Inquiry on Setting Up Content Cache Server with Multiple Public IPs

tahir
New Contributor II

We are looking to set up a content cache server in a network that has more than two public IP addresses, with devices connected through GlobalProtect VPN. Could someone please guide me on how to configure the custom Public IP address section to ensure that devices can access the cache, whether they are connected via GlobalProtect or directly to the local network? All devices are enrolled at Jamf.

1 ACCEPTED SOLUTION

when i dig at client machine it can resolve dns query but when use AssetcacheLocatorUtil device says 0 cache content found.
-->> This is because you are using "Devices using the same local network" 
you can scan IP using Angry IP scanner app / ask the IP range to the Network Engineer team to add IP in " Cache Content For > devices using custom local networks "

View solution in original post

16 REPLIES 16

sdagley
Esteemed Contributor II

@tahir Unless a Mac has an IP address on the local network with your Mac that has content caching enabled it's probably not going to work, but if you want a caching server to work with custom IP addresses you'll need the ability to modify the DNS records for your network so you can apply the settings described in Apple's https://support.apple.com/guide/deployment/use-dns-txt-records-depe6ded0780/web document.

tahir
New Contributor II

We utilize GlobalProtect as our VPN and have 13 gateways, each assigned a unique public IP address. We also have three public IP addresses for the ISP, which will be used if devices are not connected to GlobalProtect; these devices will connect to a random ISP. All devices are enrolled in Jamf. Please provide guidance based on this configuration.

tahir
New Contributor II

@sdagley kindly answer this question.

tahir
New Contributor II

I have another question about this. Initially, I enabled content caching in Mac Studio and checked one client machine using the command sudo assetcachelocatorutil. It showed 'Found 1 content cache,' at this instance both the server and client shared the same public IP. After that, I activated the GlobalProtect VPN, which changed the client's public IP. However, when I checked again with the command, it still said 'Found 1 content cache,' despite indicating the new public IP address. I selected the option 'Use one public IP address' in the advanced settings, so I'm puzzled why it's still detecting the content cache with the VPN active.

sdagley
Esteemed Contributor II

Does your GP configuration force all traffic through he tunnel, or does it still allow local only traffic? It could also be that the Mac Studio located the caching server via IPv6 and your GP tunnel only routes IPv4.

tahir
New Contributor II

@sdagley  I think when devices are connected to the office internet, traffic is being routed locally, while the GlobalProtect tunnel only handles IPv4. I'll follow up with the network team to get more clarity on this. Please guide accordingly also let me know cache server works on IPv6 only ?

sdagley
Esteemed Contributor II

Sorry, I can't advise you on the operation of a caching server since I don't use one. I just know that Apple utilizes IPv6 for many services, so you need to account for that when configuring things like a VPN.

tahir
New Contributor II

@sdagley can you please guide me how to manage multiple IP address in your case. i think now i have to go with multiple IP address approach.

 

I tried another approach. In the previous case, both devices were connected to open internet. Now, I connected the cache server via Ethernet and the client device to the same network over Wi-Fi. This time, the client couldn't find any cache server, regardless of whether GlobalProtect was on or off.

agungsujiwo
Contributor

@tahir 
preparations that can be done:
1. prepare List public ip
2. prepare List local ip (IP range in all VLANs)
for example in mine there are 2000 IPs
192.168.0.1 - 192.168.20.255
3. List IP Content Caching (if there is more than 1 mac Content Caching)
4. Prepare one of the Mac Content Caching IPs from the highest spec (Ethernet Speed ​​and large Storage) , become Parent .


Start:
Open System Setting > General > Sharing > Content Caching ( press button i )
Screenshot 2024-10-31 at 10.06.13.png
Advanced Option
Screenshot 2024-10-31 at 10.08.34.png

** If you only see Option, press the keyboard option, then Advanced Option will appear.

Set the storage to be used
Screenshot 2024-10-31 at 10.13.31.png

Clients Settings

Screenshot 2024-10-31 at 08.34.23.png

Content Caching For > Device Using custom Local Network ( No2 . IP range in all VLANs, Start 192.168.0.1 -  End 192.168.20.255 )
My Local Network > Use custom public IP Addresses ( Enter the public IP that you have, start and end with the same IP, If there are 3 public IPs, add + to the three public IPs. ) 

Peers Setting
Screenshot 2024-10-31 at 08.35.10.png
Share Content With > content caches using custom local Network ( No 3. IP Content Caching , If you want each caching content to share with each other, enter All IPs of Mac Content Caching )

Parents Setting
Screenshot 2024-10-31 at 08.28.52.png
Enter the IP of one of the Content Caching MACs that has the largest storage and fastest Ethernet speed as the parent.
here i use Round Robin setting.

Capture Content Caching results
Screenshot 2024-10-31 at 10.38.15.png

tahir
New Contributor II

Thank you so much for putting in such a great effort.

Below is my configuration. Kindly review it and let me know if I'm making any mistakes or if there's anything I can improve."

Step 1: i turned On content Cache

tahir_0-1731097314172.png

Step 2: Create seperate volume for content Cache

tahir_1-1731097445575.png

Step 3: 

Cache content for : Devices using the same local networks:

My local network setup: I’m using custom public IP addresses. I've listed four possible public IPs, and at any given time, one of them will be used by my content cache server.

tahir_2-1731097592051.png

then from DNS configuration i coied windows command.

Step 4: run that command into my local dns server

tahir_4-1731098251559.png

Peers and parents setting not done yet. As setting up 1st server. when i dig at client machine it can resolve dns query but when use AssetcacheLocatorUtil device says 0 cache content found.

Below are the stats since i turned on content cache. Sequoia updates are on hold from jamf just because we want to setup this server first so that devices can use cache.

tahir_5-1731098354092.png

Key information : 

  • Our devices are enrolled at Jamf MDM solution but cache server is not enrolled.
  • Our devices are at global protect VPN (due to this public IPs of devices can be different but gateways public IPs are known)
  • Technically cache server and devices public IPs are not same but i assumed that i added content cache public IP in txt record so they can find server in local network.

 

 

 

when i dig at client machine it can resolve dns query but when use AssetcacheLocatorUtil device says 0 cache content found.
-->> This is because you are using "Devices using the same local network" 
you can scan IP using Angry IP scanner app / ask the IP range to the Network Engineer team to add IP in " Cache Content For > devices using custom local networks "

tahir
New Contributor II

Hi Dear thanks for your kind support yes now client can found cache server with "AssetCacheLocatorUtil" in local network. But i have another roadbloack situation when devices are connected with Global Protect VPN as our all devices on it whether in office or at home they need to connect GP. At this time device cannot found cache server even at office network. 

For global protect we have known 20 Public IPs. Does we also need to add in txt record. Or what solution we choose to resolve this issue. That devices can use cache server when in office either connect with GP or not.

I'm not sure if VPN Global Protect can communicate with content caching, because in apple.com documentation, it is not available.

tahir
New Contributor II

Ok thanks for you kind support.

 

2024-11-12 17:54:50.135 AssetCacheLocatorUtil[16410:250805] 10.x.x.x:49407, rank 1, not favored, healthy, guid A7E8FC75-A496-474F-BBFC-9505A253B9C7, valid until 2024-11-12 18:54:50; supports personal caching: no, and import: n/a, shared caching: yes

what does mean by "not favored" and what setting we can do related to this and what will be the benefits.

Saved and refreshed favored server rangesIf your network administrator has configured favored server ranges in DNS, which the system uses when looking up content caches, AssetCacheLocatorUtil prints saved and refreshed information about those ranges.
https://keith.github.io/xcode-man-pages/AssetCacheLocatorUtil.8.html
Your network administrator can designate some content caches as "favored." AssetCacheLocatorUtil warns when it finds content caches that are not favored, with the exception of a content cache on the same computer as the client. Client devices use only favored content caches when any are available.


tahir
New Contributor II

Hi Dear,

Thanks for your help.
Can you please guide me how can i see logs whether at which timestamp which device got content from cache server. Need to understand activities to validate my testing.