It is yes.
The customer's datacentre in terms of the vlan/subnet where this contoller "lives" is shared on a /16 with lots of servers. Whilst this clearly sucks, it's outside the scope of my works for the moment.
Interesting that you're seeing the same. Doesn't it strike you as a bit odd? i.e.
In our scenario, the controller is attached L2 style to a Cisco core, to which all the other DC servers attach. As a result, server-server unicast traffic should never be seen by the controller at all. Yet, the firewall data suggests otherwise. I appear to be seeing evidence of application flows host-to-host.
The only reason I could see this happening, is if the servers traffic flow was flooded by the switches, which of course it might be if the servers are using broadcast macs or some sort of multicast which hasn't been snooped? That's probably it now I think of it.
I'm almost inclined to go to the DC and sniff things.