USENIX Annual Technical Conference (NO 98), 1998
Tribeca: A System for Managing Large Databases of Network Traffic
Mark Sullivan, Juno Online Services
Andrew Heybey, Niksun, Inc.
The engineers who analyze traffic on high bandwidth networks must
filter and aggregate either recorded traces of network packets or live
traffic from the network itself. These engineers perform operations
similar to database queries, but cannot use conventional data managers
because of performance concerns and a semantic mismatch between the
analysis operations and the operations supported by commercial DBMSs.
Traffic analysis does not require fast random access, transactional
update, or relational joins. Rather, it needs fast sequential access
to a stream of traffic records and the ability to filter, aggregate,
define windows, demultiplex, and remultiplex the stream.
Tribeca is an extensible, stream-oriented DBMS designed to support
network traffic analysis. It combines ideas from temporal and
sequence databases with an implementation optimized for databases
stored on high speed ID-1 tapes or arriving in real time from the
network. The paper describes Tribeca's query language, executor and
optimizer as well as performance measurements of a prototype
- View the full text of this paper in
HTML form and
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.