When a VEM has a VM that is protected by the Cisco VSG in the Layer 3 mode, the VEM requires at least one IP/MAC pair to terminate the Cisco VSG packets in the Layer 3 mode. The VEM acts as an IP host (not a router) and supports only the IPv4 addresses.
Similar to how VEM Layer 3 Control is configured, the IP address to use for communication with the Cisco VSG in the Layer 3 mode is configured by assigning a port profile to a Virtual Network Adapter that has the capability l3-vservice command in it. For more details, see the Cisco Nexus 1000V System Management Configuration Guide.
To configure the Virtual Network Adapter interface that the VEM uses, you can assign a port profile by using the capability l3-vservice command in the port-profile configuration.
To carry the Cisco VSG in the Layer 3 mode traffic over multiple uplinks (or subgroups) in server configurations where vPC-HM MAC-pinning is required, you can configure up to four Virtual Network Adapters. We recommend that you assign all the Virtual Network Adapters in the Layer 3 mode within the same Microsoft Server host to the same port profile by using the capability l3-vservice command.
The traffic in the Layer 3 mode that is sourced by local vEthernet interfaces and needs to be redirected to the Cisco VSG is distributed between these Virtual Network Adapters based on the source MAC addresses in their frames. The VEM automatically pins the multiple Virtual Network Adapters in the Layer 3 mode to separate uplinks. If an uplink fails, the VEM automatically repins the Virtual Network Adapters to a working uplink.
When encapsulated traffic that is destined to a Cisco VSG is connected to a different subnet other than the Virtual Network Adapter subnet, the VEM does not use the Hyper-V host routing table. Instead, the Virtual Network Adapter initiates an ARP for the remote Cisco VSG IP addresses. You must configure the upstream router to respond to a VSG IP address ARP request by using the Proxy ARP feature.