We are setting up an OES two server cluster on a VMWARE ESX server. The virtual servers have one virtual nic each set to the local LAN and one each set to the VLAN for the iSCSI SAN. Everything seems to be working fine, but our security guy noticed new icmp traffic coming from clients at other locations on our WLAN (we are a school system, inter-connected mostly via frame-relay on T1s) to the IP numbers of the iSCSI-connected NICs of the virtual servers. These virtual servers are in the tree, but these clients would not be going to them for any services or resources at this point. The TCP on the servers is set up to use the gateway on the local LAN (completely different IP scheme from the iSCSI vlan) as default route.

When these servers are powered off, the icmp traffic increases in volume.

Before we start digging deeper, I was wondering if anyone was familiar with this behavior. It seems odd to us that the workstations are sending traffic to the iSCSI connected ports, which are not registered in DNS.

Stuart Mason
Carroll County Public Schools
Westminster, MD