Posted on 10-29-2024 11:47 AM
We are looking to set up a content cache server in a network that has more than two public IP addresses, with devices connected through GlobalProtect VPN. Could someone please guide me on how to configure the custom Public IP address section to ensure that devices can access the cache, whether they are connected via GlobalProtect or directly to the local network? All devices are enrolled at Jamf.
Solved! Go to Solution.
3 weeks ago
when i dig at client machine it can resolve dns query but when use AssetcacheLocatorUtil device says 0 cache content found.
-->> This is because you are using "Devices using the same local network"
you can scan IP using Angry IP scanner app / ask the IP range to the Network Engineer team to add IP in " Cache Content For > devices using custom local networks "
Posted on 10-29-2024 01:12 PM
@tahir Unless a Mac has an IP address on the local network with your Mac that has content caching enabled it's probably not going to work, but if you want a caching server to work with custom IP addresses you'll need the ability to modify the DNS records for your network so you can apply the settings described in Apple's https://support.apple.com/guide/deployment/use-dns-txt-records-depe6ded0780/web document.
a month ago
We utilize GlobalProtect as our VPN and have 13 gateways, each assigned a unique public IP address. We also have three public IP addresses for the ISP, which will be used if devices are not connected to GlobalProtect; these devices will connect to a random ISP. All devices are enrolled in Jamf. Please provide guidance based on this configuration.
a month ago
@sdagley kindly answer this question.
a month ago
I have another question about this. Initially, I enabled content caching in Mac Studio and checked one client machine using the command sudo assetcachelocatorutil
. It showed 'Found 1 content cache,' at this instance both the server and client shared the same public IP. After that, I activated the GlobalProtect VPN, which changed the client's public IP. However, when I checked again with the command, it still said 'Found 1 content cache,' despite indicating the new public IP address. I selected the option 'Use one public IP address' in the advanced settings, so I'm puzzled why it's still detecting the content cache with the VPN active.
a month ago
Does your GP configuration force all traffic through he tunnel, or does it still allow local only traffic? It could also be that the Mac Studio located the caching server via IPv6 and your GP tunnel only routes IPv4.
a month ago
@sdagley I think when devices are connected to the office internet, traffic is being routed locally, while the GlobalProtect tunnel only handles IPv4. I'll follow up with the network team to get more clarity on this. Please guide accordingly also let me know cache server works on IPv6 only ?
a month ago
Sorry, I can't advise you on the operation of a caching server since I don't use one. I just know that Apple utilizes IPv6 for many services, so you need to account for that when configuring things like a VPN.
a month ago
@sdagley can you please guide me how to manage multiple IP address in your case. i think now i have to go with multiple IP address approach.
I tried another approach. In the previous case, both devices were connected to open internet. Now, I connected the cache server via Ethernet and the client device to the same network over Wi-Fi. This time, the client couldn't find any cache server, regardless of whether GlobalProtect was on or off.
a month ago
@tahir
preparations that can be done:
1. prepare List public ip
2. prepare List local ip (IP range in all VLANs)
for example in mine there are 2000 IPs
192.168.0.1 - 192.168.20.255
3. List IP Content Caching (if there is more than 1 mac Content Caching)
4. Prepare one of the Mac Content Caching IPs from the highest spec (Ethernet Speed and large Storage) , become Parent .
Start:
Open System Setting > General > Sharing > Content Caching ( press button i )
Advanced Option
** If you only see Option, press the keyboard option, then Advanced Option will appear.
Set the storage to be used
Clients Settings
Content Caching For > Device Using custom Local Network ( No2 . IP range in all VLANs, Start 192.168.0.1 - End 192.168.20.255 )
My Local Network > Use custom public IP Addresses ( Enter the public IP that you have, start and end with the same IP, If there are 3 public IPs, add + to the three public IPs. )
Peers Setting
Share Content With > content caches using custom local Network ( No 3. IP Content Caching , If you want each caching content to share with each other, enter All IPs of Mac Content Caching )
Parents Setting
Enter the IP of one of the Content Caching MACs that has the largest storage and fastest Ethernet speed as the parent.
here i use Round Robin setting.
Capture Content Caching results
3 weeks ago
Thank you so much for putting in such a great effort.
Below is my configuration. Kindly review it and let me know if I'm making any mistakes or if there's anything I can improve."
Step 1: i turned On content Cache
Step 2: Create seperate volume for content Cache
Step 3:
Cache content for : Devices using the same local networks:
My local network setup: I’m using custom public IP addresses. I've listed four possible public IPs, and at any given time, one of them will be used by my content cache server.
then from DNS configuration i coied windows command.
Step 4: run that command into my local dns server
Peers and parents setting not done yet. As setting up 1st server. when i dig at client machine it can resolve dns query but when use AssetcacheLocatorUtil device says 0 cache content found.
Below are the stats since i turned on content cache. Sequoia updates are on hold from jamf just because we want to setup this server first so that devices can use cache.
Key information :
3 weeks ago
when i dig at client machine it can resolve dns query but when use AssetcacheLocatorUtil device says 0 cache content found.
-->> This is because you are using "Devices using the same local network"
you can scan IP using Angry IP scanner app / ask the IP range to the Network Engineer team to add IP in " Cache Content For > devices using custom local networks "
3 weeks ago
Hi Dear thanks for your kind support yes now client can found cache server with "AssetCacheLocatorUtil" in local network. But i have another roadbloack situation when devices are connected with Global Protect VPN as our all devices on it whether in office or at home they need to connect GP. At this time device cannot found cache server even at office network.
For global protect we have known 20 Public IPs. Does we also need to add in txt record. Or what solution we choose to resolve this issue. That devices can use cache server when in office either connect with GP or not.
3 weeks ago
I'm not sure if VPN Global Protect can communicate with content caching, because in apple.com documentation, it is not available.
3 weeks ago
Ok thanks for you kind support.
2024-11-12 17:54:50.135 AssetCacheLocatorUtil[16410:250805] 10.x.x.x:49407, rank 1, not favored, healthy, guid A7E8FC75-A496-474F-BBFC-9505A253B9C7, valid until 2024-11-12 18:54:50; supports personal caching: no, and import: n/a, shared caching: yes
what does mean by "not favored" and what setting we can do related to this and what will be the benefits.
2 weeks ago
Saved and refreshed favored server rangesIf your network administrator has configured favored server ranges in DNS, which the system uses when looking up content caches, AssetCacheLocatorUtil
prints saved and refreshed information about those ranges.
https://keith.github.io/xcode-man-pages/AssetCacheLocatorUtil.8.html
Your network administrator can designate some content caches as "favored." AssetCacheLocatorUtil
warns when it finds content caches that are not favored, with the exception of a content cache on the same computer as the client. Client devices use only favored content caches when any are available.
2 weeks ago
Hi Dear,
Thanks for your help.
Can you please guide me how can i see logs whether at which timestamp which device got content from cache server. Need to understand activities to validate my testing.