Dynamic Reconfiguration in Spire

I designed and implemented a fully dynamic reconfiguration system for Spire, a multi-site distributed network platform, enabling runtime updates to topology, cryptographic keys, and component roles without downtime. This work eliminated compile-time configuration assumptions and introduced secure, system-wide live transitions across a 26-node deployment.

Control center failure and restoration scenario — A screenshot explaining the demonstration including control center failure, mobile replacement, and full system restoration via live reconfiguration.

What I Built

Architected a complete runtime reconfiguration pipeline spanning configuration generation, secure dissemination, and coordinated node-level transitions
Replaced deeply embedded compile-time constants with dynamically loaded YAML configuration across the entire codebase
Designed and implemented a hybrid cryptographic scheme (AES-256 + RSA-OAEP) supporting secure key rotation and per-node configuration access
Built a custom reliable multicast protocol with fragmentation, acknowledgment tracking, and retransmission logic
Refactored core C/C++ components to support safe reinitialization during live configuration transitions

System Architecture

Config Manager: Generates and signs new system configurations, validating topology, roles, and key material before release.

Config Disseminator: Reliably distributes configuration packages across unreliable multi-site links using a custom multicast protocol.

Config Agent: Runs on every node, validates configuration authenticity, stages changes, rotates keys, and coordinates local service transitions without disrupting active operations.

Reproducible 26-Node Demonstration Infrastructure

To validate the system under realistic conditions, I engineered a fully reproducible multi-site deployment environment.

Live 26-node deployment with control centers and data center logs — A screenshot of the demonstration explaining the content of each terminal view.

Created a custom AlmaLinux-based Docker image compiling the full Spire stack from source (Spines, Prime, SCADA Master, benchmarks)
Automated dependency installation, configuration setup, build steps, and cryptographic key generation
Designed a Docker Compose topology launching 26 containers on a deterministic bridged subnet with static IP addressing
Developed orchestration scripts to start replicas, clients, and benchmark workloads across containers
Enabled network control capabilities for realistic distributed behavior testing

This environment allowed live demonstrations of topology changes, key rotation, and coordinated system transitions across all nodes with zero downtime.

Key Technical Challenges

Eliminating Static Assumptions: The original system relied on compile-time constants for site counts, replica numbers, and network parameters. I systematically removed these dependencies and redesigned initialization logic to safely support runtime parameter changes.

Secure Key Rotation: Implemented key versioning and hybrid encryption to allow nodes to handle overlapping key sets during transitions while securely discarding deprecated material.

Reliable Multi-Site Delivery: Designed fragmentation and retransmission mechanisms ensuring complete configuration delivery before any node transitioned state.

Technologies

C / C++
OpenSSL
Docker & Docker Compose
Python orchestration tooling
Distributed systems design

Impact

Improved system usability and resilience by enabling dynamic reconfiguration and automated key generation, reducing manual setup and simplifying deployment.