As the name suggests, with variable-length subnet masks (VLSMs) we can have different subnet masks for different subnets of the same classful network. So, for the serial link in the preceding example, we could have a subnet mask of 255.255.255.252. If we do the math and look at our subnet in binary, we see that we have only two host bits, as shown in our first VLSM example.
Therefore, this subnet mask will give us only two valid IP addresses (22 – 2 = 2), which is exactly what we need for our serial link.
As another example, consider what would happen if we were running out of IP numbers on a particular subnet. Perhaps we have several web servers on network 172.16.10.0, with a subnet mask of 255.255.255.0 (which we could also write in CIDR notation as 172.16.10.0/24, due to there being 24 bits turned on in our subnet mask). With only eight bits left over for host iden-tification, we have only 254 available host addresses.
However, in our web server implementation, each URL needs its own IP number, and our need for unique IP numbers is about to grow beyond the 254 numbers that we have available.
It is possible to support several URLs to an IP address, but for this example we’ll use only one address per URL.
Yet again, VLSMs can provide a solution. Instead of making our subnet mask longer, as in the previous example, we can make our subnet mask shorter. This is called route aggregation, in general, or supernetting when dealing with a prefix length shorter than the default for the class in question.
Decimal 255 255 255 252
Binary 11111111 11111111 11111111 11111100
Extending IP Addresses 47
Our second VLSM example demonstrates would happen if we reduced our prefix length from 24 bits to 23 bits.
We now have a network of 172.16.10.0 with a subnet mask of 255.255.254.0, which can also be written as 172.16.10.0/23. Again, by doing the math (29 – 2 = 510, because we have nine host bits), we see that we now have 510 available IP addresses instead of 254.
Let’s work through a VLSM design example, as depicted in Figure 2.2.
F I G U R E 2 . 2 VLSM design example
In this example, we have the following set of requirements for our network addressing:
A server farm requires 300 IP addresses.
A user segment requires 200 IP addresses.
A serial link between two routers requires two IP addresses.
A switched subnet interconnecting four routers requires four IP addresses.
We have been assigned the Class B network of 172.16.0.0.
We will now go through a simple three-step process for efficiently calculating the IP address ranges to be assigned to each segment. We say “efficiently,” because we will be using the min-imum number of IP addresses required to accomplish our goal with a few extra to account for expected growth. Changing addresses once they’ve been implemented can be time-consuming, costly, and may require significant down time.
1. Create a table detailing the segments and the number of hosts required on each segment, as shown in Table 2.3.
Decimal 255 255 254 0
Binary 11111111 11111111 11111110 00000000
4421.book Page 47 Tuesday, February 1, 2005 2:52 PM
2. Determine the subnet mask required to support the requirements defined in step 1, and expand the table to list the subnet masks.
We can use our formula 2n – 2 = number of hosts to create a handy reference chart to quickly determine how many hosts can be supported for any given sub-net mask, as shown in Table 2.4. The table goes up to only 1022 hosts, because Cisco has a design recommendation that you should not have a non-routed net-work segment with more than 500 hosts (due to performance problems caused by broadcast traffic). To confuse you further, understand that some Cisco docu-mentation states that the number of hosts on a segment can be up to 800! Just keep in mind the amount of traffic when making this decision.
T A B L E 2 . 3 Number of IP Addresses Used in Figure 2.2
Description of Segment Number of IP Addresses Required
Server farm 300
Ethernet user segment 200
Serial link 2
Router interconnection switched subnet 4
T A B L E 2 . 4 Number of Hosts Needed in Figure 2.2
Maximum Number of Hosts Bits in Subnet Mask Subnet Mask
2 30 255.255.255.252
6 29 255.255.255.248
14 28 255.255.255.240
30 27 255.255.255.224
62 26 255.255.255.192
126 25 255.255.255.128
254 24 255.255.255.0
Extending IP Addresses 49
Referring to Table 2.4, we can easily determine the subnet mask required for each segment in our example by looking for the closest subnet size greater than or equal to the number of hosts needed, as shown in Table 2.5.
3. Starting with the segment requiring the greatest prefix length, begin allocating addresses.
Let’s begin with the serial link, which has a prefix length of 30 bits. Because all of our addresses are going to start with 172.16, we will examine only the last 16 bits of the IP address. In Table 2.6, we see the binary representations of the last two octets of the subnet mask, the subnet address, the first and last valid IP addresses in the subnet, and the broadcast address. Remember that the host portion of an assigned address cannot be all 1s, which is the broadcast address, or all 0s, which is the address of the network, or wire.
510 23 255.255.254.0
1022 22 255.255.252.0
T A B L E 2 . 5 Subnet Masks for Figure 2.2
Description of Segment
Number of IP Addresses Required
Subnet Mask (Number of Subnet Bits)
Server farm 300 255.255.254.0 (23)
Ethernet user segment 200 255.255.255.0 (24)
Serial link 2 255.255.255.252 (30)
Router interconnection switched subnet
4 255.255.255.248 (29)
T A B L E 2 . 6 Networks, Hosts, and Subnets for Figure 2.2 3rd Octet
128 64 32 16 8 4 2 1
4th Octet
128 64 32 16 8 4 2 1
Decimal IP Address (Last 16 bits in bold)
Subnet Mask 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 255.255.255.252 Subnet 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 172.16.0.0 T A B L E 2 . 4 Number of Hosts Needed in Figure 2.2 (continued)
Maximum Number of Hosts Bits in Subnet Mask Subnet Mask 4421.book Page 49 Tuesday, February 1, 2005 2:52 PM
By simply subtracting the non-0, non-255 (interesting) octet value in our mask (252, in this case, and there will be only one such value, in any case—all other octet values will be 0 or 255) from 256 (call 256 “the magic number”), we get the increment size that takes us from one subnet boundary to the next in the octet that we found interesting. Always start with 0 in the interesting octet; that will be the first valid subnet and will look exactly like the network we started subnetting from.
The next subnet can always be determined by adding the increment to the current value, yielding 4 in the fourth octet, for the second subnet. This continues until the sum equals the orig-inal value of the interesting octet of the subnet mask (252, in this case), and no octets to the left of the interesting octet are within your authority to make any larger. Practicing with this short-cut method is the only way to truly understand each of these nuances.
After picking the first available network number (172.16.0.0), given our 30-bit subnet mask and eliminating host IP addresses that are all 1s and all 0s, we have the following range of num-bers: 172.16.0.1–172.16.0.2. The broadcast address is all host bits on, or 172.16.0.3, which is also the address right before the next subnet address. We can take one of these numbers and assign it to one side of the serial link. The other number can be assigned to the other end of the serial link.
Next, we will calculate the range of IP addresses to use for our switched subnet, containing four router interfaces. We pick the first available network address, given our 29-bit subnet mask and previous choices. In this case, the first available network is 172.16.0.8, as shown in Table 2.7.
First IP in range 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 172.16.0.1 Last IP in range 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 172.16.0.2 Broadcast 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 172.16.0.3
T A B L E 2 . 7 IP Address Range for Switched Subnet in Figure 2.2 3rd Octet
128 64 32 16 8 4 2 1
4th Octet
128 64 32 16 8 4 2 1
Decimal IP Address (Last 16 bits in bold)
Subnet mask 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 255.255.255.248 Subnet 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 172.16.0.8 First IP in range 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 172.16.0.9 Last IP in range 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 172.16.0.14 Broadcast 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 172.16.0.15 T A B L E 2 . 6 Networks, Hosts, and Subnets for Figure 2.2 (continued)
3rd Octet
128 64 32 16 8 4 2 1
4th Octet
128 64 32 16 8 4 2 1
Decimal IP Address (Last 16 bits in bold)
Extending IP Addresses 51
Again, subtracting 248 from 256 leaves a value of 8, our increment. The first valid value of the fourth octet, as always, is 0, but that’s already taken. Add 8, and the next subnet boundary is 8.
Because the 0 subnet was based on an increment of 4, we are fine placing this subnet at 8. In fact, there is another two-host subnet at 4, which we had to skip—that can be used in the future.
Eliminating host IP addresses that contain all 1s and all 0s, as before, we discover that our valid IP address range for this segment is 172.16.0.9–172.16.0.14. The broadcast address is all host bits on, or 172.16.0.15, which is also one less than the next subnet boundary of 172.16.0.16, found by using our increment of 8.
Now we will perform the same steps on the Ethernet user segment, as shown in Table 2.8, and the server farm segment, as shown in Table 2.9.
From these tables, we see that our IP address range for the Ethernet user segment is 172.16.1.1–
172.16.1.254. This is because we have no interesting octet. However, by realizing we have complete control over the third octet, which has a mask value of 255, we can see that we have an increment T A B L E 2 . 8 Valid Addresses for Ethernet Segment in Figure 2.2
3rd Octet
128 64 32 16 8 4 2 1
4th Octet
128 64 32 16 8 4 2 1
Decimal IP Address (Last 16 bits in bold)
Subnet mask 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 255.255.255.0 Subnet 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 172.16.1.0 First IP in range 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 172.16.1.1 Last IP in range 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 0 172.16.1.254 Broadcast 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 172.16.1.255
T A B L E 2 . 9 Valid Addresses for Server Farm Segment in Figure 2.2 3rd Octet
128 64 32 16 8 4 2 1
4th Octet
128 64 32 16 8 4 2 1
Decimal IP Address (Last 16 bits in bold)
Subnet mask 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 255.255.254.0 Subnet 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 172.16.2.0 First IP in range 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 172.16.2.1 Last IP in range 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 0 172.16.3.254 Broadcast 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 172.16.3.255 4421.book Page 51 Tuesday, February 1, 2005 2:52 PM
of 1 when 255 is subtracted from 256, which is how default subnets work. Because the previous two subnets have a third-octet value of 0, we must start in the third octet with at least a value of 1, and the subnet gets the entire range of addresses with 1 in the third octet.
In addition, notice that the IP address range for the server farm segment is 172.16.2.1–
172.16.3.254. This is because the interesting octet is now the third octet, with a value of 254. Sub-tracting this from 256 leaves us with an increment of 2. Remembering to apply this to only the third octet, we determine we can have values of 0, 2, 4, 6, and so on, in the third octet, but we already have subnets with 0 and 1 in that octet, so 2 is the first available value. Because the increment is 2, we get the entire range up to, but not including, the next subnet boundary, which is 4 in the third octet.
In summary, we have defined the following address ranges for our four segments, as detailed in Table 2.10.
We can now take our VLSM address ranges and apply them to our network diagram, as shown in Figure 2.3.
F I G U R E 2 . 3 VLSM example with IP addresses
T A B L E 2 . 1 0 Valid IP Addresses for All Four Segments Used in Figure 2.2
Description of Segment Address Range
Server farm 172.16.2.1–172.16.3.254
Ethernet user segment 172.16.1.1–172.16.1.254
Serial link 172.16.0.1–172.16.0.2
Router interconnection switched segment 172.16.0.9–172.16.0.14
Extending IP Addresses 53