Networking methods

Overview

To create a migration in Database Migration Service, connectivity must be established between the source instance and the Cloud SQL destination instance. There are various methods supported. Choose the one that works best for the specific workload.

Networking method Description Advantages Disadvantages
IP allowlist

This method works by configuring the source database server to accept connections from the outgoing IP of the Cloud SQL instance.

If you choose this method, then Database Migration Service guides you through the setup process during the migration creation.

  • Easy to configure.
  • Doesn't require any custom firewall configuration.
  • Recommended for short-lived migration scenarios (POC or small database migrations).
  • Network traffic occurs over the public Internet.
  • Less secure.
  • Decreased performance.
Reverse SSH tunnel through cloud-hosted VM

Establishes connectivity from the destination to the source through a secure reverse SSH tunnel.

Requires a bastion host VM in the Google Cloud Platform project as well as a machine (for example, a laptop on the network) that has connectivity to the source.

Database Migration Service collects the required information at migration creation time, and auto-generates the script for setting it all up.

  • Easy to configure.
  • Doesn't require any custom firewall configuration.
  • Recommended for short-lived migration scenarios (POC or small database migrations).
  • The Bastion VM is owned and managed by you, and may incur additional costs.
VPC-peering

This method works by configuring the VPCs to communicate with one another.

  • Native Google Cloud solution.
  • Easy to configure.
  • High bandwidth.
  • Recommended for long-running or high-volume migrations.
  • Only applicable if both the source and destination databases are hosted in Google Cloud Platform.
VPN This method works by configuring an IPSec VPN tunnel, and connecting the source network and Google Cloud VPC through a secure connection over the public Internet. Uses Google Cloud VPN or any VPN solution that's set up for the internal network.
  • Robust and scalable connectivity solution.
  • Medium-high bandwidth.
  • Security built-in.
  • Offered as a native Google Cloud Platform solution or from other 3rd parties.
  • Additional cost.
  • Non-trivial configuration (unless already in-place).
Cloud Interconnect Uses a highly available, low latency connection between the on-premises network and Google Cloud.
  • Highest bandwidth, ideal for long-running high-volume migrations.
  • Additional cost.
  • Connection is not secure by default.
  • Non-trivial configuration (unless already in-place).