2020 ARIN Community Grant Program Recipients

2020 ARIN Community Grant Program Recipients

Applications	13
Organization Type	1 association, 7 corporations, 5 "other" orgs
Organization Region	2 Canada, 7 United States, 1 Caribbean, 3 outside ARIN region
Category (some projects identified multiple categories)	9 Internet technical improvements, 5 Registry processes and technology improvements, 5 Informational outreach, 3 Research
Total funding requested (USD)	$305,965
Average funding requested (USD)	$23,536
Projects selected to receive a grant	8
Total funding provided (USD)	$60,000

Project summaries provided by grant recipients.

Build-out of Internet Exchange Points in the Caribbean Region

Caribbean Network Operators Group
Weston, FL, USA
Grant amount: $12,500

The objective of the project is to develop nascent Internet Exchange Points (IXPs) in the Caribbean Region and help them become significant components of their countries’ domestic Internet infrastructure. In many cases across the Region, we have stakeholders who have agreed in principle to exchange domestic traffic at IXPs or have even taken the first step by establishing peering at a shared facility. However, the initiatives have not borne fruit in all cases, due to the absence of a wider enabling environment, ongoing access to expertise, and lack of the right equipment.

This multi-country, multi-year plan seeks to address the status quo by: (a) assisting with the bringing together of the technical community and other stakeholders, (b) providing access to persons with expertise and prior experience, (c) reviewing existing systems and structures with a view to recommending improvements, (d) providing needed equipment, (e) assisting with equipment installation, and (f) delivering training. We believe this specific injection of guidance, equipment and in-person collaboration, together with the ongoing support of the CaribNOG community, will be sufficient to catalyze a self-sustaining process at each IXP.

IPv6 Security, Applications, and Training for Enterprises

Industry Network Technology Council
Austin, TX, USA
Grant amount: $12,500
Project Report

Enterprise IPv6 adoption has lagged. In 2019, INTC provided IPv6 training to enterprise technicians. In 2020, we propose an initial assessment of security and application conversion at large enterprises and to continue our training efforts. We hope this time to involve 5 – 10 enterprises. Additionally, we propose involving another Internet registry, APNIC, as lack of adoption of IPv6 at enterprises is a global problem. Security, application conversion and training were seen as problems in our survey of enterprises as they anticipate IPv6 migration. We will create:

An application inventory:

• Common enterprise applications, middleware, code libraries, and other software
• IPv6 support of the above
• Methodology for doing an enterprise application assessment

A security inventory:

• Common enterprise IPv4 security defense mechanisms and usage (IDS / IPS, ACLs, virus checkers, malware, etc.) categorized by topology and function (client, server, backbone network, cloud)
• Potential new IPv6 attacks given the environment above
• How to do IPv6 security defense given the above
• Methodology for doing an enterprise security assessment
• Initial assessment of enterprise security products and platforms

Training classes:

• IPv6 Trace Reading 101
• IPv6 Troubleshooting

Integrated IPv6 Research

Saatvik Research
Silver Springs, NV, USA
Grant amount: $10,000
Project Report

This project endeavors to: 1. build a relational database of existing, standalone datasets from ARIN (expanding to all 5 registries), NIST, vyncke.org and business databases, 2. host the resulting relational database, 3. make the integrated relational database publicly available for IPv6 research.

The initial body of research from the relational database will define leading indicators of IPv6 adoption to complement the more common lagging indicator of traffic. Gaining an understanding of enterprise IPv6 adoption trends by analyzing the standard deviations from address acquisition through service enablement of web, DNS & email is critical for policy making bodies (government, non-profit and private) to estimate IPv6 adoption timelines as well as industry-specific adoption strategies and incentives.

CrypTech Project

CrypTech
Amsterdam, The Netherlands
Grant amount: $6,000
Project Report

Working since 2014, the CrypTech Project has developed an open-source hardware cryptographic engine design to meet the needs of high assurance Internet infrastructure systems that use cryptography. Our open-source hardware designs are aimed to be of general use to the broad Internet community, covering needs such as securing email, web, DNSSEC, PKIs, etc. The project has produced a design and hardware boards that have been used in various experiments and tests, and now an external product. We are proud to say that the current design has been the subject of a positive external security evaluation. The CrypTech core team is now completing the next generation of designs thanks in part to previous funding from an ARIN Community Grant. We will be producing a board to verify the changes made to the previous design, validating the 10x performance improvement we’ve already achieved, and assessing what additional improvements will be possible in the new design.

Bringing Back Voice Peering: Operational Lessons for Reference Technical & Organisational Architectures

Canadian Voice Peering Project
Toronto, ON, Canada
Grant amount: $5,000

The Canadian Voice Peering Project is a not-for-profit, cooperative effort to establish a rich, secure mesh of direct, Internet-Protocol-based interconnection, using the SIP and ENUM protocols, for calls between Canadian telephone numbers – the voice version of a local Internet exchange. Surprisingly, such a voice exchange is not used widely today. However, that was not true in the past: in the 2000s, a number of voice peering projects got started, and lasted for a while, before disappearing. “Bringing Back Voice Peering” will uncover and publish the oral history of these peering projects, including what worked both organisationally and technically and what didn’t, resulting in a final report on operational lessons for a reference architecture for voice peering projects.

RPKI origin validation visibility for Check My DNS

OARC, Inc
Indianapolis, IN, USA
Grant Amount: $5,000
Project Report

Check My DNS is a custom developed DNS nameserver that creates dynamic delegated subdomains to enable clients to query for never-seen-before resource records in order to support a general-purpose framework for testing DNS resolvers. In late 2019 our software engineer, Jerry Lundström, started to look into how an RPKI origin validation check for DNS resolver could be possible as he got inspired by RIPE NCC’s RPKI web tester. With the collaboration between OARC, RIPE NCC, NLnet Labs and NTT we got access to the same system running RIPE NCC’s RPKI web tester to run a proxy for Check My DNS so an RPKI origin validation check could be added. At that time, we did not have the resources to fully add this check to the web UI of Check My DNS so the check is only accessible via a command line tool. This project will aim towards adding visibility for the RPKI origin validation check on Check My DNS in a way that is as user-friendly as possible.

Virtual School of Internet Governance

Foundation for Building Sustainable Communities
Oshawa, ON, Canada
Grant amount: $5,000
Project Report

The Virtual School of Internet Governance is a free MOOC (Massive Open Online Courseware) dedicated to the key pillars of Internet Governance. We are using MOODLE which provides the framework including student registration, online forums, Bluejean chats, student assignments, quizzes and more. The rich content focuses on the primary learning objectives as found in face to face schools of Internet Governance. Due to COVID 19, these schools are either halted or seriously postponed. Our online courseware provides an integrated taxonomy from the novice to the advanced student to learn the basics of Internet Governance.

RRDP support for rpki-client

rpki-client
Amsterdam, The Netherlands
Grant amount: $4,000
Project Report

rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure (RPKI) for Relying Parties (RP) to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system and outputs Validated ROA Payloads in various configuration formats. rpki-client does not yet support the RRDP protocol for pulling data publication points via the RRDP protocol. Extending rpki-client to support RRDP will in the long term improve RPKI usability for both ARIN and rpki-client users as the use of RRDP reduces the reliance on ARIN’s rsync servers.