Static IP Availability for Messaging Connectivity in Public Regions and Dedicated Regions

Your choice of deployment region may be affected by requirements you have for static IP addresses for your Messaging Connectivity. The availability of static IP addresses for Messaging Connectivity varies by cloud provider and whether you need static IPs for inbound or outbound Messaging Connectivity.

You may want to add static IPs to your allow list for certain Messaging Connectivity, including:

  • Inbound Messaging Connectivity originating from a source external to the event broker service. Examples of inbound Messaging Connectivity could include JCSMP and MQTT applications sending data to the event broker service.

  • Outbound Messaging Connectivity originating from the event broker service itself. Examples of outbound Messaging Connectivity could include REST Delivery Points (RDP), Kafka bridges, or Syslog Forwarding.

You may also require static IPs to use certain features, including message VPN bridges and disaster recovery, where one of the event broker services in the pair is considered the outbound connection, while the other is the inbound connection.

The following tables provide details on the availability of static IPs in Public Regions and Dedicated Regions for each of the supported primary cloud providers.

If static IPs are available for your deployment, according to the tables below, and you require them for your Messaging Connectivity, contact SAP.

Public Region Static IP Availability

Cloud Provider Are Inbound IPs Static?
(To The Event Broker Service)
Are Outbound IPs Static?
(From The Event Broker Service)
Amazon Elastic Kubernetes Service (EKS) No—The load balancer's IPs are not static. Yes—The IPs are elastic IPs (EIP) and are assigned to the network address translation (NAT) gateways. Depending on the setup of the Public Region, there can be two or three NAT gateways.
Azure Kubernetes Service (AKS) No—The load balancer's IPs are not static. No—SAP occasionally needs to add Public IPs to the load balancer used for the NAT gateway in the AKS VNets to repair secure network address translation (SNAT) exhaustion.
Google Kubernetes Engine (GKE) No—The load balancer's IPs are not static. No—SAP does not use NAT gateways in GCP Public Regions.

Dedicated Region Static IP Availability

For Dedicated Regions, the availability of static IPs depends on whether you require private or public Messaging Connectivity. See Connectivity Requirements for more information about Messaging Connectivity types. The table shows static IP availability for both private and public Messaging Connectivity.

Cloud Provider Are Inbound IPs Static?
(To the Event Broker Service)
Are Outbound IPs Static?
(From the Event Broker Service)
Private Messaging Connectivity Public Messaging Connectivity Private Messaging Connectivity Public Messaging Connectivity
Amazon Elastic Kubernetes Service (EKS) Yes—The network load balancer (NLB) assigns IPs from the virtual private clouds (VPC) CIDR range, and they do not change. No—The load balancer's IPs are not static.

Yes—The IPs assigned to the pods are from the VPCs CIDR.

If you want static IPs, a full VPC CIDR is required; otherwise the IPs assigned to the pods can change.

Yes—The IPs are elastic IPs (EIP) and are assigned to the network address translation (NAT) gateways. Depending on the setup of the Public Region, there can be two or three NAT gateways.
Azure Kubernetes Service (AKS) Yes—The Network load balancer (NLB) assigns IPs from the VNet's CIDR range, and they do not change. No—The load balancer's IPs are not static.

Yes—The IPs assigned to the worker nodes (or pods, depending on the networking option you chose) are from the VNet's CIDR.

If you want static IPs, a full VNet CIDR is required; otherwise the IPs assigned to the pods can change.

Yes—The IPs assigned to the load balancer network address translation (NAT) are static.
Google Kubernetes Engine (GKE) Yes—The network load balancer (NLB) assigns IPs from the virtual private clouds (VPC) CIDR range, and they do not change. No—The load balancer's IPs are not static.

Yes—The IPs assigned to the worker nodes (or pods, depending on the networking option you chose) are from the VPC's CIDR.

If you want static IPs, a full VPC CIDR is required, otherwise the IPs assigned to the pods can change.

Yes—Static IPs are assigned to the cloud network address translation (NAT) gateways. There are two NAT gateways in a GKE Dedicated Region.