Here is some background information:
2 Dell PowerEdge servers running Windows Server 2012 w/ Hyper-V in a Failover Cluster environment. Each has:
1 NIC for Live Migration 192.168.80.x/24 (connected to a private switch)
1 NIC for Cluster Communication 192.168.90.x/24 (connected to a private switch)
1 NIC for iscsi 192.168.100.x/24 (connected to a private switch)
1 NIC for host management with a routable public IP (*connected to corp network) w/ gateway on this interface
1 NIC for Virtual Machine traffic (*connected to corp network)
All NICs are up, we can ping the IPs between servers on the private network and on the public facing networks. All functions of hyper-v are working and the failover cluster reports all interfaces are up and we receive no errors. Live migration
works fine. In the live migration settings i have restricted the use of the 2 NICs (live migration or cluster comm).
My problem is that our networking/security group sees on occasion (about every 10 minutes with a few other packets thrown in at different times) syn packets that are destined for the 192.168.80.3 interface goes out of the public interface and is dropped at our border router. These should be heading out of the 192.168.80.x or 192.168.90.x interfaces without ever hitting our corporate network. Anyone have an idea of why this might be happening? Traffic is on TCP 445.
Appreciate the help.
Nate