I have some equipment that I would like to understand a bit better:
6509-E w/ a MSFC3 and a PFC3
Can anyone direct me to a Cisco document or link (Maybe a case study, white paper, architectural guide) relating to how a ACL filters traffic on the inbound and outbound direction of an SVI when the traffic is coming from a different linecard/switchport that the SVI is actually associated with.
Assuming you are applying "permit icmp any any" then this is what is happening.
An ICMP packet is sent to 192.168.2.2 from 192.168.1.2. When R1 looks up the destination 192.168.2.2 in it's routing table it sees the next hop as 10.10.10.3.
So R1 sends the packet to R2 with a destination mac-address of vlan 10 on R3 ie. 10.10.10.3. R2 simply switches at L2 the packet on vlan 10 to R3.
R3 receives the packet and sees that the destination is 192.168.2.2 which is actually R2. So it sends the packet back to R2. And this is where the packet is filtered because
1) the source address is 192.168.1.2
2) the destination address is 192.168.2.2
3) the packet is routed onto vlan 111 by R3 so when the packet arrives at R2 it is now coming from a device on vlan 111 ie. R3
4) the acl applied to vlan 111 interface is now checked and because the source is 192.168.1.2 that is not permitted and so is dropped.
By applying ICMP permit ip any any you are actually masking the issue as this packet is now allowed.
If you disable OSPF on R3 then the next hop is 10.10.10.2. This now works for 192.168.2.1/2 because R1 still sends the packet to R2 but this time with a destination mac-address of R2's vlan 10 interface and not R3.
So R2 can now route the packet directly onto vlan 111 and so vlan 111 access-list is not checked.
The issue you have is your topology rather than an acl understanding as the acls are doing exactly as originally described in terms of inbound/outbound. The topology problem being the way R1 to get to R3 has to go through R2.