• Home
  • John W. Lockwood
John W. Lockwood

John W. Lockwood
Algo-Logic Systems, Inc.

PhD

About

196
Publications
48,054
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
5,619
Citations
Additional affiliations
October 2009 - present
Algo-Logic Systems, Inc
Position
  • CEO
Description
  • Algo-Logic designs, verifies, and deploys the lowest latency algorithms for processing network data using FPGA logic.
January 2007 - October 2009
Stanford University
Position
  • Consulting Associate Professor
Description
  • Led NetFPGA program, presented tutorials, grew number of cards deployed from 10 to 1,021, and grew beta program from 0 to 1,050 users.
June 1999 - December 2007
Washington University in St. Louis
Position
  • Professor (Associate)
Description
  • Tenured in 2007 Associate in 2006 Assistant in 2001 Research in 1999
Education
August 1987 - October 1995
University of Illinois, Urbana-Champaign
Field of study
  • Electrical and Computer Engineering

Publications

Publications (196)
Article
Datacenters require many low-level network services to implement high-level applications. Key-value store (KVS) is a critical service that associates values with keys and lets machines share these associations over a network. Client machines send a key search request over Ethernet, and KVS servers return values associated with these keys. Critical...
Conference Paper
This article consists of a collection of slides from the author's conference presentation. The presentation concludes that Gateware Defined Networking dramatically reduces latency and power and improves throughput in the data center.
Conference Paper
Full-text available
Key/Value Store (KVS) is a fundamental service used widely in modern datacenters to associate keys with data values. KVS systems, such as Redis, Memcached, and DynamoDB have traditionally been implemented with software and run on clusters of microprocessor-based servers. In this work an alternate approach is taken that performs KVS with gateware in...
Conference Paper
Full-text available
The personal computer market grew exponentially in the 1980's for vendors such as Apple, Microsoft, and Intel when there was a healthy mix of software, tools, and microprocessor devices. At the time, killer applications that drove the market were spreadsheets, compilers, and games that ran on the personal computer. Thirty years later, we now have a...
Article
The thirteen articles in this special section explore the technology of deep packet inspection (DPI). DPI examines the content in packet payloads to search for signatures of network applications, signs of malicious activities, and leaks of sensitive information, rather than just examine packet headers for information such as IP addresses and port n...
Conference Paper
Full-text available
Current High-Frequency Trading (HFT) platforms are typically implemented in software on computers with high-performance network adapters. The high and unpredictable latency of these systems has led the trading world to explore alternative "hybrid" architectures with hardware acceleration. In this paper, we survey existing solutions and describe how...
Conference Paper
Full-text available
The NetFPGA platform is designed to enable students and researchers to build networking systems that run at line-rate, and to create re-usable designs to share with others. Our goal is to eventually create a thriving developer-community, where developers around the world contribute reusable modules and designs for the benefit of the community as a...
Conference Paper
Full-text available
A packet generator and network traffic capture system has been implemented on the NetFPGA. The NetFPGA is an open networking platform accelerator that enables rapid development of hardware-accelerated packet processing applications. The packet generator application allows Internet packets to be transmitted at line rate on up to four gigabit Etherne...
Conference Paper
Full-text available
The effort to manage network security systems has increased in complexity over the past years. Network security for a company, university, or government agency can no longer be provided using a single Internet firewall or Intrusion Prevention System (IPS). Today, network administrators must deploy multiple intrusion detection and prevention nodes,...
Chapter
This chapter shows how networking systems are built with reconfigurable hardware. It describes how data can be switched, routed, buffered, processed, scanned, and filtered over networks using field-programmable gate arrays (FPGAs). It also describes the mechanisms by which Internet packets are segmented into frames and cells for transmission across...
Article
Full-text available
The NetFPGA platform enables students and researchers to build high-performance networking systems using field-programmable gate array (FPGA) hardware. A new version of the NetFPGA platform has been developed and is available for use by the academic community. The NetFPGA platform has modular interfaces that enable development of complex hardware d...
Conference Paper
Full-text available
In this paper, we consider tracking targets using multiple distributed sensor platforms. Rather than sending the tracks to a central location, such as a command and control center where information is exchanged between platforms, we consider a distributed solution. While fixed position single sensor tracking of a single target is considered straigh...
Article
Full-text available
This article presents a dense logic design for matching multiple regular expressions with a field programmable gate array (FPGA) at 10+ Gbps. It leverages on the design techniques that enforce the shortest critical path on most FPGA architectures while optimizing the circuit size. The architecture is capable of supporting a maximum throughput...
Conference Paper
Full-text available
In recent years, overlay networks have become an important vehicle for delivering Internet applications. Overlay network nodes are typically implemented using general purpose servers or clusters. We investigate the performance benefits of more inte- grated architectures, combining general-purpose servers with high performance Network Processor (NP)...
Article
In recent years, overlay networks have become an important vehicle for delivering Internet applications. Overlay network nodes are typically implemented using general purpose servers or clusters. We investigate the performance benefits of more integrated architectures, combining general-purpose servers with high performance Network Processor (NP) s...
Conference Paper
Full-text available
A biological organism's ability to sense and adapt to its environment is essential to-its survival. Likewise, environmentally aware computing systems avail themselves to a longer operational life and a wider range of applications than traditional systems. In this paper, we propose a novel circuit design methodology that allows parameterizable hardw...
Conference Paper
An open platform called the NetFPGA has been developed at Stanford University. The NetFPGA platform enables researchers and instructors to build high-speed, hardware-accelerated networking systems. The platform can be used in the classroom to teach students how to build Ethernet switches and Internet Prototcol (IP) routers using hardware rather tha...
Conference Paper
Full-text available
We recently published our proposal for Ethane: A cleanslate approach to managing and securing enterprise networks. The goal of Ethane is to make enterprise networks (e.g. networks in companies, universities, and home offices) much easier to manage. Ethane is built on the premise that the only way to manage and secure networks is to make sure we can...
Conference Paper
Full-text available
The NetFPGA platform enables students and researchers to build high-performance networking systems in hardware. A new version of the NetFPGA platform has been developed and is available for use by the academic community. The NetFPGA 2.1 platform now has interfaces that can be parameterized, therefore enabling development of modular hardware designs...
Conference Paper
Full-text available
Simulation has been the de facto standard method for performance evaluation of newly proposed ideas in computer architecture for many years. While simulation allows for theoretically arbitrary fidelity (at least to the level of cycle accuracy) as well as the ability to monitor the architecture without perturbing the execution itself, it suffers fro...
Conference Paper
Full-text available
A growing number of embedded computing systems are used outside of environmentally controlled locations. In locations such as remote parts of deserts, deep ocean floors, and outer space, it is not only difficult to predict environmental effects on a system, they also allow very limited accessibility once a system is deployed. Therefore, it is often...
Conference Paper
Full-text available
We are concerned with the general problem of concept mining - discovering useful associations, relationships, and groupings in large collections of data. Mathematical transformation algorithms have proven effective at reducing the content of multilingual, unstructured data into a vector that describes the content. Such methods are particularly desi...
Conference Paper
We have implemented a new network information processing system using reconfigurable hardware that scans volumes of data in real-time. One of the key functions of the system is to extract semantic information. Before we can determine the meaning of text, we must identify its language. In a previous project, we have implemented an N-gram based langu...
Conference Paper
As described in our prior papers, we have implemented a system that performs real-time analysis and classification of network traffic using reconfigurable hardware. In this paper, we consider how to optimize the performance and make best use of the hardware resources by simulating the effect of parameter variation. We have devised a systematic meth...
Conference Paper
Command and control services manage network-attached assets deployed in distributed systems that can be separated by thousands of miles. Networks that rely on satellite communications to transit all data to a centralized control center are troubled by high latency due to long propagation delays to satellites and limited data transit over bandwidth...
Conference Paper
Full-text available
Ternary content addressable memory (TCAM), although widely used for general packet classification, is an expensive and high power-consuming device. Algorithmic solutions which rely on commodity memory chips are relatively inexpensive and power-efficient but have not been able to match the generality and performance of TCAMs. Therefore, the developm...
Conference Paper
Full-text available
Reconfigurable circuits running in field programmable gate arrays (FPGAs) can be dynamically optimized for power based on computational requirements and thermal conditions of the environment. In the past, FPGA circuits were typically small and operated at a low frequency. Few users were concerned about high-power consumption and the heat generated...
Article
Full-text available
Reconfigurable logic devices offer new and interest- ing opportunities for application-specific customiza- tion and processor configuration. However, the most compelling optimization problems in this area are NP-hard. In our preliminary work, we customized the mi- croarchitecture of a single processor core for a tar- get application by viewing it a...
Conference Paper
Full-text available
In the past, field programmable gate array (FPGA) circuits only contained a limited amount of logic and operated at a low frequency. Few applications running on FPGAs consumed excessive power. Today, the temperature of FPGAs are a major concern due to increased logic density and speed. Large applications with highly pipelined datapaths can ultimate...
Article
Full-text available
High-speed packet content inspection and filtering devices rely on a fast multipattern matching algorithm which is used to detect predefined keywords or signatures in the packets. Multipattern matching is known to require intensive memory accesses and is often a performance bottleneck. Hence, specialized hardware-accelerated algorithms are required...
Conference Paper
Full-text available
High-performance document clustering systems enable similar documents to be automatically organized into groups. In the past, the large amount of computational time needed to cluster documents prevented practical use of such systems with a large number of documents. A full hardware implementation of the K-means clustering algorithm has been designe...
Conference Paper
Full-text available
This paper presents an implementation of a high-performance network application layer parser in FPGAs. At the core of the architecture resides a pattern matcher and a parser. The pattern matcher scans for patterns in high-speed streaming TCP data streams. The parser core augments each pattern found with semantic information determined from the patt...
Conference Paper
Full-text available
Given large circuit sizes, high clock frequencies, and possibly extreme operating environments, Field Programmable Gate Arrays (FPGAs) are capable of heating beyond their designed thermal limits. As new circuits are developed for FPGAs and deployed remotely, engineers are challenged to determine in advance if the device will operate within recommen...
Conference Paper
Full-text available
This paper presents an architecture for context-free grammar (CFG) based data processing hardware for re-configurable devices. Our system leverages on CFGs to tokenize and parse data streams into a sequence of words with corresponding semantics. Such a tokenizing and parsing engine is sufficient for processing grammatically correct input data. Howe...
Conference Paper
Full-text available
In the liquid architecture project, we are exploring ways in which architectural flexibility can be exploited to improve the execution properties of individual applications. Here, we report on successes we have had to date in this area, and present our vision of where this research should proceed into the future.
Conference Paper
Full-text available
In this paper, the authors present a reconfigurable hardware architecture for searching for regular expression patterns in streaming data. This new architecture is created by combining two popular pattern matching techniques: a pipelined character grid architecture (Baker, 2004), and a regular expression NFA architecture (Cho, 2006). The resulting...
Conference Paper
Full-text available
Non-hierarchical k-means algorithms have been implemented in hardware, most frequently for image clustering. Here, we focus on hierarchical clustering of text documents based on document similarity. To our knowledge, this is the first work to present a hierarchical clustering algorithm designed for hardware implementation and ours is the first hard...
Conference Paper
Full-text available
In this paper, we present reconfigurable hardware architecture for detecting semantics of streaming data on 1+ Gbps networks. The design leverages on the characteristics of context-free-grammar (CFG) that allows the computers to understand the semantics of data. Although our parser is not a true CFG parser, we use the linguistic structure defined i...
Conference Paper
Full-text available
Applications for constrained embedded systems are sub- ject to strict time constraints and restrictive resource uti- lization. With soft core processors, application develop- ers can customize the processor for their application, con- strained by resources but aimed at high application perfor- mance. With such freedom in the design space of the pro...
Conference Paper
Full-text available
There is a need within the intelligence communities to analyze massive streams of multilingual unstructured data. Mathematical transformation algorithms have proven effective at interpreting multilingual, unstructured data, but high computational requirements of such algorithms prevent their widespread use. The rate of computation can be vastly inc...
Article
Full-text available
This paper presents a reconfigurable architecture for high-speed content-based routing. Our architecture goes beyond simple pattern matching by implementing a parsing engine that defines the semantics of patterns that are parsed within the data stream. Defining the semantics of patterns allows for more accurate processing and routing of packets usi...
Chapter
Introduction Information Transformations for Content Analysis Hardware Implementation of Transformation Algorithms for High-Speed Data Streams Experimental Results Summary Acknowledgments References
Article
Full-text available
Hash tables are fundamental components of several network processing algorithms and applications, including route lookup, packet classification, per-flow state management and network monitoring. These applications, which typically occur in the data-path of high-speed routers, must process and forward packets with little or no buffer, making it impo...
Conference Paper
Full-text available
Software-based network intrusion detection systems (NIDS) often fail to keep up with high-speed network links. In this paper an FPGA-based pre-filter is presented that reduces the amount of traffic sent to a software-based NIDS for inspection. Simulations using real network traces and the Snort rule set show that a pre-filter can reduce up to 90% o...
Conference Paper
Full-text available
A hardware-accelerated algorithm has been designed to automatically identify the primary languages used in documents transferred over the Internet. The algorithm has been implemented in hardware on the field programmable port extender (FPX) platform. This system, referred to as the hardware-accelerated identification of languages (HAIL) project, id...
Conference Paper
Full-text available
Intrusion rule processing in reconfigurable hardware enables intrusion detection and prevention services to run at multiGigabit/second rates. High-level intrusion rules mapped directly into hardware separate malicious content from benign content in network traffic. Hardware parallelism allows intrusion systems to scale to support fast network links...
Conference Paper
Full-text available
This paper describes our experience to date and current plans for a senior-level microelectronics laboratory course on hardware/software codesign. The course utilizes an open-source, soft-core processor deployed on the FPX platform as an integral component of the students' designs. Students write software to execute on a Leon SPARC-compatible proce...
Conference Paper
Full-text available
Tools have been developed that enable in-circuit testing of content processing hardware. The tools automate test and verification of new circuits using data from a predefined test-bench or with live traffic sent over the Internet. The tools integrate with existing, open-source, Web-based groupware software. Content is processed with field programma...
Article
Full-text available
Applications for constrained embedded systems require careful attention to the match between the application and the support offered by an architecture, at the ISA and microarchitecture levels. Generic processors, such as ARM and Power PC, are inexpensive, but with respect to a given application, they often overprovision in areas that are unimporta...
Conference Paper
Full-text available
High-performance rule processing systems are needed by network administrators in order to protect Internet systems from attack. Researchers have been working to implement components of intrusion detection systems (IDS), such as the highly popular Snort system, in reconfigurable hardware. While considerable progress has been made in the areas of str...
Conference Paper
Full-text available
Next generation data processing systems must deal with very high data ingest rates and massive volumes of data. Such conditions are typically encountered in the intelligence community (IC) where analysts must search through huge volumes of data in order to gather evidence to support or refute their hypotheses. Their effort is made all the more diff...
Article
Full-text available
Internet worms work by exploiting vulnerabilities in operating systems and application software that run on end systems. The attacks compromise security and degrade network performance. They cause large economic losses for businesses, in terms of system downtime and lost worker productivity. This article presents the design and implementation of a...
Conference Paper
Full-text available
In this paper, we propose an IPSec implementation on Xilinx Virtex-II Pro FPGA 1. We move the key management and negotiation into software function calls that run on the PowerPC processor core. On the data path, reconfigurable hardware logic implements time-critical functions for AES encryption and HMAC authentication. In our approach, the fast har...
Conference Paper
Full-text available
Some of the fastest practical algorithms for IP route lookup are based on space-efficient encodings of multi-bit tries (M. Degermark, et al., 1997, W. Eatherton, 1999). Unfortunately, the time required by these algorithms grows in proportion to the address length, making them less attractive for IPv6. This paper describes and evaluates a new data s...
Conference Paper
Full-text available
High-speed packet content inspection and filtering devices rely on a fast multi-pattern matching algorithm which is used to detect predefined keywords or signatures in the packets. Multi-pattern matching is known to require intensive memory accesses and is often a performance bottleneck. Hence specialized hardware-accelerated algorithms are being d...
Conference Paper
We present a novel radio interference based sensor localization method for wireless sensor networks. The technique relies on a pair of nodes emitting radio waves simultaneously at slightly different frequencies. The carrier frequency of the composite ...
Conference Paper
Full-text available
Hash tables are fundamental components of several network processing algorithms and applications, including route lookup, packet classification, per-flow state management and network monitoring. These applications, which typically occur in the data-path of high-speed routers, must process and forward packets with little or no buffer, making it impo...
Conference Paper
Full-text available
Using FPGA technology for real-time network intrusion detection has gained many research efforts recently. In this paper, a novel packet classification architecture called BV-TCAM is presented, which is implemented for an FPGA-based Network Intrusion Detection System (NIDS). The classifier can report multiple matches at gigabit per second network l...
Conference Paper
High-performance rule processing systems are needed by network administrators in order to protect Internet systems from attack. Researchers have been working to implement components of Intrusion Detection Systems, such as the highly popular Snort system, in reconfigurable hardware. While considerable progress has been made in the areas of string ma...