Hi,
If you are doing "vfiler to vfiler" snapmirror, then the rules are the same. Each multistore/vfiler context has a separate routing table. These work the same as on any other server. There is no guarantee for source addresses if you have 3 IP on the (connection) source side in the same subnet. If you are doing vfiler to vfiler mirroring, then IP filtering shouldn't be a big deal anyway. All of the data belongs to the same customer, most likely.
Here you could introduce also a second subnet (and vlan) into each vfiler for snapmirror traffic with a host route (and the correct snapmirror source hostname) to make sure that the traffic is using the right net. You can only use one ipspace (that means only one routing table and one default route) per vfiler, so you'll need the "host route" hack.
You could also do all of your snapmirror work via vfiler0 and just avoid the issue, if you don't have separate WAN connections per customer. It would be infinitely simpler.
A bit of the confusion here is the juxtaposition of snapmirror source filer and snapmirror source connection IP, perhaps. Since the updates are started from the snapmirror destination, this is the source IP for the connection even if it is on the snapmirror destination. Yes, it sounds a bit confusing, but it really isn't.
You can force snapmirror to check the IP, but that won't change the source IP address of the connection, because that is a matter of routing, and your aliases all have equal value as a source IP for the connection.
There is no "source routing" on ONTap, and frankly, I am happy for that. It makes people have to understand routing and not just "make it work".