| 
(preshared keys) method.• IKE_CERTFILE=, where is a valid X.509 certificate file for the host.• IKE_PEER_CERTFILE=, where is a valid X.509 certificate file for theremote host.• IKE_DNSSEC=, where is yes. The racoon daemon retrieves the remotehost's X.509 certificate via DNS. If a IKE_PEER_CERTFILE is specified, do not include thisparameter.For more information about the encryption algorithms available for IPsec, refer to the setkeyman page. For more information about racoon, refer to the racoon and racoon.conf manpages.2.3. Channel Bonding InterfacesRed Hat Enterprise Linux allows administrators to bind multiple network interfaces together intoa single channel using the bonding kernel module and a special network interface called achannel bonding interface. Channel bonding enables two or more network interfaces to act asone, simultaneously increasing the bandwidth and providing redundancy.To create a channel bonding interface, create a file in the /etc/sysconfig/network-scripts/directory called ifcfg-bond, replacing with the number for the interface, such as 0.The contents of the file can be identical to whatever type of interface that is getting bonded,such as an Ethernet interface. The only difference is that the DEVICE= directive must bebond, replacing with the number for the interface.The following is a sample channel bonding configuration file:DEVICE=bond0 BOOTPROTO=none ONBOOT=yes NETWORK=10.0.1.0NETMASK=255.255.255.0 IPADDR=10.0.1.27 USERCTL=noAfter the channel bonding interface is created, the network interfaces to be bound together mustbe configured by adding the MASTER= and SLAVE= directives to their configuration files. Theconfiguration files for each of the channel bonded interfaces can be nearly identical.For example, if channel bonding two Ethernet interfaces, both eth0 and eth1 may look like thefollowing example:DEVICE=eth BOOTPROTO=none ONBOOT=yes MASTER=bond0 SLAVE=yes USERCTL=noIn this example, replace with the numerical value for the interface.For a channel bonding interface to be valid, the kernel module must be loaded. To insure thatthe module is loaded when the channel bonding interface is brought up, add the following line to/etc/modprobe.conf:Chapter 8. Network Interfaces124 |
