In its second year, the ARIN Community Grant Program will fund eight projects that improve the health and well-being of the Internet and make a positive contribution to the ARIN region (which includes Canada, the United States, and parts of the Caribbean). Congratulations to the 2020 ARIN Community Grant recipients!
The eight projects selected to receive a grant in 2020 include:
Build-out of Internet Exchange Points in the Caribbean Region
Caribbean Network Operators Group (CaribNOG) | Weston, FL, USA | Grant amount: $12,500
The objective of the project is to develop nascent Internet Exchange Points (IXPs) in the Caribbean Region and help them become significant components of their countries’ domestic Internet infrastructure. In many cases across the Region, we have stakeholders who have agreed in principle to exchange domestic traffic at IXPs or have even taken the first step by establishing peering at a shared facility. However, the initiatives have not borne fruit in all cases, due to the absence of a wider enabling environment, ongoing access to expertise, and lack of the right equipment.
This multi-country, multi-year plan seeks to address the status quo by: (a) assisting with the bringing together of the technical community and other stakeholders, (b) providing access to persons with expertise and prior experience, (c) reviewing existing systems and structures with a view to recommending improvements, (d) providing needed equipment, (e) assisting with equipment installation, and (f) delivering training. We believe this specific injection of guidance, equipment and in-person collaboration, together with the ongoing support of the CaribNOG community, will be sufficient to catalyze a self-sustaining process at each IXP.
IPv6 Security, Applications, and Training for Enterprises
Industry Network Technology Council (INTC) | Austin, TX, USA | Grant amount: $12,500
Enterprise IPv6 adoption has lagged. In 2019, INTC provided IPv6 training to enterprise technicians. In 2020, we propose an initial assessment of security and application conversion at large enterprises and to continue our training efforts. We hope this time to involve 5 – 10 enterprises. Additionally, we propose involving another Internet registry, APNIC, as lack of adoption of IPv6 at enterprises is a global problem. Security, application conversion and training were seen as problems in our survey of enterprises as they anticipate IPv6 migration. We will create:
An application inventory:
- Common enterprise applications, middleware, code libraries, and other software
- IPv6 support of the above
- Methodology for doing an enterprise application assessment
A security inventory:
- Common enterprise IPv4 security defense mechanisms and usage (IDS / IPS, ACLs, virus checkers, malware, etc.) categorized by topology and function (client, server, backbone network, cloud)
- Potential new IPv6 attacks given the environment above
- How to do IPv6 security defense given the above
- Methodology for doing an enterprise security assessment
- Initial assessment of enterprise security products and platforms
- IPv6 Trace Reading 101
- IPv6 Troubleshooting
Integrated IPv6 Research
Saatvik Research | Silver Springs, NV, USA | Grant amount: $10,000
This project endeavors to: 1. build a relational database of existing, standalone datasets from ARIN (expanding to all 5 registries), NIST, vyncke.org and business databases, 2. host the resulting relational database, 3. make the integrated relational database publicly available for IPv6 research.
The initial body of research from the relational database will define leading indicators of IPv6 adoption to complement the more common lagging indicator of traffic. Gaining an understanding of enterprise IPv6 adoption trends by analyzing the standard deviations from address acquisition through service enablement of web, DNS & email is critical for policy making bodies (government, non-profit and private) to estimate IPv6 adoption timelines as well as industry-specific adoption strategies and incentives.
CrypTech | Amsterdam, The Netherlands | Grant amount: $6,000
Working since 2014, the CrypTech Project has developed an open-source hardware cryptographic engine design to meet the needs of high assurance Internet infrastructure systems that use cryptography. Our open-source hardware designs are aimed to be of general use to the broad Internet community, covering needs such as securing email, web, DNSSEC, PKIs, etc. The project has produced a design and hardware boards that have been used in various experiments and tests, and now an external product. We are proud to say that the current design has been the subject of a positive external security evaluation. The CrypTech core team is now completing the next generation of designs thanks in part to previous funding from an ARIN Community Grant. We will be producing a board to verify the changes made to the previous design, validating the 10x performance improvement we’ve already achieved, and assessing what additional improvements will be possible in the new design.
Bringing Back Voice Peering: Operational Lessons for Reference Technical & Organisational Architectures
Canadian Voice Peering Project | Toronto, ON, Canada | Grant amount: $5,000
The Canadian Voice Peering Project is a not-for-profit, cooperative effort to establish a rich, secure mesh of direct, Internet-Protocol-based interconnection, using the SIP and ENUM protocols, for calls between Canadian telephone numbers — the voice version of a local Internet exchange. Surprisingly, such a voice exchange is not used widely today. However, that was not true in the past: in the 2000s, a number of voice peering projects got started, and lasted for a while, before disappearing. “Bringing Back Voice Peering” will uncover and publish the oral history of these peering projects, including what worked both organisationally and technically and what didn’t, resulting in a final report on operational lessons for a reference architecture for voice peering projects.
RPKI origin validation visibility for Check My DNS
OARC, Inc | Indianapolis, IN, USA | Grant Amount: $5,000
Check My DNS is a custom developed DNS nameserver that creates dynamic delegated subdomains to enable clients to query for never-seen-before resource records in order to support a general-purpose framework for testing DNS resolvers. In late 2019 our software engineer, Jerry Lundström, started to look into how an RPKI origin validation check for DNS resolver could be possible as he got inspired by RIPE NCC’s RPKI web tester. With the collaboration between OARC, RIPE NCC, NLnet Labs and NTT we got access to the same system running RIPE NCC’s RPKI web tester to run a proxy for Check My DNS so an RPKI origin validation check could be added. At that time, we did not have the resources to fully add this check to the web UI of Check My DNS so the check is only accessible via a command line tool. This project will aim towards adding visibility for the RPKI origin validation check on Check My DNS in a way that is as user-friendly as possible.
Virtual School of Internet Governance
Foundation for Building Sustainable Communities | Oshawa, ON, Canada | Grant amount: $5,000
The Virtual School of Internet Governance is a free MOOC (Massive Open Online Courseware) dedicated to the key pillars of Internet Governance. We are using MOODLE which provides the framework including student registration, online forums, Bluejean chats, student assignments, quizzes and more. The rich content focuses on the primary learning objectives as found in face to face schools of Internet Governance. Due to COVID 19, these schools are either halted or seriously postponed. Our online courseware provides an integrated taxonomy from the novice to the advanced student to learn the basics of Internet Governance.
We encourage residents of North America and the West Indies to participate in the free course. Enrollment is available on the Virtual School of Internet Governance website.
RRDP support for rpki-client
rpki-client | Amsterdam, The Netherlands | Grant amount: $4,000
rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure (RPKI) for Relying Parties (RP) to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system and outputs Validated ROA Payloads in various configuration formats. rpki-client does not yet support the RRDP protocol for pulling data publication points via the RRDP protocol. Extending rpki-client to support RRDP will in the long term improve RPKI usability for both ARIN and rpki-client users as the use of RRDP reduces the reliance on ARIN’s rsync servers.
Thanks to everyone who applied!
We are pleased to support these initiatives that improve the overall Internet industry and Internet user environment, advance ARIN’s mission, and broadly benefit the Internet community within the ARIN region.
Next year’s program
We will issue a call for applications for next year’s program in the spring of 2021. If you know of a project that needs funding, is not for commercial gain, and benefits the Internet community within the ARIN region, consider applying for a grant next year. Details about the program and information on how to apply will be posted to our ARIN Community Grant Program page, and we will send out an email via arin-announce once the application period opens.
We look forward to growing the Internet together.