Opening Framing: Why Equal-Sized Subnets Stop Working
Week 5 established how to divide a network into equal-sized blocks. That method is useful, but real organizations are rarely symmetrical. A head office may need space for 60 hosts, a branch may need 12, and a point-to-point WAN link may need only 2. If every segment receives the same subnet size, the design wastes addresses and often forces earlier renumbering than necessary.
Variable Length Subnet Masking (VLSM) solves that engineering problem. Instead of forcing every subnet to use the same prefix length, VLSM assigns different prefix lengths to different network segments according to actual host demand. This allows an engineer to build an address plan that is efficient, scalable, and easier to justify operationally.
This is not just exam arithmetic. VLSM affects DHCP scope design, VLAN sizing, route summaries, WAN addressing, cloud VPC planning, and long-term growth strategy. A student who understands VLSM can look at a business requirement and turn it into a usable network plan instead of merely calculating masks in isolation.
Learning Outcomes
- LO1: Explain why VLSM is used to reduce address waste and fit subnets to actual host demand.
- LO2: Select an appropriate prefix length for a given host requirement using host-bit calculations.
- LO3: Build a VLSM address plan by allocating subnets from largest requirement to smallest.
- LO4: Predict whether traffic is same-subnet or routed when different subnet sizes exist inside one parent block.
- LO5: Verify and troubleshoot a VLSM design using host configuration, router interfaces, and subnet-boundary checks.
Key insight: VLSM turns subnetting from a fixed pattern into a resource-allocation discipline.
1) Why Fixed-Length Subnetting Wastes Addresses
Equal-sized subnetting works best when all subnets need roughly the same capacity. In real networks that assumption breaks quickly. If every department receives a /26 only because the largest department needs a /26, smaller departments inherit large pools of unused addresses. That may feel harmless in a lab, but at scale it creates fragmented plans and unnecessary address pressure.
Example parent network: 10.24.8.0/24
Department needs:
- Engineering: 50 hosts
- Finance: 20 hosts
- HR: 10 hosts
If all three receive /26:
- Each subnet has 62 usable hosts
- Engineering uses most of one /26
- Finance wastes 42 addresses
- HR wastes 52 addresses| Department | Hosts needed | If all use /26 | Addresses wasted |
|---|---|---|---|
| Engineering | 50 | 62 usable | 12 |
| Finance | 20 | 62 usable | 42 |
| HR | 10 | 62 usable | 52 |
In that case, the address plan is simple but not efficient. VLSM allows engineering to keep the /26, finance to use a /27, and HR to use a /28. The organization still meets its needs, but the leftover address space remains available for future departments, WAN links, or growth.
Waste does not always break a network immediately. It breaks future flexibility. Good VLSM design preserves space for the next requirement, not just the current one.
2) What VLSM Is and How Engineers Apply It
VLSM means using different prefix lengths inside the same parent address block. A /24 might contain one /26, one /27, one /28, and several /30 links. The design is still mathematically correct as long as the subnets do not overlap and each one begins on a valid boundary for its prefix length.
The most reliable VLSM workflow is not to start assigning addresses randomly. It is to convert business requirements into a structured sequence:
- List every network segment and its host requirement.
- Sort the list from largest host requirement to smallest.
- Choose the smallest prefix that satisfies each requirement.
- Allocate subnets in order, respecting valid block boundaries.
- Document gateways, usable ranges, broadcast addresses, and spare capacity.
Allocate the largest subnet first. If smaller blocks are assigned first, they can fragment the parent network and make it impossible to place a larger subnet later without overlap or renumbering.
This ordering rule matters because subnets occupy contiguous address ranges. Once a smaller block is placed in the middle of an address space, a larger block that needs a wider boundary may no longer fit cleanly.
3) Choosing the Right Prefix for a Host Requirement
VLSM works only if the engineer can convert a host requirement into the correct prefix.
The reasoning is the same as Week 5: find the smallest number of host bits
h such that 2^h - 2 is large enough for the required hosts.
Examples
Need 60 hosts:
2^5 - 2 = 30 not enough
2^6 - 2 = 62 enough
Result: /26
Need 12 hosts:
2^3 - 2 = 6 not enough
2^4 - 2 = 14 enough
Result: /28
Need 2 hosts:
2^2 - 2 = 2 enough
Result: /30| Hosts needed | Host bits required | Chosen prefix | Usable hosts |
|---|---|---|---|
| 60 | 6 | /26 | 62 |
| 28 | 5 | /27 | 30 |
| 12 | 4 | /28 | 14 |
| 2 | 2 | /30 | 2 |
At this stage of the degree, using /30 for point-to-point links is the clearest convention because it provides exactly two usable addresses. Later you may encounter /31 links in modern routed environments, but the logic of minimal sizing begins here.
The technically smallest subnet is not always the operationally best subnet. If a department is expected to grow soon, the engineer may intentionally choose a larger block to avoid rapid renumbering.
4) Worked Example: VLSM Design for a 3-Office Startup
Suppose a startup receives the address block 10.50.20.0/24 and needs the
following segments:
| Segment | Hosts needed | Chosen prefix | Why |
|---|---|---|---|
| Head Office LAN | 60 | /26 | 62 usable hosts fits the requirement |
| East Office LAN | 28 | /27 | 30 usable hosts fits the requirement |
| West Office LAN | 12 | /28 | 14 usable hosts fits the requirement |
| HQ-East WAN | 2 | /30 | 2 usable hosts, one at each end |
| HQ-West WAN | 2 | /30 | 2 usable hosts, one at each end |
After sorting from largest to smallest, the allocations proceed in valid block-size
order. The /26 consumes the first 64 addresses. The next free boundary suitable for a
/27 is 10.50.20.64. After that, the /28 begins at
10.50.20.96, followed by /30 links at 10.50.20.112 and
10.50.20.116.
VLSM allocation from 10.50.20.0/24
1) Head Office LAN
Network ID: 10.50.20.0/26
Usable host range: 10.50.20.1 - 10.50.20.62
Broadcast: 10.50.20.63
2) East Office LAN
Network ID: 10.50.20.64/27
Usable host range: 10.50.20.65 - 10.50.20.94
Broadcast: 10.50.20.95
3) West Office LAN
Network ID: 10.50.20.96/28
Usable host range: 10.50.20.97 - 10.50.20.110
Broadcast: 10.50.20.111
4) HQ-East WAN
Network ID: 10.50.20.112/30
Usable host range: 10.50.20.113 - 10.50.20.114
Broadcast: 10.50.20.115
5) HQ-West WAN
Network ID: 10.50.20.116/30
Usable host range: 10.50.20.117 - 10.50.20.118
Broadcast: 10.50.20.119
Notice what VLSM preserved: the remaining address space from
10.50.20.120 upward is still free for future offices, servers, or
management networks. A fixed-length design would have consumed far more of the parent
block for the same organization.
| Segment | Suggested gateway | Valid example host | Reserved edge values |
|---|---|---|---|
| Head Office LAN | 10.50.20.1 | 10.50.20.25 | 10.50.20.0 and 10.50.20.63 |
| East Office LAN | 10.50.20.65 | 10.50.20.70 | 10.50.20.64 and 10.50.20.95 |
| West Office LAN | 10.50.20.97 | 10.50.20.105 | 10.50.20.96 and 10.50.20.111 |
| HQ-East WAN | 10.50.20.113 | 10.50.20.114 | 10.50.20.112 and 10.50.20.115 |
| HQ-West WAN | 10.50.20.117 | 10.50.20.118 | 10.50.20.116 and 10.50.20.119 |
5) Packet Path in a VLSM Environment: Local or Routed?
VLSM changes how hosts interpret destinations because not every subnet shares the same mask. Two addresses may appear close together numerically yet still belong to different subnets. The host makes that decision by comparing the destination against its own prefix length, not by guessing from the first three octets.
Example 1: local communication
Host A: 10.50.20.10/26
Host B: 10.50.20.40/26
Result:
- Both belong to 10.50.20.0/26
- Traffic stays local on the LAN
- Host A uses ARP for Host B's MAC address
- The default gateway is not usedExample 2: routed communication
Host A: 10.50.20.10/26
Host B: 10.50.20.70/27
Result:
- Host A belongs to 10.50.20.0/26
- Host B belongs to 10.50.20.64/27
- Different subnets
- Host A sends traffic to its gateway 10.50.20.1
- The router forwards toward the East Office subnetExample 3: point-to-point link is not a user LAN
Address pair: 10.50.20.113/30 and 10.50.20.114/30
Result:
- Exactly two usable addresses exist
- Appropriate for router-to-router or router-to-provider links
- Not appropriate for a department LAN with many hosts
One of the most common VLSM failures is a mask mismatch on the host. If a host in the
East Office should be /27 but is configured as /24, it may
incorrectly assume remote addresses are local. It will ARP for devices that are
actually outside its subnet, and the communication will fail in a way that looks
confusing until the mask is checked.
In a VLSM design, a correct IP with the wrong prefix is still a broken configuration. Hosts choose local versus routed paths from the prefix length.
6) Configuration and Verification: Proving the Address Plan Works
A VLSM worksheet becomes real only when devices are configured with matching masks, valid gateways, and correct interface addressing. Below is a simplified Cisco IOS example using one router with three LAN-facing interfaces and two WAN links.
Router interface example
interface g0/0
ip address 10.50.20.1 255.255.255.192
no shutdown
interface g0/1
ip address 10.50.20.65 255.255.255.224
no shutdown
interface g0/2
ip address 10.50.20.97 255.255.255.240
no shutdown
interface s0/0/0
ip address 10.50.20.113 255.255.255.252
no shutdown
interface s0/0/1
ip address 10.50.20.117 255.255.255.252
no shutdown
On hosts, the essential values are the IP address, subnet mask, and default gateway.
The gateway must belong to the same usable range as the host's subnet. A host in
10.50.20.64/27 should not point to 10.50.20.1; it should
point to the router interface inside its own subnet, such as 10.50.20.65.
Useful verification commands
Windows:
ipconfig /all
route print
ping
Linux:
ip addr
ip route
ping
Cisco IOS:
show ip interface brief
show running-config interface g0/1
show ip route
ping| Verification question | What to inspect | Evidence of success |
|---|---|---|
| Is the subnet mask correct? | Host IP configuration | Prefix matches the VLSM plan exactly |
| Is the gateway valid? | Default gateway and subnet range | Gateway is inside the same usable host range as the client |
| Are router interfaces consistent? | show ip interface brief |
Each interface is up with the planned address and mask |
| Does traffic follow the expected path? | Ping tests and route view | Same-subnet traffic stays local, remote traffic uses the gateway |
Quick validation example
Host: 10.50.20.70/27
Gateway: 10.50.20.65
Checks:
- Is the host valid? Yes, 10.50.20.70 is inside 10.50.20.64 - 10.50.20.94
- Is the gateway valid? Yes, 10.50.20.65 is inside the same subnet
- Is 10.50.20.95 valid as a host? No, it is the broadcast address
- Is 10.50.20.25 local or remote? Remote, because it belongs to 10.50.20.0/267) Failure Modes: Where VLSM Designs Go Wrong
VLSM errors are often not advanced. They usually come from poor ordering, incorrect boundary math, or masks being applied inconsistently across hosts and routers. Because every subnet can have a different size, sloppy documentation becomes especially expensive.
| Symptom | Likely cause | First check |
|---|---|---|
| Two subnets appear to overlap | Allocated out of order or ignored block boundaries | Rebuild the plan from largest to smallest and verify network IDs |
| Hosts ARP for remote addresses | Host mask is too broad | Inspect host prefix and compare it to the documented subnet |
| Gateway is unreachable | Gateway address is outside the client's usable range | Recalculate network ID, usable range, and broadcast address |
| Large department cannot fit | Small subnets were allocated first and fragmented the block | Check ordering of allocation |
| WAN link has extra host addresses assigned | /30 link misunderstood as a LAN segment | Confirm the link type and required host count |
- Confirm the business requirement and required host count.
- Recalculate the chosen prefix from that requirement.
- Check that each subnet starts on the correct boundary for its block size.
- Verify that hosts, gateways, and router interfaces share the same mask logic.
- Test same-subnet reachability before testing routed connectivity.
Key insight: VLSM problems often look like routing issues, but the root cause is usually incorrect address planning or a mask mismatch.
Real-World Design Context: Efficiency, Growth, and Documentation
Enterprise address plans balance efficiency against future growth. If every subnet is sized only for the current day, renumbering may arrive too soon. If every subnet is oversized, the plan wastes address space and becomes harder to summarize and manage. Good VLSM design therefore includes both mathematical fit and operational judgment.
A common professional approach is to place related networks in contiguous ranges so they can later be summarized or recognized easily in documentation. For example, all user LANs might live in one part of the parent block while WAN and infrastructure links live in another. That makes route interpretation and fault isolation easier.
VLSM is also one reason IPv4 still functions in many private networks despite address scarcity. By allocating address space carefully, organizations delay waste and keep room for new services. This does not replace IPv6, but it is still a core skill for real IPv4 environments.
Guided Lab: Designing a VLSM Scheme for a 3-Office Startup
Goal: Turn one parent network into a documented VLSM address plan for three office LANs and two WAN links.
Scenario
You are assigned 10.60.40.0/24 for a startup with the following needs:
- Head Office LAN: 58 hosts
- Design Office LAN: 24 hosts
- Sales Office LAN: 10 hosts
- WAN link from HQ to Design Office: 2 hosts
- WAN link from HQ to Sales Office: 2 hosts
Step 1: Order the requirements
- Sort the segments from largest to smallest host requirement.
- Write the required prefix beside each segment.
Step 2: Allocate the subnets
- Begin at the start of
10.60.40.0/24. - Place the largest subnet first.
- Continue allocating the next subnet at the next valid boundary.
- Do not overlap any ranges.
Step 3: Build the addressing table
- For each subnet, record network ID, broadcast address, usable range, and suggested gateway.
- Mark one example valid host address for each LAN and each WAN link.
Step 4: Predict traffic behavior
- Decide whether a host in Head Office can reach another Head Office host locally.
- Decide whether a host in Head Office reaches a Design Office host locally or via the gateway.
- Explain why the answer depends on the subnet boundary rather than the first three decimal octets alone.
Step 5: Optional Packet Tracer validation
- Create three LANs and two WAN links using your plan.
- Configure router interfaces and host addresses.
- Verify local pings within a LAN and routed pings between LANs.
Deliverable
Submit a one-page VLSM address plan table plus a short explanation of why your allocation order prevents overlap and preserves future growth space.
Week 6 Outcome Check
By the end of this week, you should be able to:
- Explain why VLSM is more efficient than fixed-length subnetting in unequal environments
- Select the correct prefix for host requirements of different sizes
- Allocate VLSM subnets largest-first without overlap
- Determine whether traffic is local or routed when different masks coexist inside one parent block
- Verify host, gateway, and router interface settings against the address plan
Next week shifts from address planning to packet forwarding mechanics at Layer 3 and ARP behavior.
Hands-On Labs
Use these activities to build speed and accuracy with real VLSM reasoning.
Lab 1: Prefix Selection Drill
Task: Match 12 host requirements to the smallest valid prefix.
Deliverable: One completed worksheet showing host-bit math.
Why it matters: Incorrect prefix selection breaks every later step in a VLSM plan.
Time estimate: 20-25 minutes
Lab 2: Multi-Department VLSM Address Plan
Task: Build a full VLSM scheme for three LANs and two WAN links inside one /24.
Deliverable: Addressing table with network ID, usable range, broadcast address, and gateway per segment.
Why it matters: This mirrors the planning work done before real router and switch deployment.
Time estimate: 40-50 minutes
Lab 3: VLSM Troubleshooting Challenge
Task: Review a broken address plan and identify mask errors, overlaps, invalid host assignments, and wrong gateways.
Deliverable: Short fault report with corrected values.
Why it matters: Engineers are paid to detect planning mistakes before they become production outages.
Time estimate: 25-35 minutes
Checkpoint Questions
- Why does fixed-length subnetting become inefficient when departments have very different host counts?
- What is the largest-first rule in VLSM, and why does it prevent later overlap?
- How would you determine the smallest prefix that supports 28 hosts?
- Why is a /30 usually appropriate for a point-to-point IPv4 link in foundational routing work?
- What does it mean for a subnet to begin on a valid boundary?
- Why can a host with the correct IP address still fail if its mask is wrong?
- How would you verify that a default gateway belongs to the same usable range as a client?
Weekly Reflection
Reflection prompt (200-300 words):
This week changed subnetting from equal-sized division into an address-planning strategy. Reflect on how VLSM balances efficiency, growth, and operational clarity.
- Why is an efficient address plan different from a merely valid address plan?
- How does VLSM help a multi-department organization avoid waste without sacrificing manageability?
- What risks appear if masks are documented poorly or configured inconsistently?
- How would you decide when to leave deliberate spare capacity inside a parent network?
A strong reflection should connect the math of prefix sizing to long-term network design decisions.
Recommended References
- RFC 1878: Variable Length Subnet Table for IPv4 for a compact reference table connecting prefixes, masks, and host capacity.
- RFC 4632: Classless Inter-domain Routing (CIDR) for the modern prefix-based addressing model that underpins VLSM.
- RFC 3021: Using 31-Bit Prefixes on IPv4 Point-to-Point Links for an advanced view of address efficiency on routed links beyond the /30 convention used in this week.
- Cisco Networking Academy: Networking Basics for structured support on IPv4 addressing, subnetting, and introductory routing.
- Cisco Support Reference: Configure IP Addresses and Unique Subnets for New Users for practical vendor-style explanation of subnetting and address design.
Read the references with your worksheet beside you. VLSM is learned by designing address plans, validating boundaries, and explaining why each prefix was chosen.
Week 06 Quiz
Test your understanding of VLSM planning, prefix selection, address boundaries, and routed versus local traffic decisions.
Take Week 06 Quiz