/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
Since March 15th, Outbound IP Addresses got changed in SAP Datasphere.
This might cause connection issues.
Environment
SAP Datasphere
Resolution
Why the outbound IPS are changing
Over the course of the last maintenance window for SAP Datasphere, we were doing a major infrastructure activity to future-proof our SAP Datasphere setup, specifically around Data Flows and Replication Flows. Amongst other changes, this involved moving the respective SAP Datasphere component responsible for Data Flows and Replication Flows to a newly deployed infrastructure. This led to us not being able to keep outbound IP addresses for Data Flows and Replication Flows stable.
How will often it happen?
This was a one-time activity and concluded a major infrastructure project. We currently don't plan similar activities in the foreseeable future. However, we also cannot fully rule out future changes/additions to the outbound IP addresses we are using, and this is due to the nature of how outbound IP addresses are assigned and managed on the hyperscaler infrastructures we are using.
How is SAP informing these changes?
We unfortunately only learned very late that the upcoming change did not only have an impact on SAP Datasphere internal communication between system components (which we updated accordingly – see SAP Knowledge Base Article 3311931), but also had an impact on customers using IP allow-listing for external systems used as source or target. This is why we unfortunately were not able to provide an upfront notice for this change.
How we can avoid the impact of the Outbound IP address changes on the Allowlisted Interfaces/connections?
Based on our learnings with the mentioned infrastructure project, we are currently working on a means to handle these types of changes more routinely. We still have to find a way to not only communicate such changes between our infrastructure components but also towards customers relying on IP allow-listing. Due to the static and typically manual nature of IP allow-lists in combination with the handling of outbound IP addresses by the hyperscalers, we will need to find a disruption-free approach to earlier communicate these kinds of upcoming changes, should we plan for them. We would be happy to receive further feedback on via which channels you as a customer would be excepting to receive this kind of information in future.
Keywords
outbound, ip address , KBA , DS-DI-CON , Connections , Known Error
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)