The easiest approach for subnetting across a network is to make all the subnets the same size – giving them all the same subnet mask. However this can be very inefficient if the number of hosts on each subnet differs. It can become a major problem if the size of subnet isn’t big enough for the number of hosts that we need on one of the subnets. In this case, we want to ‘borrow’ some host space from a subnet which has less hosts on it. VLSM (Variable Length Subnet Masks) enables us to do this by having subnets with different subnet masks. It can almost be thought of as subnetting a subnet.

Historically, networks were expected to use the same subnet mask throughout – every interface would have that mask. This is a classful address space. Because all subnet masks are the same, we don’t need to share the mask between the routers when we share routing information – if a network uses a classful address space of 192.168.0.0/24 and a router advertises a route to 192.168.101.0 then all the other routers just assume that this means 192.168.101.0/24. This is called classful routing and it does not support VLSM because there is no way for routers to communicate different sized subnets. The original Routing Information Protocol (RIPv1) is a classful routing protocol and therefore cannot support VLSM. Therefore if we want to use VLSM, we must implement a classless network design with a classless routing protocol which will include the subnet mask for all of the routes being advertises.

VLSM Advantages

  • More efficient use of allocated IP address space

  • Multiple networks can be shared with a single ‘summary’ address. This reduces routing table size and makes route lookups faster.

VLSM Disadvantages

  • VLSM can be more complex to implement than using subnets of all the same size.

Routing Protocol support for VLSM

  • RIPv1: No

  • RIPv2: Yes

  • EIGRP (Enhanced Interior Gateway Protocol): Yes

  • OSPF (Open Shortest Path First): Yes

VLSM Blocks

With VLSM, we can assign different subnets different numbers of host bits in order to support different number of hosts. The blocks will still have to be a ‘power of 2’ size (e.g. 4, 8, 16 etc) and each subnet will still have 2 reserved addresses for the Network Address and the Broadcast Address.

If we are starting with a ‘Class C’, or /24 network, such as 192.168.101.0/24, then our subnets could range from two /25s to sixty four /30s or, using VLSM, some combination.

How to Calculate VLSM Blocks

Host Bits (h) = 32 – Subnet Bits (Prefix)
Block Size    = 2 ^ h
Hosts         = 2 ^ h – 2

Remember that number of hosts is 2 less than the block size because of the Network Address and the Broadcast Address.

VLSM Block Size Table

The following table shows possible VLSM block sizes within a /24 range.

Prefix Host Bits Block Size Hosts
/25 7 128 126
/26 6 64 62
/27 5 32 30
/28 4 16 14
/29 3 8 6
/30 2 4 2

Selecting Subnets with VLSM

Although VLSM offers a more flexible approach to addressing, we must be careful which subnets we choose.

VLSM Rule 1

The network address, or subnet ID, for each subnet must have all host bits set to zero.

In other words, the subnet can’t just start anywhere you want.

Correct Subnet Example

The following could be a valid subnet within the 192.168.101.0 Class C network with VLSM.

Subnet:     192.168.101.64/26
Mask (/26): 255.255.255.192

Host Bits: 6
Block Size: 2 ^ 6 = 64
Supported Hosts: (2 ^ 6) – 2 = 62

              255      255      255      192
Mask:       11111111 11111111 11111111 11000000
            nnnnnnnn nnnnnnnn nnnnnnnn nnhhhhhh
               192      168      101      64
Subnet ID:  11000000 10101000 01100101 01000000
               192      168      101     127
Broadcast:  11000000 10101000 01100101 01111111
 Address

Notice that all of the host bits (the last 6) are zero.

Incorrect Subnet Example

The following is not a valid subnet within the 192.168.101.0 network.

Subnet:     192.168.101.80/26
Mask (/26): 255.255.255.192

              255      255      255      192
Mask:       11111111 11111111 11111111 11000000
            nnnnnnnn nnnnnnnn nnnnnnnn nnhhhhhh
               192      168      101      80
Subnet ID:  11000000 10101000 01100101 01010000

This is not a valid subnet because all of the host bits (the final 6 bits of the 3rd octet) are not set to zero: 010100000.

VLSM Rule 2

Subnet address ranges must not overlap.

If subnets did overlap then hosts on supposedly different subnets could have the same IP address. This would break the network as packets destined for one host could inadvertently be sent to a host sharing the same IP address. The router wouldn’t know which is the correct interface to send the packets out of. This can result in conditions such as not being able to ping across the network.

You can check for overlaps by listing the subnets in numerical order and comparing the broadcast address of each subnet with the network address (subnet ID) of the next subnet

Finding Overlapping Subnets

Imagine we have a network with the following subnets but some hosts are having trouble reaching each other. We’re going to check to see whether any of the subnets overlap which could be causing the network issues.

  • Subnet A: 192.168.101.0/28

  • Subnet B: 192.168.101.16/28

  • Subnet C: 192.168.101.32/27

  • Subnet D: 192.168.101.64/26

  • Subnet E: 192.168.101.96/27

  • Subnet F: 192.168.101.128/25

Now we’re going to list them in a table and look for any subnets which begin before the previous subnet ends.

VLSM Overlap Table

Subnet Subnet ID Broadcast Address Next Subnet ID
A 192.168.101.0 192.168.101.15 192.168.101.16
B 192.168.101.16 192.168.101.31 192.168.101.32
C 192.168.101.32 192.168.101.63 192.168.101.64
D 192.168.101.64 192.168.101.127 192.168.101.96
E 192.168.101.96 192.168.101.127 192.168.101.128
F 192.168.101.128 192.168.101.255

Notice that the Subnet ID / Network Address of Subnet E, is lower than the broadcast address of Subnet D. Therefore we have an overlap. In this case, removing Subnet D from the IP addressing scheme will fix the problem. We may wish to split one of the larger subnets, such as Subnet F, to provide an additional subnet.

VLSM Route Summarization

Summarization, also known as route aggregation, in VLSM is using a single address to describe multiple networks. Where a router has interfaces in multiple consecutive subnets, routing protocols can us summa-rization to advertise them using just one prefix which means that routing tables can smaller and therefore route lookups can be faster.

The summary is then given as the starting address of the summary block and the subnet mask that de-scribes the range – often written using CIDR notation.

Calculating a VLSM Route Summary

We can manually generate VLSM summarizations with the following steps

  1. Identify the consecutive networks we want to advertise

  2. Select the largest blocksize which can describe them (and only them)

  3. Add any networks that weren’t included in the block

Sometimes you can do step two just by looking at the group of addresses. Otherwise you can start with the smallest address spaces and combine them, gradually combining larger groups until you can combine any-more. Converting the addresses to binary can help identify the common host bits which can then be set to zeroes and ones to find the network and broadcast address. The network/subnet bits will give you the sub-net mask.

Summarization Rules

There are a couple of rules that we must remember when aggregating routes:

  1. The advertised address must have all of the host bits set to zero.

  2. The advertised network should not advertise addresses which you don’t have.

Rule 2 is relevant when the networks that you’re advertising don’t exactly fit a block size. For example, if you have 18 addresses, it could be tempting to use a summary with a block size of 32 addresses. However the additional twelve addresses could be used by a different network. Therefore you should advertise a summary with a block size of 16 and the remaining 2 addresses would be advertised individually.

VLSM Example

We have the following networks:

  • 192.168.100.0/24

  • 192.168.101.0/25

  • 192.168.101.128/25

  • 192.168.102.0/24

  • 192.168.103.0/24

Here we can start by combining the two /25 networks in the 192.168.101.x range to make them 192.168.101.0/24.

We now have 4 networks from 192.168.100.0/24 to 192.168.103.0/24

In binary:

   192      168      100       0
11000000 10101000 01100100 00000000
   192      168      101       0
11000000 10101000 01100101 00000000
   192      168      102       0
11000000 10101000 01100110 00000000
   192      168      103       0
11000000 10101000 01100111 00000000

If you look closely, you can see that the first 22 bits in each address are the same so we can keep them fixed to form the network address. We then have 10 host bits. Now we can find the subnet mask (it will be a /22), network address to advertise and the highest address in the range.

nnnnnnnn nnnnnnnn nnnnnnhh hhhhhhhh
   255      255      252       0
11111111 11111111 11111100 00000000
   192      168      100       0
11000000 10101000 01100100 00000000
   192      168      103     255
11000000 10101000 01100111 11111111

Therefore we can advertise 192.168.100.0/22 or 192.168.100.0 with a subnet mask of 255.255.252.0.

The range is from 192.168.100.0 to 192.168.103.255.

Other Related Skills

RIP was one of the first routing protocols to be implemented. RIPv2 later added a number of improvements.