Subnetting - Learning Module

Loading content...

0/228

Variable-Length Subnetting (VLSM)

The Limitation of Fixed-Length Subnets

You have a /24 network (254 hosts) to divide among:

A department with 100 users
A department with 50 users
A department with 25 users
Two point-to-point WAN links (2 hosts each)

With fixed-length subnetting (FLSM), all subnets must be the same size. If you use /26 (62 hosts), the larger department won't fit. If you use /25 (126 hosts), you can only create 2 subnets—not enough for all departments. And either way, you waste massive address space on WAN links that only need 2 addresses.

Variable-Length Subnet Masking (VLSM) solves this problem by allowing each subnet to be sized independently. Your 100-user department gets a /25, your 50-user department gets a /26, your 25-user department gets a /27, and your WAN links get /30s. No waste, no compromise.

What You Will Learn

By the end of this page, you will understand: (1) The difference between FLSM and VLSM, (2) The VLSM design process, (3) How to allocate VLSM subnets without overlap, (4) VLSM implementation with real examples, and (5) Common VLSM design patterns and best practices.

Fixed-Length vs. Variable-Length Subnetting

Before VLSM, network administrators used Fixed-Length Subnet Masking (FLSM), where every subnet in a network used the same prefix length. This was simpler but often wasteful.

Fixed-Length Subnetting (FLSM)

•All subnets have identical size
•Simple to implement and document
•Significant address waste common
•WAN links get same size as LANs
•May not fit requirements at all
•Traditional classful approach

Variable-Length Subnetting (VLSM)

•Each subnet sized to requirements
•More complex planning required
•Highly efficient address usage
•WAN links get minimal /30 or /31
•Can always satisfy requirements*
•Modern classless approach

Quantifying the Difference:

Consider allocating 192.168.1.0/24 to these requirements:

Dept A: 100 hosts
Dept B: 50 hosts
Dept C: 25 hosts
WAN 1: 2 hosts
WAN 2: 2 hosts

FLSM Approach (/25 - largest requirement dictates size):

Need 3 subnets for departments + 2 for WANs = 5 subnets
/25 gives only 2 subnets per /24 — CANNOT FIT
Must request additional /24 blocks

VLSM Approach (each sized appropriately):

Dept A: /25 (126 hosts) → 128 addresses
Dept B: /26 (62 hosts) → 64 addresses
Dept C: /27 (30 hosts) → 32 addresses
WAN 1: /30 (2 hosts) → 4 addresses
WAN 2: /30 (2 hosts) → 4 addresses
Total: 128 + 64 + 32 + 4 + 4 = 232 addresses ✓
Fits within /24 (256 addresses) with 24 to spare!

VLSM Requires Classless Routing

VLSM only works with routing protocols that carry subnet mask information (e.g., OSPF, EIGRP, RIPv2, BGP). Older classful protocols (RIPv1) assume all subnets of a network have the same mask, breaking VLSM. This is rarely an issue today—classless routing is universal.

The VLSM Design Process

VLSM design follows a specific process to avoid overlapping subnets. The key principle: allocate largest subnets first, then subdivide remaining space for smaller subnets.

VLSM Design Steps

•List all subnet requirements — Document needed host counts for each network segment.
•Determine prefix lengths — Calculate the minimum prefix for each requirement (round to next power of 2, subtract 2 for usable hosts).
•Sort by size (descending) — Order subnets from largest (smallest prefix number) to smallest (largest prefix number).
•Allocate largest first — Assign the largest subnet starting at the base address, respecting alignment.
•Continue allocation — For each subsequent subnet, find the next available aligned address after all previous allocations.
•Verify no overlap — Confirm each subnet's range doesn't intersect with any other.
•Document remaining space — Identify unused address ranges for future expansion.

Why Largest First?

Larger subnets have stricter alignment requirements. A /25 must start at .0 or .128; a /26 can start at .0, .64, .128, or .192. If you allocate small subnets first, you may fragment the address space such that a large subnet no longer fits. Always allocate largest to smallest.

Complete VLSM Allocation Example

Scenario:

Allocate 10.1.1.0/24 to the following requirements:

Engineering: 60 hosts
Sales: 28 hosts
Marketing: 12 hosts
HR: 5 hosts
WAN Link 1: 2 hosts
WAN Link 2: 2 hosts
Server VLAN: 10 hosts

Step 1 & 2: Requirements and Prefix Calculation

VLSM Requirements Analysis
Segment	Hosts Needed	Prefix	Block Size	Hosts Provided
Engineering	60	/26	64	62
Sales	28	/27	32	30
Marketing	12	/28	16	14
HR	5	/29	8	6
Server VLAN	10	/28	16	14
WAN Link 1	2	/30	4	2
WAN Link 2	2	/30	4	2

Total addresses needed: 64 + 32 + 16 + 8 + 16 + 4 + 4 = 144 Available in /24: 256 ✓

Step 3: Sort by Size (Descending)

Engineering: /26 (64 addresses)
Sales: /27 (32 addresses)
Marketing: /28 (16 addresses)
Server VLAN: /28 (16 addresses)
HR: /29 (8 addresses)
WAN Link 1: /30 (4 addresses)
WAN Link 2: /30 (4 addresses)

Step 4 & 5: Sequential Allocation

Base: 10.1.1.0/24

1. Engineering /26 (needs alignment to 64)
   → 10.1.1.0/26 (range: .0 - .63)
   Next available: .64

2. Sales /27 (needs alignment to 32)
   → 10.1.1.64/27 (range: .64 - .95)
   Next available: .96

3. Marketing /28 (needs alignment to 16)
   → 10.1.1.96/28 (range: .96 - .111)
   Next available: .112

4. Server VLAN /28
   → 10.1.1.112/28 (range: .112 - .127)
   Next available: .128

5. HR /29 (needs alignment to 8)
   → 10.1.1.128/29 (range: .128 - .135)
   Next available: .136

6. WAN Link 1 /30 (needs alignment to 4)
   → 10.1.1.136/30 (range: .136 - .139)
   Next available: .140

7. WAN Link 2 /30
   → 10.1.1.140/30 (range: .140 - .143)
   Next available: .144

Remaining: 10.1.1.144 - 10.1.1.255 (112 addresses reserved)

Final VLSM Allocation
Segment	Network	Mask	Range	Broadcast	Gateway
Engineering	10.1.1.0	/26	.1 - .62	.63	.1
Sales	10.1.1.64	/27	.65 - .94	.95	.65
Marketing	10.1.1.96	/28	.97 - .110	.111	.97
Server VLAN	10.1.1.112	/28	.113 - .126	.127	.113
HR	10.1.1.128	/29	.129 - .134	.135	.129
WAN Link 1	10.1.1.136	/30	.137 - .138	.139	N/A
WAN Link 2	10.1.1.140	/30	.141 - .142	.143	N/A
Reserved	10.1.1.144		.144 - .255

Efficiency Achieved

VLSM allocated 7 subnets with exactly the capacity needed, using only 144 of 256 addresses (56%). The remaining 112 addresses are reserved in a single contiguous block for future expansion. FLSM would have required multiple /24 blocks to achieve the same result.

Visualizing VLSM Allocation

VLSM allocations can be visualized as a hierarchical tree or as a linear address map. Both representations help verify correct allocation.

Linear Address Map:

10.1.1.0/24 (256 addresses total)
│
├─[0-63]    Engineering /26 ████████████████████████████████
│           ├─ Network: .0  │  Gateway: .1  │  Broadcast: .63
│
├─[64-95]   Sales /27       ████████████████
│           ├─ Network: .64 │  Gateway: .65 │  Broadcast: .95
│
├─[96-111]  Marketing /28   ████████
│           ├─ Network: .96 │  Gateway: .97 │  Broadcast: .111
│
├─[112-127] Server VLAN /28 ████████
│           ├─ Network: .112│  Gateway: .113│  Broadcast: .127
│
├─[128-135] HR /29          ████
│           ├─ Network: .128│  Gateway: .129│  Broadcast: .135
│
├─[136-139] WAN Link 1 /30  ██
│           ├─ Network: .136│  Usable: .137, .138
│
├─[140-143] WAN Link 2 /30  ██
│           ├─ Network: .140│  Usable: .141, .142
│
└─[144-255] RESERVED        ████████████████████████████████████████████████████████
            └─ 112 addresses available for future use

Hierarchical Tree View:

                        10.1.1.0/24
                             │
           ┌─────────────────┴─────────────────┐
      10.1.1.0/25                        10.1.1.128/25
           │                                   │
     ┌─────┴─────┐                    ┌────────┴────────┐
10.1.1.0/26  10.1.1.64/26         (allocated      (reserved)
(Engineering)     │                   below)
              ┌───┴───┐
         10.1.1.64/27  10.1.1.96/27
          (Sales)         │
                     ┌────┴────┐
                10.1.1.96/28  10.1.1.112/28
                (Marketing)   (Server VLAN)

The tree shows how larger subnets can be recursively subdivided. Each branch can be independently allocated or further divided.

Use Both Views

The linear view shows address consumption and remaining space. The tree view shows logical relationships and potential for further subdivision. Together, they provide complete understanding of a VLSM allocation.

VLSM Calculation Practice

Practice Problem:

Allocate 192.168.50.0/24 to:

LAN A: 100 hosts
LAN B: 50 hosts
LAN C: 25 hosts
LAN D: 10 hosts
WAN 1: 2 hosts
WAN 2: 2 hosts
WAN 3: 2 hosts

Work through this yourself before checking the solution.

Solution

Requirements: LAN A: /25 (128), LAN B: /26 (64), LAN C: /27 (32), LAN D: /28 (16), WANs: /30 each (4) | Total: 128+64+32+16+4+4+4 = 252 ✓ | Allocations: LAN A: 192.168.50.0/25 (.0-.127), LAN B: 192.168.50.128/26 (.128-.191), LAN C: 192.168.50.192/27 (.192-.223), LAN D: 192.168.50.224/28 (.224-.239), WAN 1: 192.168.50.240/30 (.240-.243), WAN 2: 192.168.50.244/30 (.244-.247), WAN 3: 192.168.50.248/30 (.248-.251) | Remaining: .252-.255 (4 addresses)

Common VLSM Mistakes:

Avoid These Errors

•Allocating small before large — This fragments address space and may prevent larger subnets from fitting. Always largest first.
•Ignoring alignment — A /27 (32 addresses) cannot start at .100. It must start at a multiple of 32: 0, 32, 64, 96, 128, etc.
•Overlapping subnets — Failure to track the 'next available' address causes overlap. Use a systematic approach.
•Forgetting the -2 — Running out of usable addresses because you calculated total addresses, not usable hosts.
•No growth planning — VLSM's tight fit is a double-edged sword. Leave expansion room where possible.

VLSM in Real Network Designs

VLSM is the standard approach for modern network design. Here's how it typically manifests in enterprise and cloud environments.

Enterprise Campus Pattern:

Corporate Network: 10.0.0.0/8
│
├── 10.1.0.0/16 - Headquarters
│   ├── 10.1.0.0/22   - Engineering (1000 hosts)
│   ├── 10.1.4.0/23   - Sales (500 hosts)
│   ├── 10.1.6.0/24   - HR (200 hosts)
│   ├── 10.1.7.0/25   - Finance (100 hosts)
│   ├── 10.1.7.128/26 - Executive (50 hosts)
│   ├── 10.1.7.192/28 - Network Management (14 devices)
│   ├── 10.1.7.208/28 - Voice Gateway (VoIP trunks)
│   └── 10.1.7.224/27 - Servers (30 servers)
│
├── 10.2.0.0/16 - Branch Offices
│   ├── 10.2.1.0/24   - Branch 1 (varying sizes)
│   ├── 10.2.2.0/24   - Branch 2
│   └── ... (one /24 per branch)
│
├── 10.10.0.0/16 - Data Center
│   ├── 10.10.0.0/23  - Production Servers
│   ├── 10.10.2.0/24  - Development
│   ├── 10.10.3.0/24  - QA/Staging
│   └── 10.10.4.0/28  - DMZ
│
└── 10.255.0.0/16 - WAN/Infrastructure
    ├── 10.255.0.0/30  - WAN Link 1
    ├── 10.255.0.4/30  - WAN Link 2
    └── ... (sequential /30s)

Note how different areas use vastly different subnet sizes based on actual requirements.

Cloud VPC Pattern (AWS/Azure/GCP):

VPC: 10.0.0.0/16
│
├── 10.0.0.0/20   - Production Tier
│   ├── 10.0.0.0/24   - Prod-AZ-a (Web)
│   ├── 10.0.1.0/24   - Prod-AZ-b (Web)
│   ├── 10.0.2.0/24   - Prod-AZ-a (App)
│   ├── 10.0.3.0/24   - Prod-AZ-b (App)
│   ├── 10.0.4.0/26   - Prod-AZ-a (DB)
│   └── 10.0.4.64/26  - Prod-AZ-b (DB)
│
├── 10.0.16.0/20  - Staging Tier
│   └── (similar structure, smaller subnets)
│
├── 10.0.32.0/20  - Development Tier
│   └── (similar structure)
│
└── 10.0.48.0/20  - Reserved for growth

Cloud architects use VLSM extensively, sizing tiers (/20) differently from availability zone subnets (/24) differently from database subnets (/26).

The /20 Rule for Cloud

Major cloud providers recommend /20 as the minimum subnet size for production workloads, providing 4,094 addresses per subnet. This accommodates container orchestration (Kubernetes pods get IPs), elastic scaling, and multi-AZ deployments. Use /24-/26 only for limited-scope subnets like databases or management.

VLSM and Route Summarization

Proper VLSM design enables route summarization—advertising one aggregate route instead of many specific routes. This reduces routing table size and improves convergence.

Summarization Principle:

If all subnets in a region share a common prefix, that prefix can represent them all.

Example:

Branch network contains:

192.168.10.0/26
192.168.10.64/27
192.168.10.96/28
192.168.10.112/30
192.168.10.116/30

All fall within 192.168.10.0 - 192.168.10.127 → Can be summarized as 192.168.10.0/25

Why This Works:

192.168.10.0   = 11000000.10101000.00001010.0xxxxxxx
192.168.10.64  = 11000000.10101000.00001010.0xxxxxxx
192.168.10.96  = 11000000.10101000.00001010.0xxxxxxx
192.168.10.127 = 11000000.10101000.00001010.0xxxxxxx
                                            ^
                               First 25 bits identical

All addresses share the first 25 bits → /25 summary works.

Summarization Requires Contiguous Allocation

Summarization only works if you allocated addresses contiguously. If Branch A uses 192.168.10.0/26 and 192.168.11.64/26 (non-contiguous), no single summary covers both without also covering unrelated networks. Plan VLSM allocations with summarization in mind.

VLSM Design for Summarization:

When designing VLSM schemes, allocate address blocks hierarchically:

Region Level: Assign large blocks (/16) per region
Site Level: Subdivide into site blocks (/20 or /21)
Function Level: VLSM within each site
Summarize at boundaries: Each site advertises its aggregate

Headquarters:    10.1.0.0/16  → Summarize as 10.1.0.0/16
  └── Internal VLSM: /20, /22, /24, /28, /30...

Branch Region 1: 10.2.0.0/16  → Summarize as 10.2.0.0/16
  ├── Branch 1:  10.2.0.0/20  → Summarize as 10.2.0.0/20
  ├── Branch 2:  10.2.16.0/20 → Summarize as 10.2.16.0/20
  └── Each branch has internal VLSM

The WAN router only needs one route per region; region routers only need one route per branch. Internal VLSM complexity is hidden from higher levels.

Summary: Variable-Length Subnetting

VLSM is the modern standard for IP address allocation, enabling efficient use of address space by matching subnet sizes to actual requirements.

Key Takeaways

•VLSM allows subnets of different sizes in the same network — Unlike FLSM, each subnet is sized to its actual requirements, minimizing waste.
•Always allocate largest subnets first — This ensures proper alignment and prevents fragmentation that could block larger allocations.
•Subnet alignment is mandatory — Subnets must start at addresses divisible by their block size. A /27 (32 addresses) cannot start at .50.
•Track 'next available' systematically — After each allocation, update the next available address to prevent overlap.
•VLSM enables tight but dangerous fits — Leave reserved space for growth. Perfect utilization leaves no room for expansion.
•Design for summarization — Allocate contiguous blocks to organizational units so their routes can be summarized at boundary routers.

Module Complete:

You have now mastered the complete domain of IPv4 subnetting:

Subnet Concept — What subnets are and why they exist
Subnet Mask — How masks define network boundaries
Subnet Creation — The design process for subnet schemes
Subnet Calculation — Mathematical techniques for subnet problems
Variable-Length Subnetting — Efficient, flexible address allocation

These skills are fundamental to network engineering, cloud architecture, and systems administration. They apply equally to physical networks, virtual networks, container platforms, and cloud infrastructure.

Subnetting Mastery Achieved

You now possess comprehensive subnetting knowledge—from basic concepts through advanced VLSM design. You can analyze any IP/mask combination, design efficient subnet schemes, and troubleshoot addressing issues. These skills form the foundation for advanced topics like routing, network security, and cloud architecture.

Variable-Length Subnetting (VLSM)

The Limitation of Fixed-Length Subnets

You have a /24 network (254 hosts) to divide among:

A department with 100 users
A department with 50 users
A department with 25 users
Two point-to-point WAN links (2 hosts each)

What You Will Learn

Fixed-Length vs. Variable-Length Subnetting

Before VLSM, network administrators used Fixed-Length Subnet Masking (FLSM), where every subnet in a network used the same prefix length. This was simpler but often wasteful.

Fixed-Length Subnetting (FLSM)

•All subnets have identical size
•Simple to implement and document
•Significant address waste common
•WAN links get same size as LANs
•May not fit requirements at all
•Traditional classful approach

Variable-Length Subnetting (VLSM)

•Each subnet sized to requirements
•More complex planning required
•Highly efficient address usage
•WAN links get minimal /30 or /31
•Can always satisfy requirements*
•Modern classless approach

Quantifying the Difference:

Consider allocating 192.168.1.0/24 to these requirements:

Dept A: 100 hosts
Dept B: 50 hosts
Dept C: 25 hosts
WAN 1: 2 hosts
WAN 2: 2 hosts

FLSM Approach (/25 - largest requirement dictates size):

Need 3 subnets for departments + 2 for WANs = 5 subnets
/25 gives only 2 subnets per /24 — CANNOT FIT
Must request additional /24 blocks

VLSM Approach (each sized appropriately):

Dept A: /25 (126 hosts) → 128 addresses
Dept B: /26 (62 hosts) → 64 addresses
Dept C: /27 (30 hosts) → 32 addresses
WAN 1: /30 (2 hosts) → 4 addresses
WAN 2: /30 (2 hosts) → 4 addresses
Total: 128 + 64 + 32 + 4 + 4 = 232 addresses ✓
Fits within /24 (256 addresses) with 24 to spare!

VLSM Requires Classless Routing

The VLSM Design Process

VLSM design follows a specific process to avoid overlapping subnets. The key principle: allocate largest subnets first, then subdivide remaining space for smaller subnets.

VLSM Design Steps

•List all subnet requirements — Document needed host counts for each network segment.
•Determine prefix lengths — Calculate the minimum prefix for each requirement (round to next power of 2, subtract 2 for usable hosts).
•Sort by size (descending) — Order subnets from largest (smallest prefix number) to smallest (largest prefix number).
•Allocate largest first — Assign the largest subnet starting at the base address, respecting alignment.
•Continue allocation — For each subsequent subnet, find the next available aligned address after all previous allocations.
•Verify no overlap — Confirm each subnet's range doesn't intersect with any other.
•Document remaining space — Identify unused address ranges for future expansion.

Why Largest First?

Complete VLSM Allocation Example

Scenario:

Allocate 10.1.1.0/24 to the following requirements:

Engineering: 60 hosts
Sales: 28 hosts
Marketing: 12 hosts
HR: 5 hosts
WAN Link 1: 2 hosts
WAN Link 2: 2 hosts
Server VLAN: 10 hosts

Step 1 & 2: Requirements and Prefix Calculation

VLSM Requirements Analysis
Segment	Hosts Needed	Prefix	Block Size	Hosts Provided
Engineering	60	/26	64	62
Sales	28	/27	32	30
Marketing	12	/28	16	14
HR	5	/29	8	6
Server VLAN	10	/28	16	14
WAN Link 1	2	/30	4	2
WAN Link 2	2	/30	4	2

Total addresses needed: 64 + 32 + 16 + 8 + 16 + 4 + 4 = 144 Available in /24: 256 ✓

Step 3: Sort by Size (Descending)

Engineering: /26 (64 addresses)
Sales: /27 (32 addresses)
Marketing: /28 (16 addresses)
Server VLAN: /28 (16 addresses)
HR: /29 (8 addresses)
WAN Link 1: /30 (4 addresses)
WAN Link 2: /30 (4 addresses)

Step 4 & 5: Sequential Allocation

Base: 10.1.1.0/24

1. Engineering /26 (needs alignment to 64)
   → 10.1.1.0/26 (range: .0 - .63)
   Next available: .64

2. Sales /27 (needs alignment to 32)
   → 10.1.1.64/27 (range: .64 - .95)
   Next available: .96

3. Marketing /28 (needs alignment to 16)
   → 10.1.1.96/28 (range: .96 - .111)
   Next available: .112

4. Server VLAN /28
   → 10.1.1.112/28 (range: .112 - .127)
   Next available: .128

5. HR /29 (needs alignment to 8)
   → 10.1.1.128/29 (range: .128 - .135)
   Next available: .136

6. WAN Link 1 /30 (needs alignment to 4)
   → 10.1.1.136/30 (range: .136 - .139)
   Next available: .140

7. WAN Link 2 /30
   → 10.1.1.140/30 (range: .140 - .143)
   Next available: .144

Remaining: 10.1.1.144 - 10.1.1.255 (112 addresses reserved)

Final VLSM Allocation
Segment	Network	Mask	Range	Broadcast	Gateway
Engineering	10.1.1.0	/26	.1 - .62	.63	.1
Sales	10.1.1.64	/27	.65 - .94	.95	.65
Marketing	10.1.1.96	/28	.97 - .110	.111	.97
Server VLAN	10.1.1.112	/28	.113 - .126	.127	.113
HR	10.1.1.128	/29	.129 - .134	.135	.129
WAN Link 1	10.1.1.136	/30	.137 - .138	.139	N/A
WAN Link 2	10.1.1.140	/30	.141 - .142	.143	N/A
Reserved	10.1.1.144		.144 - .255

Efficiency Achieved

Visualizing VLSM Allocation

VLSM allocations can be visualized as a hierarchical tree or as a linear address map. Both representations help verify correct allocation.

Linear Address Map:

10.1.1.0/24 (256 addresses total)
│
├─[0-63]    Engineering /26 ████████████████████████████████
│           ├─ Network: .0  │  Gateway: .1  │  Broadcast: .63
│
├─[64-95]   Sales /27       ████████████████
│           ├─ Network: .64 │  Gateway: .65 │  Broadcast: .95
│
├─[96-111]  Marketing /28   ████████
│           ├─ Network: .96 │  Gateway: .97 │  Broadcast: .111
│
├─[112-127] Server VLAN /28 ████████
│           ├─ Network: .112│  Gateway: .113│  Broadcast: .127
│
├─[128-135] HR /29          ████
│           ├─ Network: .128│  Gateway: .129│  Broadcast: .135
│
├─[136-139] WAN Link 1 /30  ██
│           ├─ Network: .136│  Usable: .137, .138
│
├─[140-143] WAN Link 2 /30  ██
│           ├─ Network: .140│  Usable: .141, .142
│
└─[144-255] RESERVED        ████████████████████████████████████████████████████████
            └─ 112 addresses available for future use

Hierarchical Tree View:

                        10.1.1.0/24
                             │
           ┌─────────────────┴─────────────────┐
      10.1.1.0/25                        10.1.1.128/25
           │                                   │
     ┌─────┴─────┐                    ┌────────┴────────┐
10.1.1.0/26  10.1.1.64/26         (allocated      (reserved)
(Engineering)     │                   below)
              ┌───┴───┐
         10.1.1.64/27  10.1.1.96/27
          (Sales)         │
                     ┌────┴────┐
                10.1.1.96/28  10.1.1.112/28
                (Marketing)   (Server VLAN)

The tree shows how larger subnets can be recursively subdivided. Each branch can be independently allocated or further divided.

Use Both Views

VLSM Calculation Practice

Practice Problem:

Allocate 192.168.50.0/24 to:

LAN A: 100 hosts
LAN B: 50 hosts
LAN C: 25 hosts
LAN D: 10 hosts
WAN 1: 2 hosts
WAN 2: 2 hosts
WAN 3: 2 hosts

Work through this yourself before checking the solution.

Solution

Common VLSM Mistakes:

Avoid These Errors

•Allocating small before large — This fragments address space and may prevent larger subnets from fitting. Always largest first.
•Ignoring alignment — A /27 (32 addresses) cannot start at .100. It must start at a multiple of 32: 0, 32, 64, 96, 128, etc.
•Overlapping subnets — Failure to track the 'next available' address causes overlap. Use a systematic approach.
•Forgetting the -2 — Running out of usable addresses because you calculated total addresses, not usable hosts.
•No growth planning — VLSM's tight fit is a double-edged sword. Leave expansion room where possible.

VLSM in Real Network Designs

VLSM is the standard approach for modern network design. Here's how it typically manifests in enterprise and cloud environments.

Enterprise Campus Pattern:

Corporate Network: 10.0.0.0/8
│
├── 10.1.0.0/16 - Headquarters
│   ├── 10.1.0.0/22   - Engineering (1000 hosts)
│   ├── 10.1.4.0/23   - Sales (500 hosts)
│   ├── 10.1.6.0/24   - HR (200 hosts)
│   ├── 10.1.7.0/25   - Finance (100 hosts)
│   ├── 10.1.7.128/26 - Executive (50 hosts)
│   ├── 10.1.7.192/28 - Network Management (14 devices)
│   ├── 10.1.7.208/28 - Voice Gateway (VoIP trunks)
│   └── 10.1.7.224/27 - Servers (30 servers)
│
├── 10.2.0.0/16 - Branch Offices
│   ├── 10.2.1.0/24   - Branch 1 (varying sizes)
│   ├── 10.2.2.0/24   - Branch 2
│   └── ... (one /24 per branch)
│
├── 10.10.0.0/16 - Data Center
│   ├── 10.10.0.0/23  - Production Servers
│   ├── 10.10.2.0/24  - Development
│   ├── 10.10.3.0/24  - QA/Staging
│   └── 10.10.4.0/28  - DMZ
│
└── 10.255.0.0/16 - WAN/Infrastructure
    ├── 10.255.0.0/30  - WAN Link 1
    ├── 10.255.0.4/30  - WAN Link 2
    └── ... (sequential /30s)

Note how different areas use vastly different subnet sizes based on actual requirements.

Cloud VPC Pattern (AWS/Azure/GCP):

VPC: 10.0.0.0/16
│
├── 10.0.0.0/20   - Production Tier
│   ├── 10.0.0.0/24   - Prod-AZ-a (Web)
│   ├── 10.0.1.0/24   - Prod-AZ-b (Web)
│   ├── 10.0.2.0/24   - Prod-AZ-a (App)
│   ├── 10.0.3.0/24   - Prod-AZ-b (App)
│   ├── 10.0.4.0/26   - Prod-AZ-a (DB)
│   └── 10.0.4.64/26  - Prod-AZ-b (DB)
│
├── 10.0.16.0/20  - Staging Tier
│   └── (similar structure, smaller subnets)
│
├── 10.0.32.0/20  - Development Tier
│   └── (similar structure)
│
└── 10.0.48.0/20  - Reserved for growth

Cloud architects use VLSM extensively, sizing tiers (/20) differently from availability zone subnets (/24) differently from database subnets (/26).

The /20 Rule for Cloud

VLSM and Route Summarization

Proper VLSM design enables route summarization—advertising one aggregate route instead of many specific routes. This reduces routing table size and improves convergence.

Summarization Principle:

If all subnets in a region share a common prefix, that prefix can represent them all.

Example:

Branch network contains:

192.168.10.0/26
192.168.10.64/27
192.168.10.96/28
192.168.10.112/30
192.168.10.116/30

All fall within 192.168.10.0 - 192.168.10.127 → Can be summarized as 192.168.10.0/25

Why This Works:

192.168.10.0   = 11000000.10101000.00001010.0xxxxxxx
192.168.10.64  = 11000000.10101000.00001010.0xxxxxxx
192.168.10.96  = 11000000.10101000.00001010.0xxxxxxx
192.168.10.127 = 11000000.10101000.00001010.0xxxxxxx
                                            ^
                               First 25 bits identical

All addresses share the first 25 bits → /25 summary works.

Summarization Requires Contiguous Allocation

VLSM Design for Summarization:

When designing VLSM schemes, allocate address blocks hierarchically:

Region Level: Assign large blocks (/16) per region
Site Level: Subdivide into site blocks (/20 or /21)
Function Level: VLSM within each site
Summarize at boundaries: Each site advertises its aggregate

Headquarters:    10.1.0.0/16  → Summarize as 10.1.0.0/16
  └── Internal VLSM: /20, /22, /24, /28, /30...

Branch Region 1: 10.2.0.0/16  → Summarize as 10.2.0.0/16
  ├── Branch 1:  10.2.0.0/20  → Summarize as 10.2.0.0/20
  ├── Branch 2:  10.2.16.0/20 → Summarize as 10.2.16.0/20
  └── Each branch has internal VLSM

The WAN router only needs one route per region; region routers only need one route per branch. Internal VLSM complexity is hidden from higher levels.

Summary: Variable-Length Subnetting

VLSM is the modern standard for IP address allocation, enabling efficient use of address space by matching subnet sizes to actual requirements.

Key Takeaways

•VLSM allows subnets of different sizes in the same network — Unlike FLSM, each subnet is sized to its actual requirements, minimizing waste.
•Always allocate largest subnets first — This ensures proper alignment and prevents fragmentation that could block larger allocations.
•Subnet alignment is mandatory — Subnets must start at addresses divisible by their block size. A /27 (32 addresses) cannot start at .50.
•Track 'next available' systematically — After each allocation, update the next available address to prevent overlap.
•VLSM enables tight but dangerous fits — Leave reserved space for growth. Perfect utilization leaves no room for expansion.
•Design for summarization — Allocate contiguous blocks to organizational units so their routes can be summarized at boundary routers.

Module Complete:

You have now mastered the complete domain of IPv4 subnetting:

Subnet Concept — What subnets are and why they exist
Subnet Mask — How masks define network boundaries
Subnet Creation — The design process for subnet schemes
Subnet Calculation — Mathematical techniques for subnet problems
Variable-Length Subnetting — Efficient, flexible address allocation

Subnetting Mastery Achieved