Inquiry on Setting Up Content Cache Server with Multiple Public IPs

@tahir Unless a Mac has an IP address on the local network with your Mac that has content caching enabled it's probably not going to work, but if you want a caching server to work with custom IP addresses you'll need the ability to modify the DNS records for your network so you can apply the settings described in Apple's https://support.apple.com/guide/deployment/use-dns-txt-records-depe6ded0780/web document.

We utilize GlobalProtect as our VPN and have 13 gateways, each assigned a unique public IP address. We also have three public IP addresses for the ISP, which will be used if devices are not connected to GlobalProtect; these devices will connect to a random ISP. All devices are enrolled in Jamf. Please provide guidance based on this configuration.

I have another question about this. Initially, I enabled content caching in Mac Studio and checked one client machine using the command sudo assetcachelocatorutil. It showed 'Found 1 content cache,' at this instance both the server and client shared the same public IP. After that, I activated the GlobalProtect VPN, which changed the client's public IP. However, when I checked again with the command, it still said 'Found 1 content cache,' despite indicating the new public IP address. I selected the option 'Use one public IP address' in the advanced settings, so I'm puzzled why it's still detecting the content cache with the VPN active.

Does your GP configuration force all traffic through he tunnel, or does it still allow local only traffic? It could also be that the Mac Studio located the caching server via IPv6 and your GP tunnel only routes IPv4.

@sdagley kindly answer this question.

@sdagley  I think when devices are connected to the office internet, traffic is being routed locally, while the GlobalProtect tunnel only handles IPv4. I'll follow up with the network team to get more clarity on this. Please guide accordingly also let me know cache server works on IPv6 only ?

Sorry, I can't advise you on the operation of a caching server since I don't use one. I just know that Apple utilizes IPv6 for many services, so you need to account for that when configuring things like a VPN.

@sdagley can you please guide me how to manage multiple IP address in your case. i think now i have to go with multiple IP address approach.

I tried another approach. In the previous case, both devices were connected to open internet. Now, I connected the cache server via Ethernet and the client device to the same network over Wi-Fi. This time, the client couldn't find any cache server, regardless of whether GlobalProtect was on or off.

@tahir 
preparations that can be done:
1. prepare List public ip
2. prepare List local ip (IP range in all VLANs)
for example in mine there are 2000 IPs
192.168.0.1 - 192.168.20.255
3. List IP Content Caching (if there is more than 1 mac Content Caching)
4. Prepare one of the Mac Content Caching IPs from the highest spec (Ethernet Speed ​​and large Storage) , become Parent .

Start:
Open System Setting > General > Sharing > Content Caching ( press button i )

Advanced Option


** If you only see Option, press the keyboard option, then Advanced Option will appear.

Set the storage to be used

Clients Settings

Content Caching For > Device Using custom Local Network ( No2 . IP range in all VLANs, Start 192.168.0.1 -  End 192.168.20.255 )
My Local Network > Use custom public IP Addresses ( Enter the public IP that you have, start and end with the same IP, If there are 3 public IPs, add + to the three public IPs. ) 

Peers Setting

Share Content With > content caches using custom local Network ( No 3. IP Content Caching , If you want each caching content to share with each other, enter All IPs of Mac Content Caching )

Parents Setting

Enter the IP of one of the Content Caching MACs that has the largest storage and fastest Ethernet speed as the parent.
here i use Round Robin setting.

Capture Content Caching results

Thank you so much for putting in such a great effort.

Below is my configuration. Kindly review it and let me know if I'm making any mistakes or if there's anything I can improve."

Step 1: i turned On content Cache

Step 2: Create seperate volume for content Cache

Step 3: 

Cache content for : Devices using the same local networks:

My local network setup: I’m using custom public IP addresses. I've listed four possible public IPs, and at any given time, one of them will be used by my content cache server.

then from DNS configuration i coied windows command.

Step 4: run that command into my local dns server

Peers and parents setting not done yet. As setting up 1st server. when i dig at client machine it can resolve dns query but when use AssetcacheLocatorUtil device says 0 cache content found.

Below are the stats since i turned on content cache. Sequoia updates are on hold from jamf just because we want to setup this server first so that devices can use cache.

Key information : 

• Our devices are enrolled at Jamf MDM solution but cache server is not enrolled.
• Our devices are at global protect VPN (due to this public IPs of devices can be different but gateways public IPs are known)
• Technically cache server and devices public IPs are not same but i assumed that i added content cache public IP in txt record so they can find server in local network.

Hi Dear thanks for your kind support yes now client can found cache server with "AssetCacheLocatorUtil" in local network. But i have another roadbloack situation when devices are connected with Global Protect VPN as our all devices on it whether in office or at home they need to connect GP. At this time device cannot found cache server even at office network. 

For global protect we have known 20 Public IPs. Does we also need to add in txt record. Or what solution we choose to resolve this issue. That devices can use cache server when in office either connect with GP or not.

I'm not sure if VPN Global Protect can communicate with content caching, because in apple.com documentation, it is not available.

Ok thanks for you kind support.

2024-11-12 17:54:50.135 AssetCacheLocatorUtil[16410:250805] 10.x.x.x:49407, rank 1, not favored, healthy, guid A7E8FC75-A496-474F-BBFC-9505A253B9C7, valid until 2024-11-12 18:54:50; supports personal caching: no, and import: n/a, shared caching: yes

what does mean by "not favored" and what setting we can do related to this and what will be the benefits.

Saved and refreshed favored server rangesIf your network administrator has configured favored server ranges in DNS, which the system uses when looking up content caches, AssetCacheLocatorUtil prints saved and refreshed information about those ranges.
https://keith.github.io/xcode-man-pages/AssetCacheLocatorUtil.8.html
Your network administrator can designate some content caches as "favored." AssetCacheLocatorUtil warns when it finds content caches that are not favored, with the exception of a content cache on the same computer as the client. Client devices use only favored content caches when any are available.

Hi Dear,

Thanks for your help.
Can you please guide me how can i see logs whether at which timestamp which device got content from cache server. Need to understand activities to validate my testing.