From 470bbf5501fc5afbb2b084c86ccc1e0184292a5b Mon Sep 17 00:00:00 2001
From: Martin Skorupski <martin.skorupski@highstreet-technologies.com>
Date: Sun, 14 May 2023 12:35:12 +0200
Subject: [PATCH] Split SMO network from telecom network

The communication between simulated network and
SMO components uses FQDN only.

SMO NBI networks are separated from SMO SBIs.

Issue-ID: OAM-336
Change-Id: Ie36ac8451d9186e61c93908bbcd653a631c3efc7
Signed-off-by: Martin Skorupski <martin.skorupski@highstreet-technologies.com>
---
 solution/README-O-RU-Controller.md          |  6 ++-
 solution/README.md                          |  6 ++-
 solution/network/.env                       | 20 +++++-----
 solution/network/config.py                  |  6 +--
 solution/network/docker-compose.yml         | 23 ++++++-----
 solution/smo/apps/docker-compose.yml        |  8 ++--
 solution/smo/apps/flows/data/.sessions.json |  2 +-
 solution/smo/apps/flows/data/flows.json     |  8 ++--
 solution/smo/common/.env                    | 12 ++----
 solution/smo/common/docker-compose.yml      | 44 +++++++++++++++-----
 solution/smo/oam/.env                       | 12 ------
 solution/smo/oam/docker-compose.yml         | 62 +++++++++++++++++++----------
 12 files changed, 120 insertions(+), 89 deletions(-)

diff --git a/solution/README-O-RU-Controller.md b/solution/README-O-RU-Controller.md
index 8d81611..c652f1e 100644
--- a/solution/README-O-RU-Controller.md
+++ b/solution/README-O-RU-Controller.md
@@ -83,9 +83,11 @@ $ cat /etc/hosts
 <deployment-system-ipv4>           gateway.smo.o-ran-sc.org
 <deployment-system-ipv4>          identity.smo.o-ran-sc.org
 <deployment-system-ipv4>          messages.smo.o-ran-sc.org
-<deployment-system-ipv4> ves-collector.oam.smo.o-ran-sc.org
 <deployment-system-ipv4>         odlux.oam.smo.o-ran-sc.org
-<deployment-system-ipv4>    controller.oam.smo.o-ran-sc.org
+<deployment-system-ipv4>         flows.oam.smo.o-ran-sc.org
+<deployment-system-ipv4>         tests.oam.smo.o-ran-sc.org
+<deployment-system-ipv4> ves-collector.dcn.smo.o-ran-sc.org
+<deployment-system-ipv4>    controller.dcn.smo.o-ran-sc.org
 
 ```
 
diff --git a/solution/README.md b/solution/README.md
index d01e664..20f38d6 100644
--- a/solution/README.md
+++ b/solution/README.md
@@ -118,9 +118,11 @@ $ cat /etc/hosts
 <deployment-system-ipv4>           gateway.smo.o-ran-sc.org
 <deployment-system-ipv4>          identity.smo.o-ran-sc.org
 <deployment-system-ipv4>          messages.smo.o-ran-sc.org
-<deployment-system-ipv4> ves-collector.oam.smo.o-ran-sc.org
 <deployment-system-ipv4>         odlux.oam.smo.o-ran-sc.org
-<deployment-system-ipv4>    controller.oam.smo.o-ran-sc.org
+<deployment-system-ipv4>         flows.oam.smo.o-ran-sc.org
+<deployment-system-ipv4>         tests.oam.smo.o-ran-sc.org
+<deployment-system-ipv4>    controller.dcn.smo.o-ran-sc.org
+<deployment-system-ipv4> ves-collector.dcn.smo.o-ran-sc.org
 
 ```
 
diff --git a/solution/network/.env b/solution/network/.env
index 56d92e2..5a10558 100644
--- a/solution/network/.env
+++ b/solution/network/.env
@@ -14,29 +14,29 @@
 # limitations under the License.
 #
 
-COMPOSE_PROJECT_NAME=o-ran-sc-h-release
 HOST_IP=aaa.bbb.ccc.ddd
+# NETWORK_SUBNET_DCN_IPv4=172.60.0.0/24
+NETWORK_SUBNET_DCN_IPv6=2001:db8:1:60::/96
 
 # Credentials
 ADMIN_USERNAME=admin
 ADMIN_PASSWORD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
 
+# gateway network implemented by traefik
+GATEWAY_DOMAIN=smo.o-ran-sc.org
+
 # SDN Controller
-SDNC_REST_PORT=8181
-SDNC_OAM_IPv4=172.50.0.23
-SDNC_OAM_IPv6=2001:db8:1:50::23
-SDNC_OAM_HOST=controller.oam.smo.o-ran-sc.org
 SDN_CONTROLLER_PROTOCOL=https
+SDNC_DCN_HOST=controller.dcn.smo.o-ran-sc.org
+SDNC_REST_PORT=443
 SDN_CONTROLLER_CALLHOME_SSH_PORT=4334
 SDN_CONTROLLER_CALLHOME_TLS_PORT=4335
 
 # VES Collector
-VES_COLLECTOR_OAM_IPv4=172.50.0.27
-VES_COLLECTOR_OAM_IPv6=2001:db8:1:50::27
-VES_COLLECTOR_OAM_HOST=ves-collector.oam.smo.o-ran-sc.org
-VES_COMMON_HEADER_VERSION=7.2.1
 VES_ENDPOINT_PROTOCOL=https
+VES_COLLECTOR_DCN_HOST=ves-collector.dcn.smo.o-ran-sc.org
 VES_ENDPOINT_PORT=443
+VES_COMMON_HEADER_VERSION=7.2.1
 VES_ENDPOINT_AUTH_METHOD=basic-auth
 VES_ENDPOINT_USERNAME=sample1
 VES_ENDPOINT_PASSWORD=sample1
@@ -45,7 +45,7 @@ VES_ENDPOINT_PASSWORD=sample1
 NEXUS3_DOCKER_REPO=nexus3.o-ran-sc.org:10004/o-ran-sc/
 LOCAL_DOCKER_REPO=o-ran-sc/
 NTS_MANAGER_PORT=8300
-NTS_BUILD_VERSION=1.6.2
+NTS_BUILD_VERSION=1.8.0
 
 IPv6_ENABLED=true
 SSH_CONNECTIONS=1
diff --git a/solution/network/config.py b/solution/network/config.py
index a717dbb..c89cb1e 100644
--- a/solution/network/config.py
+++ b/solution/network/config.py
@@ -36,9 +36,9 @@ dockerFilter = subprocess.check_output("docker ps --format '{{.Names}}'", shell=
 containers = dockerFilter.splitlines()
 
 mapping = dict({"ntsim-ng-o-ru": "O-RU", "ntsim-ng-o-du": "O-DU"})
-base = get_environment_variable('SDN_CONTROLLER_PROTOCOL') + '://' + get_environment_variable('SDNC_OAM_HOST')
-username = 'admin'
-password = 'Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U'
+base = get_environment_variable('SDN_CONTROLLER_PROTOCOL') + '://' + get_environment_variable('SDNC_DCN_HOST')
+username = get_environment_variable('ADMIN_USERNAME')
+password = get_environment_variable('ADMIN_PASSWORD')
 
 # REST to set event settings
 def configEventSettings(nfName, nfType):
diff --git a/solution/network/docker-compose.yml b/solution/network/docker-compose.yml
index 9fd388e..d8e2ed9 100755
--- a/solution/network/docker-compose.yml
+++ b/solution/network/docker-compose.yml
@@ -29,13 +29,14 @@ x-common_env: &common_env
     NTS_HOST_TRANSFER_SFTP_BASE_PORT: ${NTS_HOST_TRANSFER_SFTP_BASE_PORT}
 
     SDN_CONTROLLER_PROTOCOL: ${SDN_CONTROLLER_PROTOCOL}
-    SDN_CONTROLLER_IP: ${SDNC_OAM_HOST}
+    SDN_CONTROLLER_IP: ${SDNC_DCN_HOST}
+    SDN_CONTROLLER_CALLHOME_IP: ${SDNC_DCN_HOST}
     SDN_CONTROLLER_USERNAME: ${ADMIN_USERNAME}
     SDN_CONTROLLER_PASSWORD: ${ADMIN_PASSWORD}
 
     VES_COMMON_HEADER_VERSION: ${VES_COMMON_HEADER_VERSION}
     VES_ENDPOINT_PROTOCOL: ${VES_ENDPOINT_PROTOCOL}
-    VES_ENDPOINT_IP: ${VES_COLLECTOR_OAM_HOST}
+    VES_ENDPOINT_IP: ${VES_COLLECTOR_DCN_HOST}
     VES_ENDPOINT_PORT: ${VES_ENDPOINT_PORT}
     VES_ENDPOINT_AUTH_METHOD: ${VES_ENDPOINT_AUTH_METHOD}
     VES_ENDPOINT_USERNAME: ${VES_ENDPOINT_USERNAME}
@@ -54,9 +55,8 @@ x-topo-env: &topo_env
 x-nf: &common_nf
     stop_grace_period: 5m
     extra_hosts:
-      - "identity.smo.o-ran-sc.org:${HOST_IP}"
-      - "controller.oam.smo.o-ran-sc.org:${HOST_IP}"
-      - "ves-collector.oam.smo.o-ran-sc.org:${HOST_IP}"
+      - "controller.dcn.${GATEWAY_DOMAIN}:${HOST_IP}"
+      - "ves-collector.dcn.${GATEWAY_DOMAIN}:${HOST_IP}"
     cap_add:
     - SYS_ADMIN
     - SYS_PTRACE
@@ -98,7 +98,6 @@ services:
         - ./ntsim-ng-o-ru/o-ru-11221/ietf-interfaces-operational.xml:/opt/dev/deploy/data/ietf-interfaces-operational.xml
         - ./ntsim-ng-o-ru/o-ru-11221/ietf-interfaces-running.xml:/opt/dev/deploy/data/ietf-interfaces-running.xml
     environment:
-        SDN_CONTROLLER_CALLHOME_IP: ${SDNC_OAM_IPv4}
         SDN_CONTROLLER_CALLHOME_PORT: ${SDN_CONTROLLER_CALLHOME_SSH_PORT}
         <<: [*common_env, *ru_env]
 
@@ -114,7 +113,6 @@ services:
         - ./ntsim-ng-o-ru/o-ru-11222/ietf-interfaces-operational.xml:/opt/dev/deploy/data/ietf-interfaces-operational.xml
         - ./ntsim-ng-o-ru/o-ru-11222/ietf-interfaces-running.xml:/opt/dev/deploy/data/ietf-interfaces-running.xml
     environment:
-        SDN_CONTROLLER_CALLHOME_IP: ${SDNC_OAM_IPv6}
         SDN_CONTROLLER_CALLHOME_PORT: ${SDN_CONTROLLER_CALLHOME_SSH_PORT}
         <<: [*common_env, *ru_env]
 
@@ -130,7 +128,6 @@ services:
         - ./ntsim-ng-o-ru/o-ru-11223/ietf-interfaces-operational.xml:/opt/dev/deploy/data/ietf-interfaces-operational.xml
         - ./ntsim-ng-o-ru/o-ru-11223/ietf-interfaces-running.xml:/opt/dev/deploy/data/ietf-interfaces-running.xml
     environment:
-        SDN_CONTROLLER_CALLHOME_IP: ${SDNC_OAM_IPv4}
         SDN_CONTROLLER_CALLHOME_PORT: ${SDN_CONTROLLER_CALLHOME_TLS_PORT}
         <<: [*common_env, *ru_env]
 
@@ -146,11 +143,15 @@ services:
         - ./ntsim-ng-o-ru/o-ru-11223/ietf-interfaces-operational.xml:/opt/dev/deploy/data/ietf-interfaces-operational.xml
         - ./ntsim-ng-o-ru/o-ru-11223/ietf-interfaces-running.xml:/opt/dev/deploy/data/ietf-interfaces-running.xml
     environment:
-        SDN_CONTROLLER_CALLHOME_IP: ${SDNC_OAM_IPv6}
         SDN_CONTROLLER_CALLHOME_PORT: ${SDN_CONTROLLER_CALLHOME_TLS_PORT}
         <<: [*common_env, *ru_env]
 
 networks:
     default:
-        name: oam
-        external: true
+        driver: bridge
+        name: network
+        enable_ipv6: true
+        ipam:
+            driver: default
+            config:
+            - subnet:  ${NETWORK_SUBNET_DCN_IPv6}
diff --git a/solution/smo/apps/docker-compose.yml b/solution/smo/apps/docker-compose.yml
index e3a60e3..7820854 100644
--- a/solution/smo/apps/docker-compose.yml
+++ b/solution/smo/apps/docker-compose.yml
@@ -14,12 +14,12 @@ services:
       APP_SOURCE: ${APP_SOURCE}
       APP_NETWORK_FUNCTION_ID: ${APP_NETWORK_FUNCTION_ID}
       SDN_CONTROLLER_PROTOCOL: https
-      SDN_CONTROLLER_HOST: controller.oam.${SOLUTION_DOMAIN}
+      SDN_CONTROLLER_HOST: controller.dcn.${SOLUTION_DOMAIN}
       SDN_CONTROLLER_PORT: 443
       SDN_CONTROLLER_USERNAME: ${ADMIN_USERNAME}
       SDN_CONTROLLER_PASSWORD: ${ADMIN_PASSWORD}
       VES_ENDPOINT_PROTOCOL: https
-      VES_ENDPOINT_HOST: ves-collector.oam.${SOLUTION_DOMAIN}
+      VES_ENDPOINT_HOST: ves-collector.dcn.${SOLUTION_DOMAIN}
       VES_ENDPOINT_PORT: 443
       VES_ENDPOINT_AUTH_METHOD: ${VES_ENDPOINT_AUTH_METHOD}
       VES_ENDPOINT_USERNAME: ${VES_ENDPOINT_USERNAME}
@@ -37,8 +37,8 @@ services:
     volumes:
       - ./flows/data:/data
     networks:
-      smo:
+      dmz:
 
 networks:
-  smo:
+  dmz:
     external: true
\ No newline at end of file
diff --git a/solution/smo/apps/flows/data/.sessions.json b/solution/smo/apps/flows/data/.sessions.json
index 2ab160f..7465973 100644
--- a/solution/smo/apps/flows/data/.sessions.json
+++ b/solution/smo/apps/flows/data/.sessions.json
@@ -1 +1 @@
-{"wMn2YBLgm/twWOxiqN476VqJQSp3lnisGyhE3N6eCNr/iiyyrMZaoB4x3YZJrfMln2h5jjryg3QWphRbqVvfWexsxsl/QEDLST/gbksuklDRRCjdU4Mpb2x84wP3XB6lt7yfaSJyahX0itEcYAJBxjidxx6puieqzEmREjfxIZE=":{"user":"admin","client":"node-red-editor","scope":"*","accessToken":"wMn2YBLgm/twWOxiqN476VqJQSp3lnisGyhE3N6eCNr/iiyyrMZaoB4x3YZJrfMln2h5jjryg3QWphRbqVvfWexsxsl/QEDLST/gbksuklDRRCjdU4Mpb2x84wP3XB6lt7yfaSJyahX0itEcYAJBxjidxx6puieqzEmREjfxIZE=","expires":1683209440148}}
\ No newline at end of file
+{"u2HZpR5BJG6q05WE7ojMTSvrINjM0QJq2OgJci7B55HWTVVUvUERXtqfEapC5PX3Kw2Qcgxqfz/Qgrg3WhiygX72HCB1xNXptE01s+CPA/jt1g3iqN0ZNY1k7wJt4GgtN0d6IIZRzSpe8ZL5x8Opx38DChex8gn+cK0dYURU398=":{"user":"admin","client":"node-red-editor","scope":"*","accessToken":"u2HZpR5BJG6q05WE7ojMTSvrINjM0QJq2OgJci7B55HWTVVUvUERXtqfEapC5PX3Kw2Qcgxqfz/Qgrg3WhiygX72HCB1xNXptE01s+CPA/jt1g3iqN0ZNY1k7wJt4GgtN0d6IIZRzSpe8ZL5x8Opx38DChex8gn+cK0dYURU398=","expires":1684318736958},"bogJaMH12Ns6tIkYVXcnpEr29RFgftKQ0y7H4bWFI4VHP++LTHcOc4EsUU9Z/XFaTJR6t2TPG55PZhzDk8v4WunJ38AFDIToq8KRdfJDAMQqSCMJMTmgHupLS5iECJvS8YJQgRW3CHe+2qsQWtWuZmlJUcBu0fwYdTKtz0+ShVw=":{"user":"admin","client":"node-red-editor","scope":"*","accessToken":"bogJaMH12Ns6tIkYVXcnpEr29RFgftKQ0y7H4bWFI4VHP++LTHcOc4EsUU9Z/XFaTJR6t2TPG55PZhzDk8v4WunJ38AFDIToq8KRdfJDAMQqSCMJMTmgHupLS5iECJvS8YJQgRW3CHe+2qsQWtWuZmlJUcBu0fwYdTKtz0+ShVw=","expires":1684659878559},"WNTOBijmJOK5hvKQVxq41zeBhRKx7BHw8piBsFQfrri1y66NPbs6GrB0xRjsEaRAOe3q3ZapY79zosrc3DYlCV6U3nY5JbHRGJbJYOhxyBiIP1iY8OjcFmkrK0u49vQYNR530gSjCENx5WSMqBGth0+mxYp8GdY/Lig4u9prOBw=":{"user":"admin","client":"node-red-editor","scope":"*","accessToken":"WNTOBijmJOK5hvKQVxq41zeBhRKx7BHw8piBsFQfrri1y66NPbs6GrB0xRjsEaRAOe3q3ZapY79zosrc3DYlCV6U3nY5JbHRGJbJYOhxyBiIP1iY8OjcFmkrK0u49vQYNR530gSjCENx5WSMqBGth0+mxYp8GdY/Lig4u9prOBw=","expires":1684664566860}}
\ No newline at end of file
diff --git a/solution/smo/apps/flows/data/flows.json b/solution/smo/apps/flows/data/flows.json
index e16c5e6..2ffd02a 100644
--- a/solution/smo/apps/flows/data/flows.json
+++ b/solution/smo/apps/flows/data/flows.json
@@ -250,13 +250,13 @@
         "name": "ves-message-data",
         "active": true,
         "tosidebar": false,
-        "console": false,
+        "console": true,
         "tostatus": true,
         "complete": "payload",
         "targetType": "msg",
         "statusVal": "payload.event.commonEventHeader.stndDefinedNamespace",
         "statusType": "msg",
-        "x": 1050,
+        "x": 1060,
         "y": 220,
         "wires": []
     },
@@ -473,7 +473,7 @@
         "type": "function",
         "z": "51e83a0892da060e",
         "name": "vesStndDefindBody",
-        "func": "const eventTime = new Date(msg.payload).toISOString();\nmsg.payload = {\n    schemaReference: 'https://gerrit.o-ran-sc.org/r/gitweb?p=scp/oam/modeling.git;a=blob_plain;f=data-model/yang/published/o-ran/ru-fh/o-ran-file-management.yang#components/schemas/ofhm-event-stream',\n    stndDefinedFieldsVersion: '1.0',\n    data: {\n        'ietf:notification': {\n            'eventTime': eventTime,\n            'o-ran-file-management:file-download-event': {\n                'local-logical-file-path': 'o-ran/log',\n                'remote-file-path': 'ftpes://username@ftpes.oam.smo.o-ran-sc/downloads',\n                'status': 'FAILURE',\n                'reject-reason': 'FTPes Server not reachable.'\n            }\n        }\n    }\n};\nmsg.topic = 'stndDefinedFields';\nreturn msg;",
+        "func": "const eventTime = new Date(msg.payload).toISOString();\nmsg.payload = {\n    schemaReference: 'https://gerrit.o-ran-sc.org/r/gitweb?p=scp/oam/modeling.git;a=blob_plain;f=data-model/yang/published/o-ran/ru-fh/o-ran-file-management.yang#components/schemas/ofhm-event-stream',\n    stndDefinedFieldsVersion: '1.0',\n    data: {\n        'ietf:notification': {\n            'eventTime': eventTime,\n            'o-ran-file-management:file-download-event': {\n                'local-logical-file-path': 'o-ran/log',\n                'remote-file-path': 'ftpes://username@ftpes.dcn.smo.o-ran-sc/downloads',\n                'status': 'FAILURE',\n                'reject-reason': 'FTPes Server not reachable.'\n            }\n        }\n    }\n};\nmsg.topic = 'stndDefinedFields';\nreturn msg;",
         "outputs": 1,
         "noerr": 0,
         "initialize": "",
@@ -522,7 +522,7 @@
         "type": "function",
         "z": "51e83a0892da060e",
         "name": "vesStndDefindBody",
-        "func": "const eventTime = new Date(msg.payload).toISOString();\nmsg.payload = {\n    schemaReference: 'https://gerrit.o-ran-sc.org/r/gitweb?p=scp/oam/modeling.git;a=blob_plain;f=data-model/yang/published/o-ran/ru-fh/o-ran-file-management.yang#components/schemas/ofhm-event-stream',\n    stndDefinedFieldsVersion: '1.0',\n    data: {\n        'ietf:notification': {\n            'eventTime': eventTime,\n            'o-ran-file-management:file-upload-notification': {\n                'local-logical-file-path': 'o-ran/log',\n                'remote-file-path': 'ftpes://username@ftpes.oam.smo.o-ran-sc/downloads',\n                'status': 'FAILURE',\n                'reject-reason': 'FTPes Server not reachable.'\n            }\n        }\n    }\n};\nmsg.topic = 'stndDefinedFields';\nreturn msg;",
+        "func": "const eventTime = new Date(msg.payload).toISOString();\nmsg.payload = {\n    schemaReference: 'https://gerrit.o-ran-sc.org/r/gitweb?p=scp/oam/modeling.git;a=blob_plain;f=data-model/yang/published/o-ran/ru-fh/o-ran-file-management.yang#components/schemas/ofhm-event-stream',\n    stndDefinedFieldsVersion: '1.0',\n    data: {\n        'ietf:notification': {\n            'eventTime': eventTime,\n            'o-ran-file-management:file-upload-notification': {\n                'local-logical-file-path': 'o-ran/log',\n                'remote-file-path': 'ftpes://username@ftpes.dcn.smo.o-ran-sc/downloads',\n                'status': 'FAILURE',\n                'reject-reason': 'FTPes Server not reachable.'\n            }\n        }\n    }\n};\nmsg.topic = 'stndDefinedFields';\nreturn msg;",
         "outputs": 1,
         "noerr": 0,
         "initialize": "",
diff --git a/solution/smo/common/.env b/solution/smo/common/.env
index 7d5e497..2fa5580 100644
--- a/solution/smo/common/.env
+++ b/solution/smo/common/.env
@@ -21,19 +21,13 @@ ADMIN_PASSWORD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
 # Network settings
 # Please update /etc/docker/daemon.json accordingly
 # https://docs.docker.com/config/daemon/ipv6/
-NETWORK_SUBNET_SMO=2001:db8:1:40::/96
-NETWORK_GATEWAY_SMO=2001:db8:1:40::1
+NETWORK_SUBNET_DCN_IPv6=2001:db8:1:50::/96
 
-# traefik network
+# gateway network implemented by traefik
 SOLUTION_DOMAIN=smo.o-ran-sc.org
 TRAEFIK_IMAGE=traefik:v2.9
 TRAEFIK_LOG_LEVEL=DEBUG
-TRAEFIK_NETWORK_NAME=smo
-TRAEFIK_SUBNET=172.30.0.0/16
-TRAEFIK_SUBNET_IPv6=2001:db8:1:30::/64
-TRAEFIK_SUBNET_IPv6_PRE_STRING=2001:db8:1:30
-TRAEFIK_GATEWAY_IP=172.30.0.1
-TRAEFIK_GATEWAY_IPv6=${TRAEFIK_SUBNET_IPv6_PRE_STRING}:172:30:0:1
+TRAEFIK_NETWORK_NAME=dmz
 
 # Identity server
 IDENTITY_IMAGE=bitnami/keycloak:18.0.2
diff --git a/solution/smo/common/docker-compose.yml b/solution/smo/common/docker-compose.yml
index e89ab91..cbdcb9c 100755
--- a/solution/smo/common/docker-compose.yml
+++ b/solution/smo/common/docker-compose.yml
@@ -1,3 +1,18 @@
+################################################################################
+# Copyright 2023 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
 # no more versions needed! Compose spec supports all features w/o a version
 services:
 
@@ -18,6 +33,8 @@ services:
     ports:
       - 80:80
       - 443:443
+      - 4334:4334
+      - 4335:4335
     command:
       - --serverstransport.insecureskipverify=true
       - --log.level=${TRAEFIK_LOG_LEVEL}
@@ -34,6 +51,8 @@ services:
       - --entrypoints.websecure.address=:443
       - --entrypoints.websecure.http.tls.domains[0].main=gateway.${SOLUTION_DOMAIN}
       - --entrypoints.websecure.http.tls.domains[0].sans=*.${SOLUTION_DOMAIN}
+      - --entrypoints.ssh-netconf-callhome.address=:4334
+      - --entrypoints.tls-netconf-callhome.address=:4335
       - --providers.docker.endpoint=unix:///var/run/docker.sock
       - --providers.docker.network=${TRAEFIK_NETWORK_NAME}
       - --providers.docker.exposedByDefault=false
@@ -55,7 +74,7 @@ services:
       traefik.http.services.gateway.loadbalancer.server.port: 8080
     networks:
       - dmz
-      - default
+      - dcn
 
   identitydb:
     image: ${IDENTITYDB_IMAGE}
@@ -105,6 +124,9 @@ services:
         condition: service_started
       gateway:
         condition: service_healthy
+    networks:
+      - dmz
+      - default
 
   persistence:
     image: ${PERSISTENCE_IMAGE}
@@ -115,8 +137,6 @@ services:
   zookeeper:
     image: ${ZOOKEEPER_IMAGE}
     container_name: zookeeper
-    # ports:
-    # - 2181:2181
     environment:
       ZOOKEEPER_REPLICAS: 1
       ZOOKEEPER_TICK_TIME: 2000
@@ -176,18 +196,24 @@ services:
         condition: service_started
       gateway:
         condition: service_healthy
+    networks:
+      - dmz
+      - default
 
 networks:
   dmz:
     name: dmz
     driver: bridge
     enable_ipv6: false
+  default:
+    name: smo
+    driver: bridge
+    enable_ipv6: false
+  dcn:
+    driver: bridge
+    name: dcn
+    enable_ipv6: true
     ipam:
       driver: default
       config:
-        - subnet: ${TRAEFIK_SUBNET}
-          gateway: ${TRAEFIK_GATEWAY_IP}
-        - subnet: ${TRAEFIK_SUBNET_IPv6}
-          gateway: ${TRAEFIK_GATEWAY_IPv6}
-  default:
-    name: ${TRAEFIK_NETWORK_NAME}
+      - subnet:  ${NETWORK_SUBNET_DCN_IPv6}
diff --git a/solution/smo/oam/.env b/solution/smo/oam/.env
index 21b4380..f6cdb58 100644
--- a/solution/smo/oam/.env
+++ b/solution/smo/oam/.env
@@ -21,18 +21,10 @@ ADMIN_USERNAME=admin
 ADMIN_PASSWORD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
 
 # Network settings
-
 HOST_IP=aaa.bbb.ccc.ddd
-# Please update /etc/docker/daemon.json accordingly
-# https://docs.docker.com/config/daemon/ipv6/
-NETWORK_SUBNET_OAM_IPv4=172.50.0.0/24
-NETWORK_GATEWAY_OAM_IPv4=172.50.0.1
-NETWORK_SUBNET_OAM_IPv6=2001:db8:1:50::/96
-NETWORK_GATEWAY_OAM_IPv6=2001:db8:1:50::1
 
 # traefik network
 SOLUTION_DOMAIN=smo.o-ran-sc.org
-TRAEFIK_NETWORK_NAME=dmz
 
 # Identity server
 IDENTITY_PROVIDER_URL=https://identity.smo.o-ran-sc.org
@@ -40,8 +32,6 @@ IDENTITY_PROVIDER_URL=https://identity.smo.o-ran-sc.org
 # SDN Controller
 SDNC_IMAGE=nexus3.onap.org:10001/onap/sdnc-image:2.4.2
 SDNC_REST_PORT=8181
-SDNC_OAM_IPv4=172.50.0.23
-SDNC_OAM_IPv6=2001:db8:1:50::23
 SDNC_CERT_DIR=/opt/opendaylight/current/certs
 
 # SDN Controller Web
@@ -50,8 +40,6 @@ SDNC_WEB_PORT=8080
 
 ## VES Collector
 VES_COLLECTOR_IMAGE=nexus3.onap.org:10001/onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.1
-VES_COLLECTOR_OAM_IPv4=172.50.0.27
-VES_COLLECTOR_OAM_IPv6=2001:db8:1:50::27
 VES_COMMON_HEADER_VERSION=7.2.1
 VES_ENDPOINT_PROTOCOL=http
 VES_ENDPOINT_PORT=8080
diff --git a/solution/smo/oam/docker-compose.yml b/solution/smo/oam/docker-compose.yml
index b778170..84e5e50 100755
--- a/solution/smo/oam/docker-compose.yml
+++ b/solution/smo/oam/docker-compose.yml
@@ -1,3 +1,19 @@
+################################################################################
+# Copyright 2023 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
 # no more versions needed! Compose spec supports all features w/o a version
 services:
 
@@ -22,6 +38,7 @@ services:
       controller:
         condition: service_healthy
     networks:
+      dmz:
       smo:
 
   controller:
@@ -36,9 +53,9 @@ services:
       interval: 10s
       timeout: 5s
       retries: 5
-    ports:
-      - 4334:4334
-      - 4335:4335
+    # ports:
+      # - 4334:4334
+      # - 4335:4335
     environment:
       ENABLE_ODL_CLUSTER: false
       ENABLE_OAUTH: true
@@ -78,14 +95,24 @@ services:
     labels:
       traefik.enable: true
       traefik.http.routers.controller.entrypoints: websecure
-      traefik.http.routers.controller.rule: Host(`controller.oam.${SOLUTION_DOMAIN}`)
+      traefik.http.routers.controller.rule: Host(`controller.dcn.${SOLUTION_DOMAIN}`)
       traefik.http.routers.controller.tls: true
       traefik.http.services.controller.loadbalancer.server.port: ${SDNC_REST_PORT}
+
+      traefik.tcp.routers.controller-ssh.entrypoints: ssh-netconf-callhome
+      traefik.tcp.routers.controller-ssh.rule: HostSNI(`*`)
+      traefik.tcp.routers.controller-ssh.tls: false
+      traefik.tcp.routers.controller-ssh.service: controller-ssh
+      traefik.tcp.services.controller-ssh.loadbalancer.server.port: 4334
+
+      traefik.tcp.routers.controller-tls.entrypoints: tls-netconf-callhome
+      traefik.tcp.routers.controller-tls.rule: HostSNI(`*`)
+      traefik.tcp.routers.controller-tls.tls: false
+      traefik.tcp.routers.controller-tls.service: controller-tls
+      traefik.tcp.services.controller-tls.loadbalancer.server.port: 4335
     networks:
       smo:
-      default:
-        ipv4_address: ${SDNC_OAM_IPv4}
-        ipv6_address: ${SDNC_OAM_IPv6}
+      dcn:
 
   ves-collector:
     image: ${VES_COLLECTOR_IMAGE}-configured
@@ -109,26 +136,17 @@ services:
     labels:
       traefik.enable: true
       traefik.http.routers.ves.entrypoints: websecure
-      traefik.http.routers.ves.rule: Host(`ves-collector.oam.${SOLUTION_DOMAIN}`)
+      traefik.http.routers.ves.rule: Host(`ves-collector.dcn.${SOLUTION_DOMAIN}`)
       traefik.http.routers.ves.tls: true
       traefik.http.services.ves.loadbalancer.server.port: ${VES_ENDPOINT_PORT}
     networks:
       smo:
-      default:
-        ipv4_address: ${VES_COLLECTOR_OAM_IPv4}
-        ipv6_address: ${VES_COLLECTOR_OAM_IPv6}
+      dcn:
 
 networks:
+  dmz:
+    external: true
   smo:
     external: true
-  default:
-    driver: bridge
-    name: oam
-    enable_ipv6: true
-    ipam:
-      driver: default
-      config:
-      - subnet:  ${NETWORK_SUBNET_OAM_IPv4}
-        gateway: ${NETWORK_GATEWAY_OAM_IPv4}
-      - subnet:  ${NETWORK_SUBNET_OAM_IPv6}
-        gateway: ${NETWORK_GATEWAY_OAM_IPv6}
+  dcn:
+    external: true
-- 
2.16.6