Limiter LAN and WAN different

matrox.gr

Hi.
I have a problem some time now and can't find a proper solution.

I have an WAN 200/200 (Download/Upload).
I have set up Limiter 100/100 (Download/Upload) and applied it to my LAN on a Aliases internal LAN IP group. All is working ok, speed test shows correct results.

The problems start when a client starts ASPERA connect and starts downloading. Sometimes (not all the times) although the LAN traffic graph shows 100Mbit Download the WAN graph peaks at 200 Mbit Download and bottlenecks all internet traffic on the network.
0_1547469493211_4f134043-5b81-486e-9e83-4f52882b20d6-image.png

LAN traffic shows the limiter is working:
0_1547469620570_a1e4f1af-e5e3-4c90-9001-2f36d43941f1-image.png

But WAN is 100% utilized:
0_1547469703702_05b2195f-af0c-4f54-8819-ad21cb6aba5e-image.png

This is my upload limiter:
0_1547469791414_4e08007d-8dd3-4c06-bb93-88228d360e33-image.png

And download limiter:
0_1547469880869_274c1d12-e8c3-4f07-b8fc-8a6ef45fc950-image.png

And the limiters on the LAN rule:
0_1547470115292_07d60034-f51a-4a52-8c5c-610f35aed745-image.png

I have tried putting the limiters on Floating rules but the same thing happens.

Any thoughts?

pfsense 2.4.4

robnitro

I use 2 floating rules at the bottom on LAN to put a group into a slower speed and it works for me with alias LIMITED to represent the limited ip's. My non limited clients use another limiter set to my normal up/down speeds in similar manner as the limited ones, to give fq_codel for them too.

One LAN out rule Destination LIMITED with In /Out of 100down/ 100up

One LAN in rule Source LIMITED with In/Out of 100up/100down

Keep in mind that LAN out is Download and LAN in is upload, so you see the pipes are different. Also LAN in uses a source address, LAN out uses a destination address.

matrox.gr

OK I will try that although I think it's got something to do with Aspera Connect software bottlenecking my WAN.