VLSM - Variable Length Subnet Masking

What is VLSM?

VLSM (Variable Length Subnet Masking) is the ability to use different prefix lengths (subnet masks) for different subnets within the same supernet. This is what CIDR enables.

Without VLSM (classful routing), every subnet in a network had to use the same mask. With VLSM, you can carve out exactly the right size subnet for each use case from a single allocated block.

Note

VLSM requires a classless routing protocol (OSPF, EIGRP, IS-IS, BGP, RIPv2). Old protocols like RIPv1 use classful routing and can’t carry subnet mask information in their updates.

---

Core Concept: Carving a Block

You have been allocated 192.168.10.0/24 (256 addresses total). You need to subdivide it for:

• 1 subnet for 60 servers
• 2 subnets for 26 workstations each
• 2 point-to-point WAN links (2 hosts each)

Classfully you’d need 5 separate /24 networks. With VLSM you carve them all out of one /24:

192.168.10.0/24  (total: 256 addresses)
├── 192.168.10.0/26    → 62 hosts  (servers)
├── 192.168.10.64/27   → 30 hosts  (workstations A)
├── 192.168.10.96/27   → 30 hosts  (workstations B)
├── 192.168.10.128/30  → 2 hosts   (WAN link 1)
├── 192.168.10.132/30  → 2 hosts   (WAN link 2)
└── 192.168.10.136/24 remainder → unallocated, available for future use

Only 192.168.10.0–135 are committed. The rest stays available.

---

VLSM Design Method

Always allocate largest subnets first to avoid fragmentation.

Step-by-Step Example

Requirements: Plan subnets using 10.0.0.0/16 for:

• Data center: 2000 servers
• Office A: 500 workstations
• Office B: 200 workstations
• DMZ: 30 servers
• Voice: 100 phones
• Management: 10 devices
• 3 WAN links (2 hosts each)

Step 1: Sort by size (largest first)

Subnet	Hosts Needed	Bits Required	Prefix	Block Size
Data center	2000	11 bits (2048)	/21	/21 = 2046 usable
Office A	500	10 bits (1024)	/22	/22 = 1022 usable
Office B	200	8 bits (256)	/24	/24 = 254 usable
Voice	100	7 bits (128)	/25	/25 = 126 usable
DMZ	30	5 bits (32)	/27	/27 = 30 usable
Management	10	4 bits (16)	/28	/28 = 14 usable
WAN x3	2 each	2 bits (4)	/30	/30 = 2 usable

Step 2: Allocate sequentially

Subnet	Network Address	Broadcast	Usable Range
Data center	10.0.0.0/21	10.0.7.255	10.0.0.1 – 10.0.7.254
Office A	10.0.8.0/22	10.0.11.255	10.0.8.1 – 10.0.11.254
Office B	10.0.12.0/24	10.0.12.255	10.0.12.1 – 10.0.12.254
Voice	10.0.13.0/25	10.0.13.127	10.0.13.1 – 10.0.13.126
DMZ	10.0.13.128/27	10.0.13.159	10.0.13.129 – 10.0.13.158
Management	10.0.13.160/28	10.0.13.175	10.0.13.161 – 10.0.13.174
WAN Link 1	10.0.13.176/30	10.0.13.179	10.0.13.177 – 10.0.13.178
WAN Link 2	10.0.13.180/30	10.0.13.183	10.0.13.181 – 10.0.13.182
WAN Link 3	10.0.13.184/30	10.0.13.187	10.0.13.185 – 10.0.13.186

Tip

The formula for finding prefix length from required hosts:

hosts needed → next power of 2 → host bits = log2(next power of 2) → prefix = 32 - host bits

200 hosts → next power of 2 = 256 → host bits = 8 → prefix = /24

Or backwards: ipcalc 10.0.0.0 255.255.255.0 shows you exactly what you get.

---

Practical VLSM Tools

# ipcalc (Linux) - calculate subnet details
ipcalc 10.0.0.0/21
# Network:   10.0.0.0/21
# Netmask:   255.255.248.0
# Broadcast: 10.0.7.255
# HostMin:   10.0.0.1
# HostMax:   10.0.7.254
# Hosts/Net: 2046

# Check if an IP is in a subnet
ipcalc 10.0.5.100/21
# If it shows the same Network address as above, it's in the same subnet

# sipcalc - more detailed output
sipcalc 10.0.8.0/22

# Python one-liner
python3 -c "import ipaddress; n = ipaddress.ip_network('10.0.0.0/21'); print(f'Hosts: {n.num_addresses-2}, First: {n.network_address+1}, Last: {n.broadcast_address-1}')"

# See all usable IPs in a subnet
python3 -c "import ipaddress; [print(ip) for ip in ipaddress.ip_network('10.0.13.176/30').hosts()]"
# 10.0.13.177
# 10.0.13.178

---

Supernetting (Route Aggregation)

VLSM also works in reverse - supernetting combines multiple contiguous subnets into a single summary route, reducing routing table size.

Individual routes:
  192.168.0.0/24
  192.168.1.0/24
  192.168.2.0/24
  192.168.3.0/24

Summary route (supernet):
  192.168.0.0/22  ← covers all four /24s

Router only needs 1 entry instead of 4

Condition: Subnets must be contiguous and the block must start on a boundary aligned to the summary prefix.

# Find summary route in Python
python3 -c "
import ipaddress
nets = ['192.168.0.0/24', '192.168.1.0/24', '192.168.2.0/24', '192.168.3.0/24']
objs = [ipaddress.ip_network(n) for n in nets]
print(list(ipaddress.collapse_addresses(objs)))
# [IPv4Network('192.168.0.0/22')]
"

---

VLSM vs Fixed-Length Subnet Masking

Aspect	FLSM (classful)	VLSM (classless)
Subnet size	All same within a network	Each subnet can be different
Routing protocol	RIPv1	OSPFv2, EIGRP, BGP, RIPv2
Address waste	High (must fit everyone in same /mask)	Minimal (allocate to fit)
Complexity	Simple	Requires planning
Route table	Larger (one entry per subnet)	Smaller (with aggregation)