same gateway address – Note: assigning the gateway address to virtual router of the VLAN and monitoring virtual router for failure) . Regarding claim 10, Joshi further teaches wherein the instructions which, when executed by the one or more processors, cause the system to monitor the reachability of the single IP address by monitoring the reachability of the single IP address includes receiving, by a network appliance, gateway reachability data from a gateway associated with the virtual router.. ((Fig.1-3, ¶ 0019 - FIG. 1 is a diagram of an exemplary system in which concepts described herein may be implemented. System may include a number of physical or logical networks. As particularly shown, system may include a network 110 connected to one or more additional networks, such as virtual local area networks (VLANs) 120A and 120B collectively referred to as VLANs 120) and a computing device. – ¶0028 - Nodes may be configured to act as a gateway, such as one of gateways 130, to network. In one implementation, multiple nodes may be configured as a virtual router that acts as a gateway for VLAN 120A. The multi node virtual router may be assigned a single Internet Protocol (IP) address that is the gateway address for VLAN. Further, one node in virtual route may be designed as the master node, which will act as the actual gateway device, while the other nodes may be the backup devices. Devices may send packets that are destined to an external network, such as network, to this address. If the master node in virtual router fails, a backup node may take over as the new master node for virtual router. From the point of view of devices 205, the failure of the first master node should not be noticed, as the devices 205 can continue to send out-of-VLAN data units to use the same gateway address – ¶0030 - The increased reliability may be achieved by advertising virtual router (an abstract representation of master and backup routers acting as a group) as a default gateway instead of one physical router. Two or more nodes may be configured to stand for the virtual router, with only one doing the actual routing at any given time. If the current physical node that is routing the data on behalf of the virtual router fails, a backup node may automatically replace it. – Note: receiving reachability data (failure data) from gateway node in order to the backup node to take control).). However, Joshi does not explicitly teach that the network appliance is an NFVIS Asati teaches Node is a Network Function Virtualization Infrastructure Software (NFVIS) (¶ 0016 - A Network Functions Virtualization Infrastructure Software (NFVIS) platform facilitates the deployment and operation of VNFs and hardware components. X-86-based compute resources to provide the CPU, memory, and storage required to deploy and operate VNFs and run applications). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Joshi to include the teachings of Asati. The motivation for doing so is to allow system to facilitate the deployment and operation of VNFs and hardware components. X-86-based compute resources to provide the CPU, memory, and storage required to deploy and operate VNFs and run applications (¶ 0018 – Asati). Regarding claim 11, Joshi further teaches wherein the instructions which, when executed by the one or more processors, cause the system to: determine, by the network appliance, that the reachability of the single IP address on the virtual router is lost; and reallocate, by the network appliance, the single IP address. (Fig.1-3, ¶ 0019 - FIG. 1 is a diagram of an exemplary system 100 in which concepts described herein may be implemented. System 100 may include a number of physical or logical networks. As particularly shown, system 100 may include a network 1connected to one or more additional networks, such as virtual local area networks (VLANs) collectively referred to as VLANs 120) and a computing device . – ¶0028 - Nodes 220 may be configured to act as a gateway, such as one of gateways 130, to network. In one implementation, multiple nodes may be configured as a virtual router that acts as a gateway for VLAN 120A. The multi node virtual router may be assigned a single Internet Protocol (IP) address that is the gateway address for VLAN 120A. Further, one node 220 in virtual router 230 may be designed as the master node, which will act as the actual gateway device, while the other nodes 220 may be the backup devices. Devices 205 may send packets that are destined to an external network, such as network 110, to this address. If the master node in virtual router 230 fails, a backup node 220 may take over as the new master node for virtual router 230. From the point of view of devices 205, the failure of the first master node should not be noticed, as the devices 205 can continue to send out-of-VLAN data units to use the same gateway address – Note: re-assigning the address to the backup node (new master) within virtual router when the node failed within the virtual router) . Regarding claim 14, Joshi further teaches wherein the monitored reachability of the single IP address on the virtual router includes receiving, by an appliance [...], health-related data of the virtual router (Fig.1-3, ¶ 0019 - FIG. 1 is a diagram of an exemplary system in which concepts described herein may be implemented. System may include a number of physical or logical networks. As particularly shown, system may include a network 110 connected to one or more additional networks, such as virtual local area networks (VLANs) collectively referred to as VLANs 120) and a computing device – ¶0028 - Nodes may be configured to act as a gateway, such as one of gateways, to network. In one implementation, multiple nodes may be configured as a virtual router that acts as a gateway for VLAN 120A. The multi node virtual router may be assigned a single Internet Protocol (IP) address that is the gateway address for VLAN 120A. Further, one node 220 in virtual router 230 may be designed as the master node, which will act as the actual gateway device, while the other nodes may be the backup devices. Devices 205 may send packets that are destined to an external network, such as network, to this address. If the master node in virtual router fails, a backup node may take over as the new master node for virtual router. From the point of view of devices 205, the failure of the first master node should not be noticed, as the devices 205 can continue to send out-of-VLAN data units to use the same gateway address – ¶ 0030 - The increased reliability may be achieved by advertising virtual router (an abstract representation of master and backup routers acting as a group) as a default gateway instead of one physical router. Two or more nodes may be configured to stand for the virtual router, with only one doing the actual routing at any given time. If the current physical node that is routing the data on behalf of the virtual router fails, a backup node may automatically replace it. Note: controlling use of the single IP address between Virtual router and gateway device based on reachability of the virtual router to maintain connection between server computer 205 and VLAN through switching/routing components that transmit the data to server computer 205 when the master gateway inside the virtual router is unreachable - Note: receiving failure data so that the backup node can take control ). However, Joshi does not explicitly teach that the appliance is a Network Function Virtualization Infrastructure Software (NFVIS). Asati teaches An appliance is a Network Function Virtualization Infrastructure Software (NFVIS) (¶ 0016 - A Network Functions Virtualization Infrastructure Software (NFVIS) platform facilitates the deployment and operation of VNFs and hardware components. X-86-based compute resources to provide the CPU, memory, and storage required to deploy and operate VNFs and run applications). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Joshi to include the teachings of Asati. The motivation for doing so is to allow system to facilitate the deployment and operation of VNFs and hardware components. X-86-based compute resources to provide the CPU, memory, and storage required to deploy and operate VNFs and run applications (¶ 0018 – Asati). Regarding claim 15, Joshi teaches a non-transitory computer-readable storage medium comprising: instructions stored on the non-transitory computer-readable storage medium, the instructions, when executed by one or more processors, cause the one or more processors to: manage reachability of the single IP address on the virtual router for virtual branch site; and control use of the single IP address between the network appliance and the virtual router based on the reachability of the virtual router to maintain a connection between the orchestrator and the virtual branch site through an [..] agent when the virtual router in unreachable (Fig.1-3, ¶ 0019 - FIG. 1 is a diagram of an exemplary system in which concepts described herein may be implemented. System may include a number of physical or logical networks. As particularly shown, system may include a network connected to one or more additional networks, such as VLANs collectively referred to as VLANs) and a computing device – ¶ 0028 - Nodes configured to act as a gateway, such as one of gateways, to network. In one implementation, multiple nodes may be configured as a virtual router that acts as a gateway for VLAN. The multi node virtual router may be assigned a single IP address that is the gateway address for VLAN. Further, one node in virtual router may be designed as the master node, which will act as the actual gateway device, while the other nodes may be the backup devices. Devices may send packets that are destined to an external network, such as network, to this address. If the master node in virtual router fails, a backup node may take over as the new master node for virtual router. From the point of view of devices, the failure of the first master node should not be noticed, as the devices continue to send out-of-VLAN data units to use the same gateway address – ¶0030 - The increased reliability may be achieved by advertising virtual router (an abstract representation of master and backup routers acting as a group) as a default gateway instead of one physical router. Two or more nodes may be configured to stand for the virtual router, with only one doing the actual routing at any given time. If the current physical node that is routing the data on behalf of the virtual router fails, a backup node may automatically replace it. . Note: controlling use of the single IP address between Virtual router and gateway device based on reachability of the virtual router to maintain connection between server computer 205 (orchestrator) and VLAN (virtual branch site) through switching/routing components (agent) that transmit the data to server computer 205 when the master gateway inside the virtual router is unreachable). However, Joshi does not explicitly teach that the agent is a secure tunnel agent establish, by a network appliance implemented through a virtualized infrastructure of a virtual branch site, a secure tunnel agent to an orchestrator, the secure tunnel agent and the orchestrator being components of the virtualized infrastructure of the virtual branch site; wherein the network appliance is a network function virtualization infrastructure software ( NFVIS). Chang teaches establish, by a network appliance implemented through a virtualized infrastructure of the virtual branch site, a secure tunnel agent to an orchestrator. The secure agent and the orchestrator being components of the virtualized infrastructure of the virtual branch site ( Fig.1-3 - ¶0024 - The private cloud and public cloud can be connected via a secure site-to-site tunnel between a private cloud gateway and a public cloud gateway. The private cloud gateway can be configured as a VM for extending the private cloud across the Internet to the public cloud 104 through the secure site-to-site tunnel. The public cloud gateway can be configured as a VM switch overlay for interconnecting workloads running in the public cloud via secure access tunnels, and for forwarding network traffic to the private network using the site-to site tunnel ¶0036 - The private cloud agent can be configured as a VM or a network appliance that can be used to establish a tunnel endpoint for the secure tunnels from the private cloud. The private cloud agent can also be used for instantiating the public cloud evaluation agents in the public clouds. ¶0030 - the public cloud gateway can establish, from the public cloud , the secure site-to-site tunnel to interconnect with the private cloud gateway , secure access tunnels to connect public cloud VMs, and monitor and report statistics for the public cloud VMs and any component failures in the public cloud. the public cloud gateway can include a cloud virtual switch or cloud Virtual Ethernet Module that communicates with the VSM to retrieve VM-specific network policies (e.g., port profiles), switches network traffic between public cloud VMs, switches network traffic between public cloud VMs and the private cloud , applies network policies, and monitors and reports related statistics - Some example embodiments may establish the secure transport layer tunnel (e.g. DTLS, SSL) over the public network, and can build a secure L2 switch overlay that interconnects public cloud resources with private clouds ( e.g., enterprise network backbones). In other words, the secure transport layer tunnel can provide a link layer network extension between the private cloud and the public cloud - Note: the examiner interprets the branch site as equivalent to virtual public cloud and secure agent as equivalent to cloud agent within the gateway that establish the secure tunnel between public cloud and orchestration engine within the private cloud) . It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Joshi to include the teachings of Chang. The motivation for doing so is to allow system to monitor the health of all of the components of the network and any component failures to ensure high availability of those components. (¶ 0026, ¶ 0030 – Chang). Joshi in view of Chang does not explicitly teach that the network appliance is NFVIS. However, Asati teaches network appliance is a Network Function Virtualization Infrastructure Software (NFVIS) (¶0014 - In an NFV environment, a VNF handles specific network functions that run on one or more virtual machines (VMs) on top of the hardware networking infrastructure in routers, switches, gateways, firewalls, etc. Individual virtual network functions can be connected or combined together as building blocks to offer a full-scale networking communication service ¶0016 - A Network Functions Virtualization Infrastructure Software (NFVIS) platform facilitates the deployment and operation of VNFs and hardware components. X-86-based compute resources to provide the CPU, memory, and storage required to deploy and operate VNFs and run applications). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Joshi in view of Chang to include the teachings of Asati. The motivation for doing so is to allow system to facilitate the deployment and operation of VNFs and hardware components. X-86-based compute resources to provide the CPU, memory, and storage required to deploy and operate VNFs and run applications (¶ 0018 – Asati). Regarding claim 16, Joshi further teaches wherein the instructions which, when executed by the one or more processors, cause the one or more processor to: generate the single IP address on the virtual router of the virtual branch site; and monitor the reachability of the single IP address. (Fig.1-3, ¶ 0019 - FIG. 1 is a diagram of an exemplary system in which concepts described herein may be implemented. System may include a number of physical or logical networks. As particularly shown, system may include a network connected to one or more additional networks, such as virtual local area networks (VLANs) collectively referred to as VLANs 120) and a computing device . – ¶0028 - Nodes may be configured to act as a gateway, such as one of gateways130, to network. In one implementation, multiple nodes may be configured as a virtual router that acts as a gateway for VLAN 120A. The multi node virtual router may be assigned a single Internet Protocol (IP) address that is the gateway address for VLAN Further, one node in virtual router may be designed as the master node, which will act as the actual gateway device, while the other nodes may be the backup devices. Devices 205 may send packets that are destined to an external network, such as network, to this address. If the master node in virtual router fails, a backup node may take over as the new master node for virtual router. From the point of view of devices 205, the failure of the first master node should not be noticed, as the devices 205 can continue to send out-of-VLAN data units to use the same gateway address – Note: assigning the gateway address to virtual router of the VLAN and monitoring virtual router for failure) . Regarding claim 17, Joshi further teaches wherein the instructions which, when executed by the one or more processors, cause the one or more processor to monitor the reachability of the single IP address by monitoring the reachability of the single IP address includes receiving, by a network appliance, gateway reachability data from a gateway associated with the virtual router.. ((Fig.1-3, ¶ 0019 - FIG. 1 is a diagram of an exemplary system in which concepts described herein may be implemented. System may include a number of physical or logical networks. As particularly shown, system may include a network 110 connected to one or more additional networks, such as virtual local area networks (VLANs) 120A and 120B collectively referred to as VLANs 120) and a computing device. – ¶0028 - Nodes may be configured to act as a gateway, such as one of gateways 130, to network. In one implementation, multiple nodes may be configured as a virtual router that acts as a gateway for VLAN 120A. The multi node virtual router may be assigned a single Internet Protocol (IP) address that is the gateway address for VLAN. Further, one node in virtual route may be designed as the master node, which will act as the actual gateway device, while the other nodes may be the backup devices. Devices may send packets that are destined to an external network, such as network, to this address. If the master node in virtual router fails, a backup node may take over as the new master node for virtual router. From the point of view of devices 205, the failure of the first master node should not be noticed, as the devices 205 can continue to send out-of-VLAN data units to use the same gateway address – ¶0030 - The increased reliability may be achieved by advertising virtual router (an abstract representation of master and backup routers acting as a group) as a default gateway instead of one physical router. Two or more nodes may be configured to stand for the virtual router, with only one doing the actual routing at any given time. If the current physical node that is routing the data on behalf of the virtual router fails, a backup node may automatically replace it. – Note: receiving reachability data (failure data) from gateway node in order for the backup node to take control). However, Joshi does not explicitly teach that the network appliance is an NFVIS Asati teaches Node is a Network Function Virtualization Infrastructure Software (NFVIS) (¶ 0016 - A Network Functions Virtualization Infrastructure Software (NFVIS) platform facilitates the deployment and operation of VNFs and hardware components. X-86-based compute resources to provide the CPU, memory, and storage required to deploy and operate VNFs and run applications). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Joshi to include the teachings of Asati. The motivation for doing so is to allow system to facilitate the deployment and operation of VNFs and hardware components. X-86-based compute resources to provide the CPU, memory, and storage required to deploy and operate VNFs and run applications (¶ 0018 – Asati). Regarding claim 18, Joshi further teaches wherein the instructions which, when executed by the one or more processors, cause the one or more processor to: determine, by the network appliance, that the reachability of the single IP address on the virtual router is lost; and reallocate, by the network appliance, the single IP address. (Fig.1-3, ¶ 0019 - FIG. 1 is a diagram of an exemplary system 100 in which concepts described herein may be implemented. System 100 may include a number of physical or logical networks. As particularly shown, system 100 may include a network 1connected to one or more additional networks, such as virtual local area networks (VLANs) collectively referred to as VLANs 120) and a computing device . – ¶0028 - Nodes 220 may be configured to act as a gateway, such as one of gateways 130, to network. In one implementation, multiple nodes may be configured as a virtual router that acts as a gateway for VLAN 120A. The multi node virtual router may be assigned a single Internet Protocol (IP) address that is the gateway address for VLAN 120A. Further, one node 220 in virtual router 230 may be designed as the master node, which will act as the actual gateway device, while the other nodes 220 may be the backup devices. Devices 205 may send packets that are destined to an external network, such as network 110, to this address. If the master node in virtual router 230 fails, a backup node 220 may take over as the new master node for virtual router 230. From the point of view of devices 205, the failure of the first master node should not be noticed, as the devices 205 can continue to send out-of-VLAN data units to use the same gateway address – – Note: re-assigning the address to the backup node (new master) within virtual router when the node failed within the virtual router) . Claims 5,12,19 are rejected under 35 U.S.C. 103 as being unpatentable over Joshi in view of Chang further in view of Asati further in view of Suryanarayana et al. Publication No. US 2021/0385149 A1 ( Suryanarayana hereinafter) Regarding claim 5, Joshi does not explicitly teach managing, by the orchestrator, the virtual branch site when connectivity with the virtual router via the single IP address is lost. Suryanarayana teaches managing, by the orchestrator, the virtual branch site when connectivity with the virtual router via the single IP address is lost ( ¶ 0130 - . When a virtual router of a compute node fails or otherwise becomes unreachable (314), the leaf nodes in the IP fabric can quickly detect when a virtual router has failed, based on the BFD session (316). If the leaf node detects that a virtual router fails or is otherwise unreachable, the leaf node communicates the failure by sending a routing protocol message to a spine node in the IP fabric, withdrawing the underlay network route associated with the virtual router (318). The spine node in tum communicates the underlay network route withdrawal to the SON controller via BGP session 51 (320), and in response to receiving the underlay route withdrawal (322), the SON controller updates its underlay network routing table to remove the underlay network route for the unreachable virtual router from the underlay routing information (324). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Joshi to include the teachings of Suryanarayana. The motivation for doing so is to allow system to improve speed of network convergence after node failure (Abstract - Suryanarayana). Regarding claim 12, Joshi does not explicitly teach wherein the instructions which, when executed by the one or more processors, cause the system to: manage, by the orchestrator, the virtual branch site when connectivity with the virtual router via the single IP address is lost Suryanarayana teaches wherein the instructions which, when executed by the one or more processors, cause the system to: manage, by the orchestrator, the virtual branch site when connectivity with the virtual router via the single IP address is lost (¶ 0130 - When a virtual router of a compute node fails or otherwise becomes unreachable (314), the leaf nodes in the IP fabric can quickly detect when a virtual router has failed, based on the BFD session (316). If the leaf node detects that a virtual router fails or is otherwise unreachable, the leaf node communicates the failure by sending a routing protocol message to a spine node in the IP fabric, withdrawing the underlay network route associated with the virtual router (318). The spine node in tum communicates the underlay network route withdrawal to the SON controller via BGP session 51 (320), and in response to receiving the underlay route withdrawal (322), the SON controller updates its underlay network routing table to remove the underlay network route for the unreachable virtual router from the underlay routing information (324)). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Joshi to include the teachings of Suryanarayana. The motivation for doing so is to allow system to improve speed of network convergence after node failure (Abstract - Suryanarayana). Regarding claim 19, Joshi does not explicitly teach wherein the instructions which, when executed by the one or more processors, cause the one or more processor to: manage, by the orchestrator, the virtual branch site when connectivity with the virtual router via the single IP address is lost Suryanarayana teaches wherein the instructions which, when executed by the one or more processors, cause the system to: manage, by the orchestrator, the virtual branch site when connectivity with the virtual router via the single IP address is lost ( ¶ 0130 - . When a virtual router of a compute node fails or otherwise becomes unreachable (314), the leaf nodes in the IP fabric can quickly detect when a virtual router has failed, based on the BFD session (316). If the leaf node detects that a virtual router fails or is otherwise unreachable, the leaf node communicates the failure by sending a routing protocol message to a spine node in the IP fabric, withdrawing the underlay network route associated with the virtual router (318). The spine node in tum communicates the underlay network route withdrawal to the SON controller via BGP session 51 (320), and in response to receiving the underlay route withdrawal (322), the SON controller updates its underlay network routing table to remove the underlay network route for the unreachable virtual router from the underlay routing information (324). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Joshi to include the teachings of Suryanarayana. The motivation for doing so is to allow system to improve speed of network convergence after node failure (Abstract - Suryanarayana). Claims 6,13,20 are rejected under 35 U.S.C. 103 as being unpatentable over Joshi in view of Chang further in view of Asati further in view of Vadde Makkalla t al. Patent No. US 11,374,791 B2 (Vadde Makkalla hereinafter) Regarding claim 6, Joshi does not explicitly teach pushing, from the orchestrator, a site specific configuration to the virtual branch site However, Vadde Makkalla teaches pushing, from the orchestrator, a site specific configuration to the virtual branch site (Col. 3, lines 10-20 -network orchestrator determines that a VLAN is shared across multiple LANs. The network orchestrator transmits commands to relevant gateways of each LAN to establish WAN uplink tunnels between the LANs. Additional standby WAN uplink tunnels are established in case a failure severs the route using the primary WAN uplink tunnels, and an intra-cluster tunnel mesh is established between gateways of each cluster – Col. 4, lines 20-25- the network orchestrator may transmit a command to manager BG 102a and HG 104a that causes the gateways to establish WAN uplink tunnel106a. In some examples, a separate tunnel 106 is generated for each extended VLAN. In some other examples, a single tunnel is established for each extended VLAN that traverses the WAN uplink – See Col 6, lines 60-70 ). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Joshi to include the teachings of Vadde Makkalla. The motivation for doing so is to allow system to orchestrating extended VLANs across a SD-WAN achieve full connectivity across an extended VLAN (Col.3, lines 1-20 – Vadde Makkalla). Regarding claim 13, Joshi does not explicitly teach wherein the instructions which, when executed by the one or more processors, cause the system to: push, from the orchestrator, a site specific configuration to the virtual branch site. However, Vadde Makkalla teaches wherein the instructions which, when executed by the one or more processors, cause the one or more processor to: push, from the orchestrator, a site specific configuration to the virtual branch site. (Col. 3, lines 10-20 -network orchestrator determines that a VLAN is shared across multiple LANs. The network orchestrator transmits commands to relevant gateways of each LAN to establish WAN uplink tunnels between the LANs. Additional standby WAN uplink tunnels are established in case a failure severs the route using the primary WAN uplink tunnels, and an intra-cluster tunnel mesh is established between gateways of each cluster – Col. 4, lines 20-25- the network orchestrator may transmit a command to manager BG 102a and HG 104a that causes the gateways to establish WAN uplink tunnel106a. In some examples, a separate tunnel 106 is generated for each extended VLAN. In some other examples, a single tunnel is established for each extended VLAN that traverses the WAN uplink – See Col 6, lines 60-70 ). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Joshi to include the teachings of Vadde Makkalla. The motivation for doing so is to allow system to orchestrating extended VLANs across a SD-WAN achieve full connectivity across an extended VLAN (Col.3, lines 1-20 – Vadde Makkalla). Regarding claim 20, Joshi does not explicitly teach wherein the instructions which, when executed by the one or more processors, cause the one or more processor to: push, from the orchestrator, a site specific configuration to the virtual branch site. However, Vadde Makkalla teaches wherein the instructions which, when executed by the one or more processors, cause the system to: push, from the orchestrator, a site specific configuration to the virtual branch site. (Col. 3, lines 10-20 -network orchestrator determines that a VLAN is shared across multiple LANs. The network orchestrator transmits commands to relevant gateways of each LAN to establish WAN uplink tunnels between the LANs. Additional standby WAN uplink tunnels are established in case a failure severs the route using the primary WAN uplink tunnels, and an intra-cluster tunnel mesh is established between gateways of each cluster – Col. 4, lines 20-25- the network orchestrator may transmit a command to manager BG 102a and HG 104a that causes the gateways to establish WAN uplink tunnel106a. In some examples, a separate tunnel 106 is generated for each extended VLAN. In some other examples, a single tunnel is established for each extended VLAN that traverses the WAN uplink – See Col 6, lines 60-70 ). It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Joshi to include the teachings of Vadde Makkalla. The motivation for doing so is to allow system to orchestrating extended VLANs across a SD-WAN achieve full connectivity across an extended VLAN (Col.3, lines 1-20 – Vadde Makkalla). Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to YOUNES NAJI whose telephone number is (571)272-2659. The examiner can normally be reached Monday - Friday 8:30 AM -5:30 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar A Louie can be reached on (571) 270-1684. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /YOUNES NAJI/Primary Examiner, Art Unit 2445
Read full office action

Prosecution Timeline

Aug 11, 2023
Application Filed
Aug 09, 2025
Non-Final Rejection — §103, §DP
Nov 13, 2025
Response Filed
Feb 20, 2026
Final Rejection — §103, §DP (current)

Precedent Cases

Applications granted by this same examiner with similar technology

18/473,000
Patent 12592955
System and method for network intrusion detection using a neural network implemented by a local computing system
2y 5m to grant Granted Mar 31, 2026
18/431,152
Patent 12585745
SYSTEM FOR AUTHENTICATING REMOTE DRIVER IN REAL TIME USING IMAGE AND ARTIFICIAL INTELLIGENCE
2y 5m to grant Granted Mar 24, 2026
18/339,709
Patent 12574351
AUTOMATING CONTROLLER IP ADDRESS CHANGE IN CLIENT-BASED AGENT ENVIRONMENTS
2y 5m to grant Granted Mar 10, 2026
18/538,121
Patent 12562901
External Key Manager Error Handling For Encrypted Platform-Hosted Data
2y 5m to grant Granted Feb 24, 2026
17/657,603
Patent 12556446
CLOUD NATIVE SOFTWARE-DEFINED NETWORK ARCHITECTURE FOR MULTIPLE CLUSTERS
2y 5m to grant Granted Feb 17, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
75%
Grant Probability
99%
With Interview (+72.8%)
3y 1m
Median Time to Grant
Moderate
PTA Risk
Based on 437 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month