Tribeca: A System for Managing Large Databases of Network Traffic

The engineers who analyze tra c on high bandwidth networks must lter and aggregate either recorded traces of network packets or live tra c from the network itself. These engineers perform operations similar to database queries, but cannot use conventional data managers because of performance concerns and a semantic mismatch between the analysis operations and the operations supported by commercial DBMSs. Tra c analysis does not require fast random access, transactional update, or relational joins. Rather, it needs fast sequential access to a stream of tra c records and the ability to lter, aggregate, de ne windows, demultiplex, and remultiplex the stream. Tribeca is an extensible, stream-oriented DBMS designed to support network tra c analysis. It combines ideas from temporal and sequence databases with an implementation optimized for databases stored on high speed ID-1 tapes or arriving in real time from the network. The paper describes Tribeca's query language, executor and optimizer as well as performance measurements of a prototype implementation.