UUID collision

I have seen a genuine UUID (v4) collision. For real.

UUIDv4 has 122 random bits. And we were tagging with them - a request, a customer, a server. The volume of new customers we sign was not a problem (I wish ;) ), neither was the number of servers provisioned (thankfully). Even the number of HTTP requests in a day - if you do an approximation for the probability of collision - is not anywhere close to be a problem. With a year of a trillion a day requests you will only get to 1 in a trillion chance to have a collision.

And we were not a one trillion a day requests kind of an application.

And yet it happened.

A developer posted a log line to the chat. It was a error they needed help with. It had a request UUID in the line.

And then the chat bot woke up and told "UUID x is customer A". And indeed it was. It was that customer's UUID.

Of course the request had nothing to do with this customer. It was from a different region, and the customer was on old record who is no longer active and doing anything at all. But the bot was not mistaken. Its purpose in live was to do customer UUID lookup and it did just that. It found a match and it woke up to announce it.

The chat went silent.

One thing to be constantly reminded that even a low probability event can happen. The other is to witness it firsthand.

Posted On


Tags: /