OML Documentation — Setup, Topologies & User Guide

Welcome

OML User Guide #

OML (Open Multi-vendor Lab) is a self-hosted network emulation platform that runs real Cisco IOS, ASA, Juniper, Arista, Palo Alto, Linux, and Windows VMs — entirely from your browser. No physical hardware, no simulator shortcuts.

This guide walks you from a fresh OML install all the way through building multi-vendor labs, capturing packets, and using the built-in AI assistant.

💡

New to network emulation? Start with Create Your First Lab — it takes about 10 minutes to have a working topology.

What OML can do #

Capability	Details
Real OS images	QEMU, Dynamips, IOL — same image you'd run on production iron
In-browser console	HTML5 WebSocket telnet to any node; no SSH client needed
Packet capture	Wireshark-compatible .pcap download on any link, live
VNC / RDP	GUI access to Windows, Linux, Palo Alto via browser
AI Assistant	Context-aware config help using Anthropic, OpenAI, or local Ollama
Multi-user	Each user has isolated labs; admin manages images and users
Air-gapped	Fully offline after install — no cloud dependency

Getting Started — 01

System Requirements #

OML is installed on a Linux host (bare-metal or VM). Students access it via browser — no client software needed.

OML ships as an OVA — a pre-built virtual machine you import into VMware or Proxmox. The host running the hypervisor must meet these specs.

Hypervisor host #

Component	Minimum	Recommended
CPU	4 cores, VT-x/AMD-V enabled in BIOS	16+ cores (Xeon/EPYC/Ryzen)
RAM	8 GB (assigned to OML VM)	64 GB+ host RAM
Disk	100 GB free for OML VM + images	1 TB NVMe
Hypervisor	VMware ESXi 7+, Workstation 16+, Fusion 12+	Proxmox VE 7+ or ESXi 8
Network	1 Gbps NIC	10 Gbps NIC

⚠️

Nested KVM must be enabled. OML runs QEMU inside the VM — your hypervisor must expose hardware virtualization to the guest. In VMware: VM Settings → CPU → "Virtualize Intel VT-x/EPT or AMD-V/RVI". In Proxmox: set CPU type to host. Without this, nodes will boot extremely slowly (no KVM acceleration).

OML VM resource allocation #

The OML VM itself is lightweight. The resources you assign to it become the pool available for running network nodes:

Use case	vCPU	RAM	Disk
Personal / study (3–5 nodes)	4	8 GB	100 GB
Small class (10–15 nodes)	8	32 GB	250 GB
Lab server (30+ nodes)	16+	64 GB+	500 GB+

Client browser #

Any modern browser works. Chrome/Chromium 110+ and Firefox 115+ are tested. Safari works for console but may lag on VNC.

Getting Started — 02

Installation #

OML is distributed as a pre-built OVA (Open Virtual Appliance). Everything — Ubuntu OS, backend API, QEMU, PostgreSQL, Redis, and the web frontend — is already installed and configured inside the image. You just import it into your hypervisor and boot.

📦

No manual installation steps. The OVA is a sealed appliance — you import, power on, and open a browser.

Import on VMware (ESXi / Workstation / Fusion) #

1

Download the OVA

Log in to your OML account at omllabs.com/account and download OML-latest.ova from the Downloads section.
2

Import the OVA

ESXi / vSphere: Actions → Deploy OVF Template → browse to the OVA file → follow the wizard. Accept default storage and networking.

VMware Workstation: File → Open → select the OVA file → click Import.

VMware Fusion: File → Import → select the OVA file.
3

Enable hardware virtualization on the VM

Before powering on: VM Settings → Processors → check "Virtualize Intel VT-x/EPT or AMD-V/RVI". Without this, QEMU inside OML cannot use KVM and nodes will be extremely slow.
4

Set RAM and vCPU

Allocate at least 8 GB RAM and 4 vCPUs to the OML VM. More is better — each network node you run inside OML consumes RAM from this pool.
5

Power on and note the IP address

OML boots in ~60 seconds. The console screen displays the assigned IP address (DHCP by default). Open that IP in your browser to reach the OML web UI.

Import on Proxmox VE #

1
Upload the OVA to Proxmox

Copy the OVA to your Proxmox node via SCP, or upload via Datacenter → Storage → Upload. Proxmox stores it under ISO images.
bash — proxmox node shell
```
scp OML-latest.ova root@<proxmox-ip>:/var/lib/vz/template/iso/
```

2

Import the OVA

Proxmox doesn't have a native OVA wizard — extract it and import the disk. Run in the Proxmox shell:

bash — proxmox node shell

# Extract OVA (it's a tar archive)
cd /var/lib/vz/template/iso/
tar xf OML-latest.ova

# Create a new VM (adjust VMID and storage name as needed)
qm create 200 --name "OML" --memory 8192 --cores 4 --net0 virtio,bridge=vmbr0

# Import the disk (replace 'local-lvm' with your storage)
qm importdisk 200 OML-latest-disk001.vmdk local-lvm

# Attach disk as primary boot disk
qm set 200 --scsihw virtio-scsi-pci --scsi0 local-lvm:vm-200-disk-0
qm set 200 --boot c --bootdisk scsi0

3
Enable nested virtualisation

In the VM Hardware tab → Processors → check Enable KVM and set CPU type to host. This passes through the real CPU flags so QEMU inside OML can use KVM acceleration.
bash — alternative via CLI
```
qm set 200 --cpu host
# Verify KVM is enabled on the Proxmox host itself
cat /sys/module/kvm_intel/parameters/nested  # should print Y or 1
```
4

Start the VM

Click Start in the Proxmox GUI or run qm start 200. Open the Console tab — OML boots and prints its IP address when ready.

⚠️

Static IP recommended. Set a DHCP reservation or static IP for the OML VM in your router/switch. If the IP changes after reboot, browser console connections to nodes will break.

After first boot #

Open http://<oml-vm-ip> in your browser. Default credentials are printed on the VM console screen. Proceed to First Login to change the password and configure the server.

Getting Started — 03

First Login #

After installation, open http://<server-ip>. You'll land on the OML login page.

1

Log in as admin

Use the admin username and the password shown on the VM console screen after first boot. Change it immediately from Settings → Profile.
2

Set server hostname & external IP

Go to Admin → Server Settings. Set the External IP / Hostname to the address students will use. This controls where browser console connections are directed.
3

Create student accounts

Go to Admin → Users → New User. Assign a role: Student (lab access only) or Instructor (can see all labs, manage images).
4

Upload your first QEMU image

Go to Admin → Images → Upload. See Uploading an Image for naming conventions and RAM/CPU profiles.

Getting Started — 04

License Activation #

OML runs in Free mode with up to 3 simultaneous nodes. Activate a paid license to unlock the full node limit and Pro/Enterprise features.

1

Purchase a license

Visit omllabs.com/#pricing, choose a plan, and complete checkout. An activation token (16-character code) is emailed to you within 60 seconds.
2

Open License Settings

In OML, navigate to Admin → Settings → License. You'll see the current tier and a token input field.
3

Paste and activate

Paste the token from your email and click Activate. OML contacts the license server, binds the license to this machine, and upgrades immediately — no restart needed.

🔒

Each activation token is single-use and machine-bound. If you reinstall OML on a different machine, contact [email protected] · Discord for a transfer.

Tier comparison #

Feature	Free	Lab (Pro)	Studio (Enterprise)
Simultaneous nodes	3	50	Unlimited
Packet capture	✓	✓	✓
AI Assistant	—	✓	✓
Multi-user	—	✓	✓
Ansible export	—	—	✓
Priority support	—	—	✓

Building Labs — 01

Create Your First Lab #

A Lab in OML is a saved topology — nodes, links, and configurations. Labs are isolated per user; multiple labs can run concurrently on the same server.

1

Click "New Lab" on the dashboard

Give it a name (e.g. OSPF Practice) and an optional description. Click Create. You're taken to the canvas.
2

Understand the canvas

The topology canvas is where you drag, drop, and wire devices. The toolbar on the left holds node templates. The top bar has Start All / Stop All / Save buttons.
3

Add nodes

Drag a node type from the left panel onto the canvas, or right-click the canvas → Add Node. See Adding Nodes for image selection and RAM/CPU settings.
4

Connect nodes

Hover over a node until the port dots appear. Click a port and drag to another node's port to create a link. See Connecting Nodes.
5

Start the lab

Click Start All in the top bar. Nodes boot in parallel. Status indicators turn green when the OS is ready for console.
6

Open a console

Double-click any running node. The HTML5 console opens in a new tab — no SSH client required.

💾

Labs auto-save topology changes (node positions, links, names). VM disk state is not auto-saved — use Snapshot from the node context menu to persist configs.

Building Labs — 02

Adding Nodes #

Each node in OML is a QEMU VM backed by a disk image. When you add a node, OML creates a copy-on-write (COW) overlay so the base image is never modified.

Node settings #

Field	Description
Name	Label shown on canvas. Can be renamed any time.
Image	Base QEMU image. Must be in `/opt/OML/qemu-images/`
vCPUs	Virtual CPUs allocated. Cisco IOS needs 1; Palo Alto needs 2+.
RAM	In MB. Cisco IOS: 512 MB. PAN-OS: 6144 MB minimum.
Interfaces	Number of NICs. Each NIC becomes a connectable port on canvas.
Console port	Auto-assigned from `CONSOLE_BASE_PORT`. Override if needed.

Node templates #

Admins can create Node Templates under Admin → Node Templates. Templates pre-fill image, vCPU, RAM, and NIC count — students just drag the template icon and the node is pre-configured.

⚠️

Changing vCPU or RAM on a running node requires stopping it first. Changing the number of interfaces on a running node is not supported — stop, edit, restart.

Building Labs — 03

Connecting Nodes #

Links in OML are TAP-based virtual Ethernet pairs. Each link is full-duplex, and packet capture is available on every link.

Draw a link #

1

Hover over the source node

Small port circles appear at each interface position. The number corresponds to the interface order (e.g. GigabitEthernet0/0 → port 0).
2

Click and drag to target

Drag from the source port to any port on the target node. Release to create the link. OML creates a TAP pair and connects both ends immediately (even if the nodes are not yet started).
3

Verify the link

A line appears between the nodes. Hover over it to see port labels on both ends. Right-click → Capture to start a live pcap.

Delete a link #

Right-click the link → Delete. This removes the TAP pair; the interface on the VM side becomes unconnected (link-down) but is not removed. You can reconnect it later.

Building Labs — 04

Network Types #

Beyond point-to-point links, OML supports Network Objects — virtual switches and bridge networks you can connect multiple nodes to.

Type	Behaviour	Use case
Bridge (LAN)	Layer-2 broadcast domain. All connected ports hear all frames.	LAN segment, shared switch segment
Management (OOB)	Connected to the OML server's host bridge. Nodes get DHCP from the server.	Out-of-band management access from host
Internet	NAT'd through the server's uplink. Nodes can reach the internet.	Software downloads inside VMs, DNS testing
Point-to-point	Direct TAP pair, no broadcast. Lowest latency.	Router-to-router serial-style links

Add a network object by right-clicking the canvas → Add Network. Then draw links from nodes to the network object icon just as you would between two nodes.

Node Management — 01

Start / Stop / Wipe #

Individual node #

Right-click any node on the canvas to see: Start, Stop, Wipe, Snapshot, Restore.

Action	What it does
Start	Boots the VM. COW overlay is created if not already present.
Stop	Sends ACPI shutdown signal. If the OS ignores it, use Force Stop.
Force Stop	Kills the QEMU process immediately (equivalent to pulling power).
Wipe	Deletes the COW overlay. The node reverts to factory-fresh state on next start. All configs are lost.
Snapshot	Creates a named point-in-time snapshot of the overlay disk.
Restore	Rolls back the overlay disk to a previously saved snapshot.

🗑️

Wipe is irreversible. It deletes the VM's disk overlay and all in-memory state. Snapshot your configs before wiping.

All nodes #

The top toolbar has Start All and Stop All. Start All boots every node in the lab in parallel. Stop All sends a graceful shutdown to all running nodes simultaneously.

Node Management — 02

Console Access #

OML provides an in-browser HTML5 terminal for every node. No SSH client, no Putty — just your browser.

Open the console #

1

Double-click a running node

If the node is stopped, a prompt asks if you want to start it. If it's starting, the console opens immediately but output appears once the OS boots.
2

Console opens in a new tab

The tab title shows the node name. Tabs stay open even if you navigate away from the lab canvas. Multiple console tabs can be open simultaneously.
3

Send special keys

Use the toolbar inside the console tab for Ctrl+C, Ctrl+Z, Ctrl+A, Break, and Escape. Some OS boot prompts (ROMMON, GRUB) need these.

Alternative: external Telnet client #

Every node exposes a raw Telnet port starting at 5000. The port for each node is shown in the node properties panel. Connect with:

bash

telnet <oml-server-ip> 5001   # port shown in node properties

Keyboard shortcuts inside the console #

Key	Action
`Ctrl`+`Shift`+`C`	Copy selected text
`Ctrl`+`Shift`+`V`	Paste
`Ctrl`+`Alt`+`Del`	Send Ctrl+Alt+Del to VM (Windows reboot)
`F11`	Full-screen the console tab

Node Management — 03

VNC & RDP #

GUI nodes (Windows, Ubuntu Desktop, Palo Alto) expose a VNC or RDP connection accessible from the browser.

VNC (Palo Alto, Linux GUI) #

Right-click the node → Open VNC. A noVNC window opens in-browser. The VNC WebSocket port starts at 6900. You can also connect with a native VNC client:

bash

vncviewer <oml-server-ip>:<vnc-port>   # e.g. 192.168.1.79:5901

RDP (Windows) #

Right-click the node → Open RDP. An RDP connection proxied through the browser opens. The host-side RDP forward port starts at 13389. Connect with a native RDP client:

bash

mstsc /v:<oml-server-ip>:<rdp-port>

Node Management — 04

Hotplug Interfaces #

OML supports hotplugging network interfaces on running nodes — you can add or remove links without stopping the VM.

ℹ️

Hotplug uses TAP + QEMU set_link commands, not device_del/device_add. This avoids PCIe re-enumeration issues that crash some Cisco IOS images.

To add a link to a running node: draw the link on the canvas as normal. OML automatically detects the node is running and injects the TAP without interrupting existing connections.

To remove a hotplugged link: right-click the link → Delete. The interface on the VM side goes link-down but is not removed from the OS interface list.

Images & Devices — 01

Supported Images #

OML runs any QEMU-compatible disk image. Below are commonly used images and their tested configurations.

Image	Format	vCPU	RAM	Notes
Cisco IOS 15.x	qcow2	1	512 MB	Dynamips-compatible; fastest boot
Cisco IOS-XE (CSR1000v)	qcow2	2	4096 MB	Slow boot (~4 min); use snapshot
Cisco IOS-XR	qcow2	2	4096 MB	Requires vCPU pinning on large labs
Cisco NX-OS (N9Kv)	qcow2	2	8192 MB	Management interface on eth0
Cisco ASAv	qcow2	1	2048 MB	License: ASA runs without activation in eval mode
Juniper vMX / vQFX	qcow2	2	4096 MB	RE + PFE images required for vMX
Arista vEOS	qcow2	2	2048 MB	Boot disk + aboot.iso required
Palo Alto PAN-OS	qcow2	2	6144 MB	Requires bootstrap ISO — see Palo Alto Bootstrap
FortiGate	qcow2	1	2048 MB	Eval license from Fortinet portal
MikroTik CHR	raw/qcow2	1	256 MB	Free license for <1 Mbps
Ubuntu Server 22.04	qcow2	1	1024 MB	Use cloud-init image for fast deploy
Windows Server 2022	qcow2	2	4096 MB	Enable RDP during install; virtio drivers needed
pfSense	qcow2	1	1024 MB	Ideal as a lab firewall/router

⚠️

OML does not distribute vendor images. You must obtain images from Cisco CCO, Juniper customer portal, Palo Alto support portal, or equivalent official sources.

Images & Devices — 02

Uploading an Image #

Images live in /opt/OML/qemu-images/. Organise them in subdirectories by vendor:

directory layout

/opt/OML/qemu-images/
  cisco/
    c7200-adventerprisek9-mz.124-24.T5.bin
    csr1000v-universalk9.17.03.06.qcow2
  paloalto/
    PA-VM-KVM-10.1.0.qcow2
  ubuntu/
    ubuntu-22.04-server-cloudimg-amd64.img
  windows/
    win2022-base.qcow2

Via Admin UI #

1

Go to Admin → Images → Upload

Drag the image file onto the upload area or click to browse. Supported formats: qcow2, raw, vmdk (auto-converted), iso.
2

Fill in the image metadata

Set name, type (QEMU/IOL/Dynamips), default vCPU, default RAM, and interface count. These become the defaults when students drag this image onto the canvas.
3

Click Save

The image appears in the node panel immediately. No server restart needed.

Via SCP (large files) #

For images over a few GB, copy directly to the server and register via API:

bash

# Copy image to server
scp csr1000v.qcow2 oml@<server-ip>:/opt/OML/qemu-images/cisco/

# Register via API (replace TOKEN with your admin token)
curl -X POST https://<server>/api/v1/images/register \
  -H "Authorization: Bearer TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name":"CSR1000v","path":"cisco/csr1000v.qcow2","vcpus":2,"ram":4096,"nics":4}'

Images & Devices — 03

Palo Alto Bootstrap #

PAN-OS VMs require a bootstrap ISO to configure the management interface and initial credentials on first boot. OML can auto-generate and attach this ISO.

1

Enable bootstrap in OML settings

In /opt/OML/backend/.env (or Admin → Server Settings), set OML_PANOS_ATTACH_BOOTSTRAP=true. This is enabled by default.
2

Add a Palo Alto node to your lab

OML automatically generates a bootstrap ISO with: mgmt IP from the lab subnet, admin / OMLadmin1! as default credentials, panorama disabled.
3

Start the node

First boot takes 8–12 minutes. Watch VNC — the login prompt appears when PAN-OS is ready.
4

Access the web UI

PAN-OS web UI is on the management interface. Access it via the Management (OOB) network object or by connecting to the mgmt port from a Linux VM in the lab.

🔑

Default PAN-OS credentials after OML bootstrap: admin / OMLadmin1!. Change this immediately after first login.

Advanced — 01

Packet Capture #

Every link in OML can be captured in real time. Captures are stored on the server and can be downloaded as .pcap files openable in Wireshark.

Start a capture #

1

Right-click a link → Capture

The link turns orange to indicate capture is active. A counter shows the packet count in real time.
2

Generate traffic

Generate traffic through the link (ping, routing updates, HTTP, etc.). All L2 frames are captured — no filter on the capture side.
3

Stop and download

Right-click the link → Stop Capture → Download .pcap. The file is named lab-name_nodeA_nodeB_timestamp.pcap.

Live streaming to Wireshark #

Stream directly into a running Wireshark on your laptop using the OML pcap API:

bash

wireshark -k -i <(curl -s --no-buffer \
  -H "Authorization: Bearer TOKEN" \
  "https://<oml-ip>/api/v1/labs/<lab-id>/capture/<link-id>/stream")

Capture files are stored in /opt/OML/captures/ and are automatically pruned after 7 days.

Advanced — 02

AI Assistant #

OML includes a context-aware AI assistant that can help with config generation, protocol debugging, and topology design. It is aware of the current lab topology and can reference node names and link endpoints.

The assistant supports multiple backends — choose the one that fits your deployment.

Configure the AI backend #

Set one or more keys in /opt/OML/backend/.env (or Admin → Settings → AI):

.env

# Cloud — fastest, best quality
ANTHROPIC_API_KEY=sk-ant-...
OPENAI_API_KEY=sk-...

# Local — air-gapped, no API cost
OLLAMA_BASE_URL=http://localhost:11434
# Optional: for Ollama Cloud instead of local
OLLAMA_API_KEY=

# LM Studio
LMSTUDIO_BASE_URL=http://localhost:1234/v1

Using the assistant #

1

Open the assistant panel

Click the AI button in the top-right of any lab view, or press ? while the canvas is focused.
2

Ask a question

The assistant has context about your lab topology. Examples:
"Generate OSPF config for R1 and R2 connected on the R1-R2 link"
"Why would BGP not come up between SW1 and FW1?"
"Explain what this Wireshark output means"
3

Paste config directly to console

Click Copy on an AI-generated config block, switch to the console tab, and paste. The config is ready to run.

🤖

AI Assistant requires a Pro or Enterprise license. Pro New

Advanced — 03

Export & Import Labs #

Labs can be exported as a JSON bundle and imported on any OML instance. Disk images are not bundled — the target OML must have the same images installed.

Export #

Open a lab → top-bar ⋮ menu → Export Lab. Downloads a .oml file containing: topology (nodes, links, positions), node metadata (names, vCPU, RAM, NIC count), and saved snapshots (optional, large).

Import #

Dashboard → Import Lab → drag the .oml file. OML validates that all required images exist. If an image is missing, it's highlighted in red — you must upload it before the lab can start.

Ansible export #

Generate an Ansible inventory + playbook skeleton from your topology. Enterprise

Top-bar ⋮ → Export as Ansible. Produces inventory.yml (all nodes with mgmt IPs) and a site.yml stub ready to run with ansible-playbook.

What's New — 01

Release Notes (v1.0.4 → v1.0.8) #

OML ships continuously. The Update OML button on every appliance pulls the latest code from GitHub, rebuilds the frontend, restarts the backend, and bumps your /opt/OML/VERSION automatically. The headline changes since v1.0.4:

v1.0.8 — Community import & topology previews #

Send to OML button on every community lab at omllabs.com/community.html drops the lab straight into your library.
Live SVG topology preview rendered in the community detail modal — nodes coloured by vendor (blue = router, green = switch, red = firewall, amber = host, violet = cloud / ISP) with the actual link diagram.
Share a Lab upload now works end-to-end: the first .oml file you attach is parsed server-side and its topology becomes the preview for your post automatically — no manual screenshots.
New OML route /community-import?url=… — handles the cross-origin import + auth; PrivateRoute-gated.

v1.0.7 — Dual-serial console isolation #

Every QEMU node now boots with two -serial telnet: ports.
Primary (5000–5999) is USER only — HTML5 / Telnet / PuTTY. Nothing programmatic ever lands here.
Secondary (12000–12999) is BACKEND only — metrics poller, Bulk CMD, Scoring, Ping Test, IPAM sweep, packet-sim, AI tools. New MetricsBroker class multiplexes everyone safely.
Cisco IOS-family aux line auto-enabled on first boot via the existing console-paste path — no manual config required.

v1.0.6 — Console toolbar reliability #

Bulk CMD, Config Script, Ping Test (Connectivity Matrix), Ping Sweep, Protocols, Live Metrics, Heatmap, IP Address Map, Config Search, Scoring — all the toolbar features that previously failed with "Cannot connect to console" now work.
Root cause was QEMU's single-client serial telnet — fixed by routing every backend consumer through the shared ConsoleBroker.
IP Address Map now actively scrapes show ip interface brief and persists the discovered addresses to the Edit Node panel automatically.
Cisco-aware Ping Test (uses ping … repeat N on IOS, ping -c N on Linux). Connectivity matrix now accurate.
Config Search now searches both the named startup-config table AND the per-node node.startup_config column — finds text in any saved config.

v1.0.5 — ISP / Internet virtual node #

New 12-port ISP / Internet device template (Network Services category).
Each connected node port gets a real DHCP lease or static IP from a per-ISP dnsmasq + Linux-bridge + routing-namespace stack.
Two ISP nodes linked together are mutually reachable via a CGNAT (100.64.0.0/10) backbone — no NAT to the host's real WAN.
Renders on the World Map view as an internet cloud with cyan backbone arcs between interconnected ISPs.

v1.0.4 — Performance + QEMU Versions #

QEMU Version Manager in Settings — browse, download, install multiple QEMU versions side-by-side with namespace-wrapped modules; pick per node in Edit Node → Advanced.
Performance tuning layer (oml-perf-tune.service): KSM memory dedup + KVM halt_poll_ns=0 + THP=madvise; QEMU nodes launch with aio=io_uring, -overcommit mem-lock=off,cpu-pm=on, vhost on virtio NICs.
Docker container console fixed: legacy /console/ws/{node} serves a docker-exec PTY shell for container nodes.

💡

Existing appliances pick up new releases automatically through the Update OML button. If you haven't yet, see Update OML below.

What's New — 02

Update OML Button #

Settings → Updates card shows your current version and any commits available on origin/main. One click upgrades the appliance:

Stash any local edits on the appliance (so hot-fixes don't block the pull).
Pull the latest source from github.com/singhranjit/OML-FINAL.git.
apt-install any new runtime deps (e.g. dnsmasq for the ISP feature).
pip install updated Python requirements.
npm run build rebuilds the frontend bundle.
systemctl restart oml-backend + nginx -s reload.
Bumps /opt/OML/VERSION from the latest git tag or short hash.

What if it fails? #

The full log of the last upgrade is at /var/log/oml-update.log. Concurrent runs are locked via /tmp/oml-update.lock. If the pull aborts because of a dirty tree, the stash step at the top usually fixes it — but you can manually cd /opt/OML; git status; git stash; ./scripts/oml-update.sh --apply on the appliance.

⚠️

Update OML restarts the backend (a few seconds of API downtime); running labs stay up. The frontend will hard-reload — bookmark your lab IDs if you want to return to them immediately after.

Building Labs — 05

ISP / Internet Virtual Node #

The ISP node emulates a real ISP inside OML — not the public internet. Each of its 12 ports hands out a real DHCP lease (or a configured static IP) to whatever peer node you link to it. Two ISP nodes connected together are mutually reachable, so you can demonstrate "the Internet" between providers.

What you get per ISP #

A randomly-allocated CGNAT /24 from 100.64.0.0/10 (per-ISP, collision-checked against other ISPs in the same lab).
A real dnsmasq running inside an isolated Linux routing namespace — DHCP + DNS, no port-53 clash with the host.
A dedicated Linux bridge that every connected peer's TAP is moved onto.
Static IPs configurable per port in Edit Node → ISP panel.
No MASQUERADE to the host's real WAN — isolated by design.

How to use it #

Open the Node Panel on the left of the canvas, expand Network Services.
Drag ISP / Internet onto the canvas. (No vCPU / RAM — this is a 0-VM virtual node.)
Link any port of any real node (router, host, container) to one of the ISP's 12 ports.
Click Start All. Within ~30 seconds the peer's port shows the leased IP in Edit Node → Network tab.
To demonstrate two ISPs: drop a second ISP node, connect it to the first ISP via any spare port, restart. They share a deterministic /30 transit veth and BFS-route each other's /24 automatically. Ping across.

Lease writeback #

When dnsmasq hands out a lease, the dhcp-script hook posts it to a localhost-only backend endpoint, which writes ip_address + prefix_len into the peer's node.interfaces[]. The Edit Node panel renders this automatically — no UI work to display the lease. A periodic 10s reconciler is the belt-and-braces fallback.

🛰

On the World Map view, ISP-to-ISP links draw as thicker cyan backbone arcs — easy to see your "Internet" topology at a glance.

Node Management — 05

Dual-Serial Console Isolation #

From v1.0.7, every QEMU node boots with two serial ports:

Port	Range	Used by
Primary (`console_port`)	5000–5999	HTML5 console + raw-TCP Telnet/PuTTY proxy. USER only.
Secondary (`metrics_console_port`)	12000–12999	Metrics poller, Bulk CMD, Config Script, Ping Test/Sweep, Scoring, IPAM sweep, packet-sim, AI tools.

On Cisco IOS-family templates (IOSv, IOSvL2, CSR1000v, XRv, NXOSv, Cat9kv, ASAv) the second serial maps to line aux 0. OML auto-enables the aux line with no login / privilege 15 / exec / no exec-timeout shortly after the node finishes booting — you don't have to touch it.

What this means for you #

Typing in the HTML5 console is no longer interrupted by background show interfaces from the metrics poller.
Bulk CMD on R1 doesn't garble your prompt while you're working on R1 — the metric panel hits the aux line, your console stays clean.
Scoring pings, Ping Sweep flows, packet-sim probes — all route through the aux line.

Existing labs #

Nodes that were started before the upgrade keep their original single serial until you Stop & Start them — at which point QEMU is relaunched with the second -serial arg and node.metrics_console_port is populated. A legacy ConsoleBroker fallback path keeps everything working for not-yet-restarted nodes; just expect the old interference until you bounce them.

💡

You can verify by SSHing into the appliance and running ss -tnlp | grep qemu — a node restarted under 1.0.7 will show TWO listeners (e.g. 5004 + 12004) instead of one.

Building Labs — 06

Toolbar Reference #

Every lab has two toolbar rows above the canvas. LAB is for editing the topology; ANALYSIS is for inspecting it. Here's what every button does:

LAB row #

Button	What it does
Notes	Per-lab markdown notes. Persists with the lab.
Activity	Audit log: who started/stopped what, when.
Boot Seq	Set a sequenced startup (e.g. ISP first, then routers) so nodes that depend on others boot in order.
Auto-Stop	Schedule a lab to auto-stop after N minutes — useful for classrooms.
Auto-Start	Schedule a lab to auto-start at a fixed time.
Preflight	Sanity-checks the lab before Start All (missing images, port conflicts, low RAM, etc.).
Startup Cfg	Open the per-node startup-config editor.
Profiles	Lab-wide canvas / style profiles.
Variables	Template variables you can reference from any node's startup-config.
Cfg Search	Full-text search across every node's startup-config. See Config Search.
Script	Push a multi-line config block to one or many nodes. Exec or Config mode. See Bulk Command + Script.
Ansible	Export an Ansible inventory for the running lab.
Bulk CMD	Multi-Node Dispatcher — run one command on many nodes at once.
Snaps	Lab snapshots — save and restore the whole topology + configs.
Workbook	Per-lab markdown workbook for lab-as-document.
Topology	Attach reference pictures (PDFs, PNGs) to the lab.
Sticky	Add a sticky note to the canvas.
Region	Add a labelled region box around a group of nodes.
Shortcuts	Keyboard shortcut cheat sheet (press `?`).
AI	AI Assistant chat (Claude). Configure in Admin → AI Settings.
3D / Rack / Map / Services	Alternate canvas views: isometric 3D, 42U rack, world map, network-services overlay.
Study	Opens the integrated Study Library (CCNA→CCIE topic packs).

ANALYSIS row #

Button	What it does
IPAM	IP Address Map — every interface, where it's known. See IP Address Map.
Subnet	Subnet calculator.
Ping Test	Connectivity Matrix — pings every node to every other. See Ping Test / Sweep.
Protocols	OSPF neighbours / BGP sessions / interface status, live. See Protocols & Metrics.
Metrics	Live CPU / interfaces / routes per node.
Heatmap	Colour links by real interface counter utilisation.
Captures	Per-link packet captures (PCAPs).
Recordings	Session recordings of console interactions.
Sweep	Ping Sweep — pick a source, sweep all other nodes.
Paths	Path Finder — click two nodes, highlight every path between them.
Drift	Config drift between snapshots.
Report	Generate a PDF/Markdown report of the lab.
Timeline	Event timeline view.
IP Map	Map IPs to nodes/interfaces (alias for IPAM).
Guide	Lab Guide — step-by-step exercise renderer.
Schedule	Lab Scheduler — release/expiry times for classroom mode.
Dashboard	Per-lab dashboard widgets.
Alerts	Metric alert rules (e.g. CPU > 90 % for 60 s).
Audit	Topology audit (loops, unused interfaces, naming consistency).

Node Management — 06

Bulk Command + Config Script #

Two related toolbar tools. Both run commands on the BACKEND console (the dual-serial aux line in v1.0.7+) so they never collide with your typing.

Bulk CMD (Multi-Node Dispatcher) #

Pick a subset of running nodes, type one command, hit Send. Output is shown per node, side-by-side. Includes quick-commands (show ip int br, show ip route, show ip ospf neighbor, show bgp summary, show version, show run). Click Copy All to grab a transcript.

Script (Config Script Sender) #

Push a multi-line config block to many nodes at once. Two modes:

Config Mode — OML auto-wraps your block with enable + configure terminal ... end + write memory.
Exec Mode (as-is) — sends your text verbatim. Use this for show commands or for non-Cisco devices.

Optional Before/After Verify field — runs the same verify command (e.g. show ip int br) before and after, and diffs the output.

💡

Profiles let you save commonly-used scripts. The dropdown at the top of the modal stores them per-user.

Tools & Analysis — 01

Protocols, Live Metrics & Heatmap #

OML's metrics collector polls every running node every 5 seconds via the backend (aux) console. Five panels consume the data:

Protocols panel #

OSPF Neighbors tab — per-node table of Neighbor ID / State (FULL/2WAY/INIT) / Interface / Address / Dead.
BGP Sessions tab — per-node Neighbor / AS / State (Established / Active / Idle) / msgs received / sent.
Interfaces tab — interface + status + protocol + in-bps + out-bps.

Live Metrics panel #

Four tabs: Overview (CPU %), Interfaces, Routes (per-node route count), Alerts (configured alert rules + recent firings).

Heatmap toggle #

Toggle the Heatmap button on the toolbar — every edge on the canvas colours by utilisation (blue = idle traffic, green = light, amber = moderate, red = saturated). Idle links stay grey. Uses the same metrics stream, so it lights up the same moment the data arrives.

💡

If a panel is empty for a known-good lab, give it 5–10 seconds — the collector runs on a tick. Persistent emptiness usually means the node hasn't reached its IOS prompt yet; check the console.

Tools & Analysis — 02

IP Address Map (IPAM) #

A single pane showing every interface OML knows about, grouped by node. Sources merged in order of precedence:

Configured — anything in node.interfaces[].ip_address (set manually in Edit Node, or written by DHCP).
Discovered (1.0.6+) — active scrape of show ip interface brief on every running Cisco-style node, cached for 30 s and persisted back to node.interfaces[].ip_address so the Edit Node panel auto-fills.
Learned — passive observation of human-typed commands in the HTML5 console.

Each row badges its source. Conflict highlighting: same IP claimed by two interfaces is flagged in red. Copy CSV exports the whole table.

Tools & Analysis — 03

Config Search #

Full-text search across every node's saved config in the lab. Type any token (an IP, an interface name, a route-map, a community string) — hits show with two-line context and the matching line highlighted. Click a result to jump to that node's startup-config editor.

From 1.0.6 the search now covers both:

The node_startup_configs table (named/saved config records).
The nodes.startup_config column (the active config attached to the node).

Prior versions searched only the table — which is empty in most labs — and appeared "broken". That's fixed.

Tools & Analysis — 04

Ping Test & Ping Sweep #

Two complementary reachability tools.

Connectivity Matrix (Ping Test) #

Click Run Test — OML pings from every running node to every other node's first configured IP and renders a coloured matrix (green = reachable, red = unreachable). Cisco vs Linux ping syntax is detected per source-node template (1.0.6+): IOS uses ping <ip> repeat 2 timeout 1; Linux uses ping -c1 -W1. Output parser accepts both !!/Success rate (IOS) and N received/bytes from (Linux).

Ping Sweep #

Pick one source node, sweep all other nodes. Live status per destination (idle → running → up/down) with RTT min/avg/max + loss. Real-time animations through the canvas via the packet-sim WebSocket. Export CSV for ticketing or write-ups.

⚠️

Connectivity Matrix tests each destination's first interface IP only (to keep the matrix fast). Without OSPF/BGP routing, you'll only see green for directly-connected /30 pairs — that's accurate, not a bug. Use Ping Sweep for a more thorough single-source test.

Tools & Analysis — 05

Lab Scoring #

Define objectives that auto-evaluate the lab — perfect for classrooms or self-graded exercises. Click Scoring in the toolbar, then + Add Objective.

Objective types #

Connectivity / Ping — From node A, ping IP X. Pass if ≥ N % success.
Routing — Node A has route to prefix X via interface Y / next-hop Z.
Protocol state — OSPF adjacency on node A in state FULL / BGP session Established with peer X.
Config check — A regex matches the running config of node A.
Performance — CPU below threshold for N seconds / link utilisation.
Security — ACL N denies prefix X / port Y closed on host Z.

Click Preview to run all objectives now without saving the score. Each objective shows pass/fail + the parsed evidence. From 1.0.6+ every objective runs on the backend (aux) console — no interference with your typing.

Tools & Analysis — 06

World Map View #

Toggle the Map button in the toolbar to switch the canvas from logical view to a Leaflet world map. Drag each node to a real city; OML persists the lat/lon in node.extra_config.location. Edges between nodes draw as great-circle arcs.

ISP-to-ISP backbone arcs render thicker, cyan, with a faster dash animation — instantly visible as your "Internet" topology.
Right-click any node → "Set city" to pick from a list of major cities, or type a lat/lon directly.
Map state is part of the lab snapshot — exporting and importing the lab preserves it.

Sharing & Community — 01

Community Labs — Download & Send to OML #

Browse community labs at omllabs.com/community.html. Each card opens a detail modal with:

Topology preview — auto-rendered SVG showing nodes (coloured by vendor) and links exactly as you'll see them on the canvas.
⬇ Download — saves the lab as an .oml file you can manually Import Lab from the OML dashboard.
↗ Send to my OML — opens your OML at /community-import?url=… in a new tab. First click prompts for your OML URL (e.g. http://192.168.1.79), saved in your browser's localStorage. Subsequent clicks reuse it.

What "Send to OML" actually does #

Opens your OML's /community-import?url=… page (PrivateRoute — sends you to login first if needed).
Fetches the lab bundle from license.omllabs.com (host-safelisted).
Shows a confirmation card with title / description / tags / notes.
You confirm → OML POSTs the bundle to its own /api/labs/import → lands in your Labs list.

💡

Change your OML URL anytime via the "⚙ Change my OML URL" link at the bottom of the detail modal.

Sharing & Community — 02

Share a Lab on omllabs.com #

Hit + Share a Lab in the omllabs.com/community.html nav. You'll need a (free) omllabs account. Fill in title, description, category, difficulty, tags, then drag-and-drop your files (up to 5 — .oml / .pdf / .txt / .cfg / .png / .jpg, 5 MB each max).

Auto-generated topology preview #

Attach an .oml file (export from Dashboard → Export Lab) and the license server parses it server-side, extracts the nodes + links, and uses them as your post's topology preview — automatically. The SVG renders exactly the same way as for the curated labs.

To export your lab as .oml: open your lab → ⋯ menu → Export Lab (JSON) → save the downloaded file → upload it here.

Privacy & policies #

Files are scanned for viruses; executable files are rejected.
Vendor images (Cisco IOSv, PAN-OS, etc.) are not distributed — only your lab definition (topology + configs).
Sharing a lab does not share secrets in startup-configs unless you include them deliberately. Review the .oml before uploading.

Help — 01

Troubleshooting #

Node stuck in "Starting" #

The most common cause is insufficient RAM or vCPU. Check server resources:

bash

free -h && nproc
journalctl -u oml-backend -n 50 --no-pager

If the log shows qemu: cannot set up guest memory, reduce RAM on the node or stop other running nodes.

Console shows blank / no output #

Press Enter once — some images output nothing until you interact. If still blank after 30 seconds, check that the Telnet port is reachable from your browser:

bash

telnet <oml-server-ip> <console-port>

"Failed to fetch" in browser #

Usually a CORS or DNS issue. Check that:

The OML backend is running: systemctl status oml-backend
The server URL resolves from the browser's DNS (not a private IP)
ALLOWED_ORIGINS in .env includes the frontend URL

Palo Alto stuck at boot #

PAN-OS boots slowly (8–12 min). If stuck past 15 min, check that OML_PANOS_ATTACH_BOOTSTRAP=true is set and the VM has at least 6144 MB RAM and 2 vCPUs.

Check backend logs #

bash

# Live tail
journalctl -u oml-backend -f

# Last 100 lines
journalctl -u oml-backend -n 100 --no-pager

# QEMU process list
ps aux | grep qemu

Help — 02

FAQ #

Can OML run on a laptop? #

Yes, for small labs. Import the OVA into VMware Workstation (Windows/Linux) or VMware Fusion (Mac). A laptop with 16 GB RAM and 4+ cores can comfortably run 3–5 lightweight nodes (Cisco IOS, MikroTik). Assign at least 8 GB RAM and 4 vCPUs to the OML VM and enable CPU virtualization pass-through.

Does OML need internet access? #

No. After installation OML is fully air-gapped. The only optional internet calls are the AI assistant (if using a cloud backend like OpenAI/Anthropic) and license activation. Both can be disabled.

How many students can share one server? #

Depends on hardware. A typical 32-core / 128 GB server can support 20–30 students each running a 5-node lab simultaneously. Labs are isolated — students only see their own labs.

Can I share a lab with students? #

Instructors can clone a master lab to all students with one click: Lab menu → Clone to users. Each student gets their own isolated copy.

What happens when my license expires? #

OML drops back to Free tier (5 node limit). Existing labs are preserved and can still be opened — just limited. Renew from the same pricing page; the token email arrives in under a minute.

Is OML open source? #

The core network emulation engine is proprietary. The REST API is documented at /api/docs on your OML instance (Swagger UI).

How do I get support? #

Email [email protected]. Enterprise customers get priority response within 4 hours (business hours IST). Community support is also available via the forum link in the nav.