diff --git a/.gitignore b/.gitignore
index 136001a7e5d0b4218e56b22cf73a7c1f98d804bd..7f34dd02aaa7bd76dcfa8d10761899c295a26f86 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,10 @@ artifacts/*
 
 build_env.env
 
+# containerlab
+clab-quant_playground
+.playground.clab.yaml.bak
+
 # tooling
 build-tools/
 
diff --git a/Makefile b/Makefile
index 82268ca53258635e20295a5bc1bd5f1bd33b7577..6de4d1757a19e294fd79a947eab804db1af47db8 100644
--- a/Makefile
+++ b/Makefile
@@ -75,6 +75,15 @@ compose-up: build-images
 compose-down:
 	docker-compose down
 
+playground-start:
+	sudo containerlab deploy --reconfigure --topo playground.clab.yaml
+
+playground-stop:
+	sudo containerlab destroy --topo playground.clab.yaml
+
+playground-graph:
+	sudo containerlab graph --topo playground.clab.yaml
+
 self-certs:
 	mkdir -p ./artifacts/ssl/private
 	mkdir -p ./artifacts/ssl/certs
diff --git a/README.md b/README.md
index 1a38ab9a72a4fc3a40aa9867a3b6466a4825c0fe..4649997997701e0b8485f59a6de77e02ea65c68e 100644
--- a/README.md
+++ b/README.md
@@ -200,7 +200,16 @@ After that two requests from an AKMS are simulated through two curl requests.
 
 #### Demo with goSDN-Controller
 
-This is a short demo video of this setup in combination with the
+There is an additional playground where the
+[goSDN-Controller](https://code.fbi.h-da.de/danet/gosdn) can be used to
+configure ekms. Therefore a small lab is provided.
+
+**Requirements:**
+
+-   docker
+-   [containerlab](https://containerlab.dev/)
+
+Below is a short demo video of this setup in combination with the
 [goSDN-Controller](https://code.fbi.h-da.de/danet/gosdn).
 
 ![](figures/gosdn-ekms-example.mp4)
diff --git a/config/quant-gosdn.toml b/config/quant-gosdn.toml
new file mode 100644
index 0000000000000000000000000000000000000000..5b7d89e9a2d39beabeddb0c56506b74017a5e9da
--- /dev/null
+++ b/config/quant-gosdn.toml
@@ -0,0 +1,17 @@
+amqphost = 'clab-quant_playground-rabbitmq'
+amqppassword = 'guest'
+amqpport = '5672'
+amqpprefix = 'amqp://'
+amqpuser = 'guest'
+basepnduuid = '5f20f34b-cbd0-4511-9ddc-c50cf6a3b49d'
+config = './configs/quant-gosdn.toml'
+csbi-orchestrator = 'localhost:55056'
+databaseconnection = 'mongodb://root:example@clab-quant_playground-mongodb:27017'
+defaultjwtduration = 24
+filesystempathtostores = 'stores'
+help = false
+log-level = 'debug'
+plugin-folder = 'plugins'
+plugin-registry = 'clab-quant_playground-plugin-registry:55057'
+security = 'insecure'
+socket = ':55055'
diff --git a/config/scripts/add_kms_to_controller.sh b/config/scripts/add_kms_to_controller.sh
new file mode 100755
index 0000000000000000000000000000000000000000..956f4fc522a47024cc73904158006b355c789f46
--- /dev/null
+++ b/config/scripts/add_kms_to_controller.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+## Note: This script does not clean up network elements already existing in the storage. Running it repeatedly will
+## create a garbage storage.
+
+GOSDNC_PATH="./gosdnc"
+GOSDN_ADDRESS="172.100.20.2:55055"
+ADMINPW="TestPassword"
+KMS_PLUGIN="823aad29-69be-42f0-b279-90f2c1b6a94d"
+PND_UUID="5f20f34b-cbd0-4511-9ddc-c50cf6a3b49d"
+## Adjust this if timer is to short.
+SLEEP_TIMER=20
+
+
+echo 'Logging in via gosdnc and setting up KMS in controller...'
+
+## Sleep is needed to give gosdn some time to start correctly.
+sleep $SLEEP_TIMER
+
+# TODO: Add --tls when adding certs to this!
+
+## Call login and create entries for all the network elements.
+## Could be a bit more automated in the future, but fine for now.
+$GOSDNC_PATH login --controller $GOSDN_ADDRESS --u admin --p $ADMINPW
+$GOSDNC_PATH pnd use $PND_UUID
+$GOSDNC_PATH mne create --address 172.100.20.10:7030 --name kms01 --password admin --plugin-id $KMS_PLUGIN --username admin --uuid 0ff33c82-7fe1-482b-a0ca-67565806ee4b
+$GOSDNC_PATH mne create --address 172.100.20.11:7030 --name kms02 --password admin --plugin-id $KMS_PLUGIN --username admin --uuid 5e41c291-6121-4335-84f6-41e04b8bdaa2
+$GOSDNC_PATH mne create --address 172.100.20.12:7030 --name kms03 --password admin --plugin-id $KMS_PLUGIN --username admin --uuid f80db2c0-2480-46b9-b7d1-b63f954e8227
+$GOSDNC_PATH mne create --address 172.100.20.13:7030 --name kms04 --password admin --plugin-id $KMS_PLUGIN --username admin --uuid 968fd594-b0e7-41f0-ba4b-de259047a933
diff --git a/playground.clab.yaml b/playground.clab.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..5152142cf1f8811897cbaf3ad807327d851ac299
--- /dev/null
+++ b/playground.clab.yaml
@@ -0,0 +1,175 @@
+name: quant_playground
+
+mgmt:
+  network: quant_playground_net
+  ipv4-subnet: 172.100.20.0/24
+
+topology:
+  nodes:
+    gosdn:
+      kind: linux
+      image: registry.code.fbi.h-da.de/danet/gosdn:186ee2883e513cc6cdc0856da61aa4b1e0e562ad
+      ports:
+        - 55055:55055
+        - 8080:8080
+        - 40000:40000
+      binds:
+        - ./config/quant-gosdn.toml:/app/configs/quant-gosdn.toml
+      cmd: --config ./configs/quant-gosdn.toml
+      mgmt-ipv4: 172.100.20.2
+      env:
+        GOSDN_ADMIN_PASSWORD: TestPassword
+
+    plugin-registry:
+      kind: linux
+      image: registry.code.fbi.h-da.de/danet/quant/plugin-registry:latest
+      mgmt-ipv4: 172.100.20.3
+
+    gosdnc:
+      kind: linux
+      image: registry.code.fbi.h-da.de/danet/gosdn/gosdnc:186ee2883e513cc6cdc0856da61aa4b1e0e562ad
+      mgmt-ipv4: 172.100.20.4
+      binds:
+        - ./config/ekms01-a.json:/ekms01-a.json
+        - ./config/ekms02-a.json:/ekms02-a.json
+        - ./config/ekms03-a.json:/ekms03-a.json
+        - ./config/ekms01-b.json:/ekms01-b.json
+        - ./config/ekms02-b.json:/ekms02-b.json
+        - ./config/ekms03-b.json:/ekms03-b.json
+        - ./config/scripts/add_kms_to_controller.sh:/scripts/add_kms_to_controller.sh
+      exec:
+        - bash /scripts/add_kms_to_controller.sh
+
+    kms1:
+      kind: linux
+      image: registry.code.fbi.h-da.de/danet/quant/ekms:master
+      mgmt-ipv4: 172.100.20.10
+      binds:
+        - ./config/ekms/example01.yaml:/tmp/kms/config/ekms01.yaml
+      cmd: start --log debug --kms_config /tmp/kms/config/ekms01.yaml --insecure
+
+    kms2:
+      kind: linux
+      image: registry.code.fbi.h-da.de/danet/quant/ekms:master
+      mgmt-ipv4: 172.100.20.11
+      binds:
+        - ./config/ekms/example02.yaml:/tmp/kms/config/ekms02.yaml
+      cmd: start --log debug --kms_config /tmp/kms/config/ekms02.yaml --insecure
+
+    kms3:
+      kind: linux
+      image: registry.code.fbi.h-da.de/danet/quant/ekms:master
+      mgmt-ipv4: 172.100.20.12
+      binds:
+        - ./config/ekms/example03.yaml:/tmp/kms/config/ekms03.yaml
+      cmd: start --log debug --kms_config /tmp/kms/config/ekms03.yaml --insecure
+
+    kms4:
+      kind: linux
+      image: registry.code.fbi.h-da.de/danet/quant/ekms:master
+      mgmt-ipv4: 172.100.20.13
+      binds:
+        - ./config/ekms/example04.yaml:/tmp/kms/config/ekms04.yaml
+      cmd: start --log debug --kms_config /tmp/kms/config/ekms04.yaml --insecure
+
+    qlayer01:
+      kind: linux
+      image: registry.code.fbi.h-da.de/danet/quant/quantumlayer:master
+      mgmt-ipv4: 172.100.20.14
+      binds:
+        - ./config/quantumlayer/example01.yaml:/tmp/quantumlayer/config/quantumlayer01.yaml
+      cmd: --config /tmp/quantumlayer/config/quantumlayer01.yaml
+
+    qlayer02:
+      kind: linux
+      image: registry.code.fbi.h-da.de/danet/quant/quantumlayer:master
+      mgmt-ipv4: 172.100.20.15
+      binds:
+        - ./config/quantumlayer/example02.yaml:/tmp/quantumlayer/config/quantumlayer02.yaml
+      cmd: --config /tmp/quantumlayer/config/quantumlayer02.yaml
+
+    qlayer03:
+      kind: linux
+      image: registry.code.fbi.h-da.de/danet/quant/quantumlayer:master
+      mgmt-ipv4: 172.100.20.16
+      binds:
+        - ./config/quantumlayer/example03.yaml:/tmp/quantumlayer/config/quantumlayer03.yaml
+      cmd: --config /tmp/quantumlayer/config/quantumlayer03.yaml
+
+    qlayer04:
+      kind: linux
+      image: registry.code.fbi.h-da.de/danet/quant/quantumlayer:master
+      mgmt-ipv4: 172.100.20.17
+      binds:
+        - ./config/quantumlayer/example04.yaml:/tmp/quantumlayer/config/quantumlayer04.yaml
+      cmd: --config /tmp/quantumlayer/config/quantumlayer04.yaml
+
+    qlayer05:
+      kind: linux
+      image: registry.code.fbi.h-da.de/danet/quant/quantumlayer:master
+      mgmt-ipv4: 172.100.20.18
+      binds:
+        - ./config/quantumlayer/example05.yaml:/tmp/quantumlayer/config/quantumlayer05.yaml
+      cmd: --config /tmp/quantumlayer/config/quantumlayer05.yaml
+
+    qlayer06:
+      kind: linux
+      image: registry.code.fbi.h-da.de/danet/quant/quantumlayer:master
+      mgmt-ipv4: 172.100.20.19
+      binds:
+        - ./config/quantumlayer/example06.yaml:/tmp/quantumlayer/config/quantumlayer06.yaml
+      cmd: --config /tmp/quantumlayer/config/quantumlayer06.yaml
+
+    qlayer07:
+      kind: linux
+      image: registry.code.fbi.h-da.de/danet/quant/quantumlayer:master
+      mgmt-ipv4: 172.100.20.20
+      binds:
+        - ./config/quantumlayer/example07.yaml:/tmp/quantumlayer/config/quantumlayer07.yaml
+      cmd: --config /tmp/quantumlayer/config/quantumlayer07.yaml
+
+    qlayer08:
+      kind: linux
+      image: registry.code.fbi.h-da.de/danet/quant/quantumlayer:master
+      mgmt-ipv4: 172.100.20.21
+      binds:
+        - ./config/quantumlayer/example08.yaml:/tmp/quantumlayer/config/quantumlayer08.yaml
+      cmd: --config /tmp/quantumlayer/config/quantumlayer08.yaml
+
+    akms-receiver-01:
+      kind: linux
+      image: registry.code.fbi.h-da.de/danet/quant/akms-simulator:master
+      mgmt-ipv4: 172.100.20.22
+
+    akms-receiver-02:
+      kind: linux
+      image: registry.code.fbi.h-da.de/danet/quant/akms-simulator:master
+      mgmt-ipv4: 172.100.20.23
+
+    mongodb:
+      kind: linux
+      image: mongo:7
+      ports:
+        - 27017:27017
+      env:
+        MONGO_INITDB_ROOT_USERNAME: root
+        MONGO_INITDB_ROOT_PASSWORD: example
+      mgmt-ipv4: 172.100.20.24
+
+    rabbitmq:
+      kind: linux
+      image: rabbitmq:3-management
+      ports:
+        - 127.0.0.1:5672:5672
+        - 127.0.0.1:15672:15672
+      mgmt-ipv4: 172.100.20.25
+
+  links:
+    - endpoints: ["kms1:eth1", "kms2:eth1"]
+    - endpoints: ["kms2:eth2", "kms3:eth1"]
+    - endpoints: ["qlayer01:eth1", "qlayer02:eth1"]
+    - endpoints: ["qlayer03:eth1", "qlayer04:eth1"]
+    - endpoints: ["qlayer01:eth2", "kms1:eth2"]
+    - endpoints: ["qlayer02:eth2", "kms2:eth3"]
+    - endpoints: ["qlayer03:eth2", "kms2:eth4"]
+    - endpoints: ["qlayer04:eth2", "kms3:eth2"]