¿How to design networks using VLSM -variable lenght subnet masks?

Spread the love

Compartir una conexión I: Enrutador inalámbrico and ¿Cómo crear una red punto a punto en Win XP? Paso a paso. Before start the main topic I want to define the use I make of the term subnet mask. Subnet mask are 32 bits used to determine which part of an IP address is network part and which is hosts part, in other words, the subnet mask is the way the host knows its subnet address and differentiate the own network/subnetwork from destination network/subnetwork of a packet to send. The mask is then a sequence of ones followed by a sequence of zeros, where the ones are the bits indicating the network part in the IP address. The subnet mask is also referenced by a number, because it’s always a sequence of ones, so you could name a subnet mask by how many ones are at the begining of the mask, e.g. a network mask of is a mask that could be called /24 because there are 24 bits at the beginind set to one followed by 8 bits set to zero (11111111.11111111.11111111.00000000). This slash+number representation of a subnet mask is called subnet prefix and the notation is a / followed by the number of bits in one at the begining of the mask.

Fixed masks
Master VLSM begins by knowing the old method: fixed masks. So, let’s review the topic. A subnet addressing scheme means that I’ll divide the potential numeration capacity of a network (how many IP address can be assigned from that base address pool) into several smaller subnets and the scheme is an enumeration of each smaller subnet address, assignable address range and broadcast address of each particular subnet. Usually the base network mask is a class-based mask, in other words, usually the base mask have 8 bits, 16 bits or 24 bits (, and, those are the subnet mask for class A, Class B and Class C IP addresses respectively. To ilustrate the idea of creating a scheme with fixed masks, watch the following exercise:
  • Base address:, this is the address given for, say, an ISP. From that address pool we can manage just the last 8 bits(enlarge its length), using the mask we can make subnets.
  • New mask: /27 ( If we lengthen the mask by 3 bits, the new addressing scheme supports 2^3 subnets, using the most significative bits to count the subnets. That leaves 5 bits to enumerate hosts, so we can have 2^5 hosts, but we cannot use the first address (that is the subnet address) nor the last (broadcast address for the subnet), so with 5 bits we have a maximum of 30 hosts per subnet.
  • Finally we must enumerate the subnets: First subnet is, from that the first host address should be (mask= and the last one is The last one is the broadcast address for that subnet and we cannot assign it to any host. If we had to continue numbering the subnets (to complete the scheme), the next one is,,,,, and for each one we have to give the range of assignable addresses to complete the scheme.
In this technique or scheme, all the subnets have the same subnet mask and because of that the same hosts numbering capacity. That is not flexible and waste addressing space. Additionally, all the subnets are already defined once we choose the mask length. Using fixed masks, the requirements will be stated in two ways: asking for a number of needed subnets or asking for a minimum capacity of hosts per subnet. In the first case, the assignment is direct: the how many subnets requirement tells me how many bits I need to add to the mask, e.g. for 5 subnets we need 3 bits (2^3=8) so the masks should add 3 bits to allow up to 8 subnets (2 bits gives me only 4 subnets). In the other case, the requirement says the amount of minimum hosts per subnet, I can figure the bits I need for hosts so I have to substract those bits from the hosts part to know how many bits I need for the subnet, e.g. the requirement says the subnets should have at least 20 hosts, so to assign 20 hosts I need 5 bits (2^5=32, including subnet and broadcast addresses so the assignable addresses are 30 hosts maximum) but what I need to know is the subnet mask, if the original network mask is /24 and the hosts part needed is 5 bits then the mask should be /27, because I have 8 bits of hosts in the original network (the bits I can manage) and from those bits at least 5 should remain as hosts part, then rest 3 which I’ll use to subnet. I have to add 3 bits to the original mask /24.
Variable Length Schemes
VLSM solves the stated problems. What I can do with VLSM is using the space just needed, with the fixed mask the space is already assigned once the mask is elected, that means all the subnets are numbered and the range of IP addresses per subnet reserved without possibility of change, even if the hosts aren’t configured yet. In VLSM the reservation of addresses occurs just when we assign a subnet and the remaining space is still available and the capacity of subsequent subnets could be different from the ones already assigned. Let’s make an example.  Again we take the same base address, though we have 8 bits to manage and make subnets and assign hosts also. The  first big difference between Fixed masks and VLSM is that we don’t waste the space, e.g.: if the requirements were subnets of 5, 10 and 30 hosts, using fixed masks the only possible choice is to make the scheme to support subnets of 30 hosts, that means that the other subnets will have an unused capacity of 25 and 20 hosts respectively. In VLSM we can choose different length masks and so different capacities, e.g. in the example of three networks of 5, 10 and 30 hosts from a class C address (, for the first subnet of 5 hosts we need 3 bits  to numbering hosts (2^3=8-2=6) so we add 5 bits to the subnet mask (/29), then for the 10 hosts subnet we need 4 bits because (2^4=16-2=14 hosts) so the mask should be /28 and for the 30 hosts subnet we need 5 bits (2^5=32-2=30 hosts max.) then the subnet mask should be /27. Once we’ve figured the masks length we can assign the addresses’ ranges. There is a kind of algorithm to subnet with VLSM, the first rule is order the subnets by capacity in decreasing numbers, for our example we put the 30 hosts as the first and the 5 hosts as the last one. Tha’s the order in which we will assign the addresses ranges. Here  I need to mention several aspects of design that could be arguable. You could assign the subnets beginning with the first subnet possible, which will have the same address that the base network but with a different mask, I prefer to assign the second one leaving a first network available with the same capacity as the first one (the biggest). That behavior is rooted in the old method, fixed masks, back then the rule recommended not to use the first subnet. Another reason I could give is that is a good practice to leave a big subnet available for scalability but all these reasons are (as told before) very arguable. Because this is my example, I’ll make it applyig my preference: leaving the first subnet available. So, the first subnet usable is the which I won’t use but state as a reservoir for future growth. After this subnet I have the which I’ll assign to my first subnet, then the range of IP address assignable is from to .62, because the .63 is the broadcast for this particular subnet. Is worthy to mention that the golden rule is that all the assigned ranges should be exclusive, in other words, if the first subnet is assigned the second subnet and subsequent subnets should be after or before the range of the first subnet including their subnet and broadcast address. It’s worthy note also that cisco routers detect this kind of misconfiguration giving an error message. After the first subnet comes the second, but the second subnet should be smaller, just 10 hosts. Since that, the masks is /29 (24 + 4 more bits because I need 4 to count up to 14 hosts) . Here we must assume the fixed scheme and take the next subnet after the past one with the same mask, but I lengthen the mask by the bits needed, 29 in this case. Then the 2d subnet is the /28, the rest is history: range .65 to .78, with Broadcast .79. If we take any number greater that 79 the hosts would fall into another subnet because the subnet part is different than this range (compare the first 4 bits of the decimal numbers 78 and 81, they are the last assignable address of the subnet .64/28 and the first address of the subnet .80/28). Finally we need to assign the last subnet, the one with 5 hosts maximum. Again I take the next subnet with the same masks of the previous subnet ( which is but I use the mask I need for 5 hosts, /29, because I need 3 bits to count up to 8 hosts but without subnet and broadcast I can count up to 6 hosts, so from 8 bits I had to manage by my own I substract 3 bits which results in 5 bits and this plus the 24 original bits gives me 29.  The rest is history again: subnet address, range .81 to .86 with broadcast .87. Note that with VLSM we still have space, lots of space to assign, even with these 3 subnets  already assigned. We could use the rest of space in subnets of 6 hosts, or 30 hosts until the last subnet range reach the .255 in its broadcast.
Analize it!
And remember that we leave a big subnet at the begining of the space, so we still have a 30 hosts subnet to assign also additionally to the final range. Let’s analize this result in binary
  • 1st subnet’s last byte: 00100000 (.32/27)
  • Mask                              11100000
  • 2d subnet’s last byte: 01000000 (.64/28)
  • Mask                             11110000
  • 3d subnet’s last byte: 01010000 (.80/29)
  • Mask                             11111000
Special attention to a pattern: the bits in zero in the mask (the hosts part) are the same bits in zero of the subnet address, and even when the last addresses have their first two bits equal, the mask distiguish them.  There is another important consequence of having the hosts part in zero: if we need to assign a big subnet after a little one we could need to leave unnused space. E.g. let’s assume that after we use all this scheme in an organization, we get a new task of assign a subnet of 25 hosts. The requirement says we need a /27 mask because this mask serves well up to 30 hosts and a longer mask don’t, but ¿where to assign the range?. The next subnet after the .80/29 subnet is the .88 but this number doesn’t have the last 5 bits in zero! (make the exercise), then I cannot use this subnet for the new requirement. I need to find a space after the .80 with the last 5 bits in zero, the next space with this condition is the .96/27, converting this number to binary I can see that this do have the last 5 bits in zero, then I can assign this number to the new subnet. By just comparing the ranges I can see also the spare space: subnet .80/29 ranges up to .87 address (from 80 to 87 including subnet and broadcast) and the new subnet from .96 to .127 including subnet and broadcast address, and ¿what about 88 to 95?. Well, I could use this spare space assigning subnets of 6 hosts (3 bits for the host part) or smaller subnets but obviously not for bigger ones. Finally, there are another interesting consequence of using VLSM. If you watch carefully, the last two subnets have the beginning of their addresses equal up to the 2d bit in the last byte, though, if a single router have this two subnets it could advertise in its routing updates this two subnets as just one, the common part, minimizing the size of the update and easying the routing for uplink routers among other benefits. This last behaviour is called summarization and the common part is called summary route. In routing, the common part is called CIDR which stands for Classless Inter-domain routing.
All this topic is not easy, but the practice makes the difference. I have a final recommendation:
  • Make the calculations in binary instead of decimal until you get acquainted with decimal values of binary  numbers.
  • Order the requirement from bigger to smaller subnets and assign the biggest first.
  • Assign the subnets in sequence as possible.
  • If possible, use consecutive subnets in the same router, this is an advanced topic related to summarization.
  • Always verify that the range of addresses (including subnet and broadcast) of all the subnets in the scheme be separated in number. None of the possible hosts could be in the same range of two or more subnets.
Everyone knows that links and clicks are the currency of Internet, so I wanted to write this post (which I already wrote in spanish) to atract more people. So I want to get feedback from readers of this post, telling me if it was clear or if I had some mistakes in the writing. Thanks.]]>

2 comentarios en “¿How to design networks using VLSM -variable lenght subnet masks?”

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

Este sitio usa Akismet para reducir el spam. Aprende cómo se procesan los datos de tus comentarios.