Overview
To create a migration in Database Migration Service, connectivity must be established between the source instance and the Cloud SQL destination instance. There are various methods supported. Choose the one that works best for the specific workload.| Networking method | Description | Advantages | Disadvantages | 
|---|---|---|---|
| IP allowlist | This method works by configuring the source database server to accept connections from the outgoing IP of the Cloud SQL instance. If you choose this method, then Database Migration Service guides you through the setup process during the migration creation. | 
 | 
 | 
| Reverse-SSH tunnel via cloud hosted VM | Establishes connectivity from the destination to the source through a secure reverse SSH tunnel. Requires a bastion host VM in the Google Cloud Platform project as well as a machine (for example, a laptop on the network) that has connectivity to the source. Database Migration Service collects the required information at migration creation time, and auto-generates the script for setting it all up. | 
 | 
 | 
| VPC peering | This method works by configuring the VPCs to communicate with one another. | 
 | 
 | 
| Private Service Connect interfaces | Private Service Connect interfaces let your destination database initiate connections to the private IP of your source database without consuming peering quota. Instead, this connectivity method utilizes network attachments you create in your VPC. | 
 | 
 For more information about private services access and Private Service Connect in Cloud SQL for PostgreSQL see Private Service Connect outbound connections in the Cloud SQL documentation. | 
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-10-16 UTC.