When a destination MAC (Media Access Control) address of a client to a Provider Edge (PE) router is known, packets sent to the PE router from a server are unicast by the PE router to the client (as shown in FIG. 1). Accordingly, such unicasting ensures that the packets are sent only to the intended client as identified by its MAC address. In contrast, by design of Multi-Protocol Label Switching (MPLS), when the destination MAC address of the client becomes unknown, packets sent to the PE router from a server are flooded out to all local access ports of the PE router that are in the same Virtual Private LAN (Local Area Network) Service (VPLS) domain as the unknown client (as shown in FIG. 2). This flooding will continue until the server application that is sending such packets stops such flooding. If any of the packets flooded out to all local access ports of the PE router contain sensitive information, this could be a potential security problem because unintended clients will receive such packets containing sensitive information.
In certain brands of chipset families, packet flood control can be managed through a CML (i.e., CPU Managed Learning) register. Designated settings for this register allow packets to be dropped, send to CPU, or to flood out the packets. In the event of a destination MAC address becoming unavailable (i.e., unknown destination), the most desirable CML register setting for security purposes would be to drop all packets and not to flood out packets to other access port within the same VPLS domain. Unfortunately, because this setting is applied on a per port/virtual port basis, once this option is set, all packets destined for this unknown destination client will be dropped (as shown in FIG. 3). Undesirably, this includes packets from different sources (e.g., servers) even though they contain no sensitive information and even though it would be most desirable to allow traditional flooding for such packets from other sources within VPLS Service domain so that they can discover the destination and reestablish a flow path.