The engineers who analyze traffic on high bandwidth networks must filter and aggregate either recorded traces of network packets or live traffic from the network itself. These engineers perform operations similar to database queries, but cannot use conventional data managers because of performance concerns and a semantic mismatch between the analysis operations and the operations supported by commercial DBMSs. Traffic analysis does not require fast random access, transactional update, or relational joins. Rather, it needs fast sequential access to a stream of traffic records and the ability to filter, aggregate, define windows, demultiplex, and remultiplex the stream.
Tribeca is an extensible, stream-oriented DBMS designed to support
network traffic analysis. It combines ideas from temporal and
sequence databases with an implementation optimized for databases
stored on high speed ID-1 tapes or arriving in real time from the
network. The paper describes Tribeca's query language, executor and
optimizer as well as performance measurements of a prototype
implementation.