Network connectivity requirements for SAP workloads on Bare Metal Servers in Classic Infrastructure

Network architecture

The IBM Cloud Classic Infrastructure network consists of three distinct and redundant network architectures that are seamlessly integrated in a secured network-within-a-network topology:

Public network

The public network provides carrier-grade internet connectivity to multi-home backbone carriers. Traffic travels directly across the IBM Cloud data center network backbone, minimizing network hops and latency.

Private network

The private network provides complete control of secured networking traffic without performance degradation. It includes:

• Host-to-host communication within private VLANs with free and unmetered bandwidth.

• Backend services access such as OS updates, NTP, DNS, network storage with free and unmetered bandwidth.

• VPN and direct connections to VLANs with free and unmetered bandwidth.

• Data center-to-data center interconnectivity with free and unmetered bandwidth.

Management network

The management network provides out-of-band management accessible through VPN or Direct Link. It enables remote console access through the Intelligent Platform Management Interface (IPMI) network interface with free and unmetered bandwidth.

Network hierarchy

The IBM Cloud Classic Infrastructure networking components are organized in the following hierarchy:

1. Global: IBM Cloud global network backbone.
2. Region: Geographic location grouping multiple data centers.
3. Data center: Physical facility within a region.
4. Data center pod: Logical grouping within a data center.
5. VLAN: Virtual LAN (public and private) specific to a data center and pod.
6. Subnet: IP address range within a VLAN (public and private).

VLANs

Virtual local area networks (VLANs) provide enterprise-grade private networks with full isolation and security. Each VLAN is either public or private and is assigned to a specific data center for a specific IBM Cloud account.

Key characteristics:

• Each VLAN is specific to a data center and pod.
• VLANs can contain multiple subnets.
• Subnets within the same VLAN can communicate by default.
• Communication between VLANs requires a Gateway Appliance.

For more information, see Getting started with VLANs and About VLANs.

Subnets

IBM Cloud Classic Infrastructure supports different types of subnets:

Primary subnets

Primary subnets are automatically assigned when resources are provisioned into public and private VLANs. They have certain limitations.

Secondary portable subnets

Secondary portable subnets append a new subnet to VLANs. They provide IP addresses that are assignable to any resource within a VLAN. They enable floating IPs across multiple resources.

Secondary static subnets (public only)

Secondary static subnets append a new subnet to a public VLAN. They provide IP addresses for assignment to a single resource by using an existing primary or portable IP as the routing endpoint.

Global IP addresses

Global IP addresses are single internet-accessible IPs from the IBM Cloud private backbone that can be assigned to any VLAN worldwide.

For SAP workloads, consider creating separate subnets for:

• SAP application and database servers.
• Management and administration systems.
• Backup and disaster recovery systems.
• Storage network traffic when using separate network interfaces.

For more information, see Getting started with subnets and IPs and About subnets and IPs.

Connectivity to on-premises networks

IBM Cloud Classic Infrastructure provides multiple connectivity options to integrate on‑premises networks.

Classic SSL VPN

Classic SSL VPN provides a basic SSL tunnel with user and password to various PoPs or data centers. It is built into IBM Cloud Classic Infrastructure. It is suitable for administrators during the initial deployment stages. It is not suitable for bulk users due to bandwidth caps.

Classic IPSec VPN

Classic IPSec VPN is a service from IBM Cloud catalog with advanced configuration options for IPsec tunnels. It is suitable for moderate bandwidth requirements.

IBM Cloud Direct Link for Classic Infrastructure

IBM Cloud Direct Link for Classic Infrastructure provides the most robust connection option, supporting up to 10 Gbps as a routed OSI Layer‑2/3 connection. It is designed for enterprise workload connectivity. It is available in two types:

• Direct Link Dedicated: Provides a direct fiber connection to IBM Cloud.

• Direct Link Connect: Provides connectivity through supported network service providers.

For more information, see Direct Link 1.0. To find network service providers from your location, use Cloud Pathfinder for IBM Cloud.

Connectivity to VPC infrastructure

IBM Cloud Classic Infrastructure can connect to IBM Cloud VPC infrastructure through:

IBM Cloud Transit Gateway

IBM Cloud Transit Gateway provides flexible connectivity between IBM Cloud Classic Infrastructure and IBM Cloud VPC with increased routing capabilities. It is recommended for complex multi-environment architectures.

IBM Cloud VPC Classic Access

IBM Cloud VPC Classic Access provides a one-to-one association between IBM Cloud VPC and IBM Cloud Classic Infrastructure. It is a simpler setup for basic connectivity needs.

All options require upgrading the IBM Cloud account to be VRF-enabled.

For more information, see Setting up access to Classic infrastructure and Getting started with IBM Cloud Transit Gateway.

Traffic segregation

Multiple VLANs and subnets are used to separate different types of network traffic:

• Subnets within VLANs provide basic traffic separation.
• Additional VLANs are used when strict isolation is required.
• Gateway Appliances control traffic flow between VLANs.
• Multiple network interfaces support traffic segregation and performance optimization.

Traffic segregation strategies include:

• Separating production and non-production traffic.
• Isolating storage I/O traffic to dedicated network interfaces.
• Dedicating network paths for SAP HANA inter-node communication.
• Separating backup traffic from production traffic.