惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V
V2EX - 技术
D
DataBreaches.Net
阮一峰的网络日志
阮一峰的网络日志
Recent Announcements
Recent Announcements
V
V2EX
Hugging Face - Blog
Hugging Face - Blog
T
The Exploit Database - CXSecurity.com
Simon Willison's Weblog
Simon Willison's Weblog
Cisco Talos Blog
Cisco Talos Blog
Microsoft Security Blog
Microsoft Security Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
K
Kaspersky official blog
F
Fortinet All Blogs
GbyAI
GbyAI
Forbes - Security
Forbes - Security
The Cloudflare Blog
博客园 - 司徒正美
博客园_首页
量子位
Schneier on Security
Schneier on Security
G
GRAHAM CLULEY
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
P
Proofpoint News Feed
N
News | PayPal Newsroom
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 聂微东
T
Tor Project blog
V
Vulnerabilities – Threatpost
Y
Y Combinator Blog
Jina AI
Jina AI
Help Net Security
Help Net Security
T
Threat Research - Cisco Blogs
Recent Commits to openclaw:main
Recent Commits to openclaw:main
C
Cybersecurity and Infrastructure Security Agency CISA
Project Zero
Project Zero
N
News and Events Feed by Topic
I
Intezer
B
Blog
美团技术团队
C
CERT Recently Published Vulnerability Notes
NISL@THU
NISL@THU
L
LINUX DO - 最新话题
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Blog — PlanetScale
Blog — PlanetScale
AWS News Blog
AWS News Blog
T
Tailwind CSS Blog
The Last Watchdog
The Last Watchdog
雷峰网
雷峰网
有赞技术团队
有赞技术团队

The Practical Developer

The Libuv Thread Pool Trap: Why Node.js Async APIs Stall Under Load Postgres Covering Indexes with INCLUDE: Eliminate Heap Fetches on Read-Heavy Workloads Postgres DISTINCT ON: The Fastest Way to Get the Latest Row Per Group Postgres Transaction Isolation: The Anomalies Your App Actually Faces in Production Linux TCP Tuning for Node.js Microservices: The Kernel Settings That Stop Silent Connection Drops Under Load Postgres HOT Updates and Fillfactor: Why Not All Writes Are Created Equal Database Connection Pool Leaks: Finding the Promise That Never Returns Its Seat Linux OOM Killer in Production: Why Your Node.js Containers Die Without a Stack Trace Postgres Materialized Views: Refresh Strategies That Do Not Lock Your Dashboards API Dependency Health Checks: Why /health Is Not Enough Authorization with Zanzibar Tuples: How Google Manages Permissions and How To Build the Same Check in Node.js Postgres Advisory Locks: The 20-Character Primitive That Replaces Redis for Coordination Dead Letter Queues: The Message Queue Pattern That Saves You at 2 a.m. File Descriptor Exhaustion: The Kernel Limit That Silently Drops Node.js Connections Graceful Degradation: The Pattern That Turns Total Outages into Partial Success PostgreSQL Full-Text Search: Dropping Elasticsearch for 90% of Use Cases S3 Presigned Multipart Uploads: Stop Your API Server from Being a File Upload Bottleneck MessagePack vs JSON: The Binary Serialization Switch That Cut Our Internal RPC Overhead by 40% DNS Caching in Node.js: The Silent Cause of Production Latency Spikes Reliable Cron Jobs: The Pattern That Stops Double Runs, Missed Executions, And The 2 AM Page GraphQL Query Complexity: Stop the OOM Query Before It Reaches Your Resolver Node.js Event Loop Lag: The Hidden Metric Behind Random Latency Spikes API Request Validation with Zod: The Schema That Catches Bad Input Before It Corrupts Your Database Load Shedding in Node.js: How to Reject Traffic Before You Drown Request Hedging: Cut Tail Latency In Half Without Overprovisioning Git Bisect: The Automated Binary Search That Finds Breaking Commits in Minutes Node.js Garbage Collection Tuning: Stop Letting V8 Pause Your Event Loop Node.js Server Timeouts: The Settings That Stop Slow Clients from Holding Sockets Hostage Postgres BRIN Indexes: The Time-Series Secret That Shrinks Indexes by 99% Event Sourcing with PostgreSQL: The Pragmatic 80% Solution Node.js Cluster Mode: Scaling the Event Loop Across CPU Cores Postgres Partial Indexes: Stopping Soft Deletes from Ruining Your Query Performance Request Coalescing with the Singleflight Pattern: Stop Drowning Your Database on Every Cache Miss The Bulkhead Pattern: Why One Slow Endpoint Should Not Drown Your Whole Service Node.js AsyncLocalStorage: End-to-End Request Context Without the Propagation Hell Postgres Deadlocks: Logging the Victim, Reproducing the Race, and Fixing the Lock Order Your Node.js HTTP Client Is the Bottleneck: Connection Pool Tuning That Works Optimistic Locking in Postgres: Stop Losing Data to Race Conditions Postgres Read Replicas: Stop Serving Stale Data to Your Users Cursor Pagination: Why Offset Queries Explode at Scale and How to Fix Them Node.js Worker Threads: 60 Lines That Stop a CSV Upload from Timing Out Every Other Request Reliable Webhook Delivery: Architecture for Outbound HTTP You Can Trust Request Timeouts and Deadline Propagation: Stop the Chain of Slowness Advanced Security Practices in Node.js Graceful Shutdown in Node.js: The 40 Lines That Stop 502s During Deploys Finding Node.js Memory Leaks with Heap Snapshots Idempotency Keys in 30 Lines: Stop Your Webhook From Charging Customers Twice Backpressure In Node.js: The Fix For Slow-Motion Queue Meltdowns Retries Done Right: Jitter, Budgets, and the Stampede You Did Not See Coming The Cache Stampede: Why Your "Just Add Redis" Layer Crashes Postgres at 3 a.m. Postgres SKIP LOCKED: An 80-Line Job Queue You Can Run Without Redis Stop Doing Work Nobody Wants: AbortController in Node.js, Done Right The N+1 Query Problem: We Found 23 In One Codebase And Killed Every One I Tried 5 AI Coding Tools for a Month. Here Is What I Actually Use CI/CD From Zero to Production in 30 Minutes With GitHub Actions Node.js vs Bun vs Deno: Which Runtime Should You Pick in 2025? Kubernetes Resource Requests And Limits: The Numbers That Decide If Your Cluster Is Stable The Three Pillars of Observability Are A Myth: What Actually Matters In Production pnpm Vs npm Vs yarn Vs Bun For Monorepos: Which One Earns The Migration In 2024 JSONB Indexing In Postgres: GIN Vs Expression Indexes, And When Each Is The Right Choice A Code Review Checklist That Ends The Same Three Arguments Every Sprint gRPC Vs REST In 2024: When The Switch Pays For Itself React Suspense For Data Fetching: The Pattern That Replaces Half Your Loading State Code The Five-Stage Rollout: How To Ship A Risky Change Without Holding Your Breath GitHub Actions In A Monorepo: Caching, Path Filters, And Secret Boundaries That Actually Work The Blameless Postmortem That Actually Improves Things: A Template And Six Hard-Won Rules Recursive CTEs In Postgres: How To Query A Tree Without N Round Trips Node.js Streams: When They Actually Help, And When They Just Add Complexity Playwright Vs Cypress In 2024: The Honest Comparison Of Which One Earns The Test Time React Server Components: The Mental Model That Makes The "use client" Boundary Obvious Pod Disruption Budgets: The K8s Object That Keeps Your Service Up During Cluster Maintenance Postgres LISTEN/NOTIFY: The Pub/Sub You Already Have And Are Not Using Chaos Engineering Starter Kit: The Five Drills That Don't Need Netflix-Scale Spec-Driven API Development With OpenAPI: How To Stop Drifting From Your Docs Saga Pattern vs Two-Phase Commit: Distributed Transactions Without The Lies Kubernetes Autoscaling Beyond CPU: The Custom-Metric HPA Pattern That Actually Works Postgres Partitioning For Time-Series: The Boring Setup That Saves Your Database Distributed Locks With Redis: An Honest Look At Redlock And When You Don't Need It HTTP/2 vs HTTP/3: What Actually Changes For Your App, And What Doesn't Image Optimization For The Web In 2023: srcset, AVIF, And The Lighthouse Score You Actually Want Kafka vs RabbitMQ: A Decision Tree That Doesn't Hate You Flame Graphs: How To Find The Slow Function In 30 Seconds Without Profiling Theatre Postgres Streaming Vs. Logical Replication: Which One Solves Your Actual Problem ESLint Rules That Earn Their Keep: The Twelve I Enable On Every Project Pre-Commit Hooks That Pay For Themselves: Husky, lint-staged, And The Five Rules That Stick Zero-Downtime Database Migrations: The Six-Step Pattern That Rules Them All Circuit Breakers In Node.js: 50 Lines That Stop A Failing Dependency From Taking Down Your Service Postgres VACUUM Is Not Magic: How Your Hot Table Bloats To 80GB And How To Fix It Kubernetes Liveness And Readiness Probes: The Difference That Causes Half Your Outages Rate Limiting In Production: A Token Bucket In 30 Lines Of Redis The Outbox Pattern: How To Stop Losing Events When Postgres And Kafka Disagree Load Testing With k6: The Three Scenarios That Find Real Bugs (Not Synthetic Numbers) Postgres Row-Level Security For Multi-Tenant Apps: The Pattern That Stops You From Leaking Data Rebase vs. Merge: The Team Policy That Ends The Argument Forever OpenTelemetry in Node.js: Distributed Tracing That Actually Helps During an Incident Feature Flags That Pay Rent: The 4 Flag Types And When To Delete Each ETag, Last-Modified, and the Caching Headers Most APIs Get Wrong Connection Pooling Without the Cargo Cult: pgbouncer in 100 Lines of Config JSONB Is Not a Schema: When To Reach For It in Postgres, And When To Stop Bash Strict Mode: The Three Lines That Stop Your Deploy Script From Lying To You
UUID vs Bigint Primary Keys In Postgres: The Index Math That Decides For You
The Practica · 2023-06-23 · via The Practical Developer

The team is starting a new service. Somebody asks “UUIDs or bigints for primary keys?” and a 90-minute argument breaks out. One side wants UUIDs because “they’re distributed-friendly” and “you can generate them client-side.” The other side wants bigints because “they’re 8 bytes” and “indexes are smaller.”

Both sides are partly right. The actual differences are measurable, not philosophical, and depend on which UUID variant you use. UUID v4 (random) is meaningfully more expensive than bigint. UUID v7 (time-ordered) closes most of the gap. There is also a “use both” pattern that gets you the benefits of each.

This post is the actual numbers, the index math behind them, and the decision criteria that I have used on multiple production systems.

The space cost

A bigint is 8 bytes. A UUID is 16 bytes. Doubling the primary key size has compounding effects:

ComponentbigintUUID
The PK column itself8 B/row16 B/row
Each foreign key referencing it8 B/row16 B/row
The PK index~30 B/row~50 B/row
Each FK index~30 B/row~50 B/row

A typical OLTP table has 3-5 indexes that include the PK or an FK. Going from bigint to UUID adds roughly 100-200 bytes per row across all indexes. At 100 million rows, that is 10-20 GB more on disk. Not a deal breaker, but real.

For working-set memory: index pages cached in shared_buffers mean fewer rows fit in cache. If your hot working set was 10 GB on bigint, it is ~13 GB on UUID. Same RAM = lower cache hit rate.

The insert cost (random UUIDs are the killer)

This is the bigger surprise for teams adopting UUID v4. Random UUIDs destroy the locality of B-tree inserts.

A bigint primary key from a sequence is monotonically increasing. New inserts always land at the right edge of the index. Postgres only has to keep the rightmost few pages in cache; older pages can sit on disk forever.

A random UUID primary key (v4) inserts uniformly across the entire index. To insert one row, Postgres has to load some random page from disk, modify it, write it back. As the table grows beyond cache, every insert becomes a disk read and a disk write.

The benchmark numbers I’ve measured on a 100M-row table with NVMe storage:

PK typeInserts/sec
bigint serial22,000
UUID v4 (random)6,500
UUID v7 (time-ordered)19,500

UUID v4 is ~3.5× slower for inserts at scale. UUID v7, which is sortable by time, is within 12% of bigint.

For lookups (WHERE id = ?), the difference is small; both keys have efficient B-tree access. The cost is in inserts, not reads.

What is UUID v7?

UUID v7 (specified in 2024 but widely supported earlier) is a UUID variant where the first 48 bits are a Unix timestamp in milliseconds and the rest is random. Two new UUIDs generated a millisecond apart sort lexicographically by time.

018d4a26-3a1f-7234-a8c4-12345678abcd
└── timestamp ──┘└── random (~74 bits) ──┘

This makes UUID v7 almost as friendly to B-tree indexes as a bigint sequence. New rows still cluster at the right edge. Cache locality is preserved.

Postgres does not have UUID v7 generation built in (yet; RFC 9562 is recent), but it is one Postgres function:

CREATE OR REPLACE FUNCTION uuid_v7() RETURNS uuid AS $$
  SELECT encode(
    overlay(
      uuid_send(gen_random_uuid())
      placing substring(int8send(floor(extract(epoch FROM clock_timestamp()) * 1000)::bigint) from 3)
      from 1 for 6
    ),
    'hex'
  )::uuid;
$$ LANGUAGE sql VOLATILE;

For Node.js, uuidv7 is the standard package. Most modern languages have a library now.

When bigint is the right answer

Use bigint primary keys when:

  • The keys are server-generated only (no client-side ID generation needed).
  • Your database is single-region and you do not anticipate cross-region merging.
  • You do not expose IDs in URLs (or you do not care about enumeration risk).
  • Maximum insert throughput matters.

Almost every internal-facing service fits this. Bigint is the default for a reason.

When UUID is the right answer

Use UUIDs when:

  • Clients (browsers, mobile apps) generate IDs to avoid round-trips (“optimistic create”).
  • You want to merge data across systems without ID collisions (multi-region, on-prem-to-cloud sync).
  • IDs are exposed in URLs and enumeration would be a privacy risk (/users/42 reveals user count; /users/<uuid> does not).
  • You are sharding and need globally-unique IDs without coordination.

If you choose UUID, choose v7. The performance difference vs v4 is too large to ignore at scale.

The “use both” pattern

Many production systems use bigint internal primary keys and UUID external identifiers. The schema:

CREATE TABLE users (
  id          bigserial PRIMARY KEY,           -- internal, fast, never exposed
  external_id uuid NOT NULL DEFAULT uuid_v7(), -- exposed in URLs / API
  ...
);
CREATE UNIQUE INDEX users_external_id ON users (external_id);

API endpoints accept and return external_id:

GET /api/users/018d4a26-3a1f-7234-...

Internal joins and foreign keys use the bigint:

CREATE TABLE orders (
  id      bigserial PRIMARY KEY,
  user_id bigint NOT NULL REFERENCES users(id),
  ...
);

You get bigint’s insert performance and small index size internally, plus UUID’s external-identifier benefits (non-enumerable URLs, client-side generation if you want it). The cost is one extra index column.

This is the design I default to when there is any chance the IDs will be public. The “small extra cost” is much cheaper than retrofitting later.

Migrating from bigint to UUID (or vice versa)

Both directions are non-trivial. The pattern is the same as any zero-downtime schema change:

  1. Add the new column nullable.
  2. Backfill existing rows.
  3. Maintain both columns from application code.
  4. Switch reads to the new column.
  5. Switch writes to use only the new column.
  6. Drop the old column and any indexes.

For tables with foreign-key references, every dependent table goes through the same process. A migration of a busy table with many FKs is a multi-week project. Pick wisely up front.

The performance gotcha most posts miss

Both bigint and UUID rely on good locality at the insert edge. If you are doing bulk inserts in random order (loading historical data, backfilling), even a bigint primary key suffers. The fix: bulk-insert in PK order. With UUID v7, generate sorted batches before insert.

For really big bulk loads, use COPY with (freeze) and pre-built indexes, or load to an unindexed staging table and INSERT ... SELECT ... ORDER BY id into the destination.

Indexing UUID columns: don’t get cute

A few patterns I have seen and would not recommend:

  • Hash indexes on UUID. USING hash is a B-tree alternative for equality lookups. Tempting for UUID columns. In practice, the B-tree is fine and supports range queries; the hash index does not. Skip.
  • Storing UUIDs as text/varchar. Doubles the storage. Always store as uuid type.
  • Custom composite UUID encodings. Some teams use a “prefix + UUID” scheme like usr_018d4a.... Fine for human readability, but store the UUID part separately and use the full string only at the API boundary.

Stick with uuid type, gen_random_uuid() for v4 or your uuid_v7() function for v7, and a normal B-tree.

Other drivers people forget

A few non-performance considerations:

Debuggability. Bigint IDs are easy to discuss in Slack (“look at user 4012”). UUIDs are not. Internal tools that show admin views often need shorter human-friendly aliases.

Logging. Searching logs for an ID like 018d4a26-3a1f-7234-a8c4-12345678abcd is fine but harder than 4012. Make sure your log indexer handles the UUID format.

Sequences and gaps. Bigint sequences leak information (“we created 1 million users this week”). UUIDs do not. For some businesses, this is a compliance reason to choose UUIDs.

Partitioning. Bigint partitions are easy (“rows with id < 1M”). UUID partitions require thinking about which bits are sortable.

The takeaway

The UUID-vs-bigint decision is not religious. The numbers behind it are clean: bigint is faster and smaller; UUID v4 is dramatically slower at scale; UUID v7 closes most of that gap. If your IDs need to be client-generated, distributed, or non-enumerable, use UUID v7. If your service is internal and single-region, use bigint.

The “use both” pattern (bigint internal, UUID external) is the design that wins more arguments than either pure choice. The next time the debate starts, propose it; it usually ends the meeting.

A note from Yojji

The kind of database design judgment that decides “bigint vs UUID” by measurement instead of fashion is the kind of long-haul backend engineering Yojji’s teams bring to client work, including the data-model decisions that compound across years of product growth.

Yojji is an international custom software development company founded in 2016, with teams across Europe, the US, and the UK. They specialize in the JavaScript ecosystem (React, Node.js, TypeScript), cloud platforms (AWS, Azure, GCP), and the database-and-API design that decides whether a system stays fast as it grows.

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。