CCNA ICND2 Cert Guide: Variable Length Subnet Masks

Date: Dec 19, 2011

This chapter introduces VLSM, including VLSM Concepts and Configuration, Finding VLSM Overlaps, Adding New Subnets to an Existing VLSM Design, and Designing a Subnetting Plan Using VLSM.

VLSM Concepts and Configuration: This section explains the issues and solutions when designing an internetwork that uses VLSM.

Finding VLSM Overlaps: This section is the first of three that focus on applying VLSM concepts in a particular way. In this case, it focuses on analyzing a deployed internetwork to find cases in which the subnets’ address ranges overlap, which causes IP routing problems.

Adding New Subnets to an Existing VLSM Design: This section examines how to choose new subnets, based on an existing design plus the requirements for the new subnets. This section emphasizes how to avoid mistakenly choosing subnets that overlap.

Designing a Subnetting Plan Using VLSM: This section discusses cases in which you start with no design at all, but instead with a set of requirements and an IP network. Your job: choose a number of masks, the number of subnets that use each mask, and the specific subnet IDs to use with each mask.

Most of the IP addresses and subnetting content sits inside the ICND1 part of the CCNA puzzle. This chapter explores the one pure addressing topic in the ICND2 part of the mix: variable length subnet masks (VLSM).

VLSM builds on the subnetting concepts in ICND1. If you have a good handle on those details, great! If you are still a little unsure, it may be a good time to review and practice subnetting. For instance, to do some of the exercises in this chapter, you need to remember how and why you would pick a particular mask, given the need for a subnet to support some number of host IP addresses. You also need to be able to find all the subnet IDs of a single classful network when using a single mask. Using both sets of skills, this chapter expands on those concepts when using multiple masks. Look at this chapter as an opportunity to learn VLSM, as well as to review and strengthen your subnetting skills.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz allows you to assess whether you should read the entire chapter. If you miss no more than one of these six self-assessment questions, you might want to move ahead to the section, “Exam Preparation Tasks.” Table 5-1 lists the major headings in this chapter and the “Do I Know This Already?” quiz questions covering the material in those headings so that you can assess your knowledge of these specific areas. The answers to the “Do I Know This Already?” quiz appear in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes.”

Table 5-1. “Do I Know This Already?” Foundation Topics Section-to-Question Mapping

Foundations Topics Section	Questions
VLSM Concepts and Configuration	1, 2
Finding VLSM Overlaps	3, 4
Adding a New Subnet to an Existing VLSM Design	5
Designing a Subnetting Plan Using VLSM	6

Which of the following routing protocols support VLSM?
1. RIP-1
2. RIP-2
3. EIGRP
4. OSPF
What does the acronym VLSM stand for?
1. Variable length subnet mask
2. Very long subnet mask
3. Vociferous longitudinal subnet mask
4. Vector-length subnet mask
5. Vector loop subnet mask
R1 has configured interface Fa0/0 with the ip address 10.5.48.1 255.255.240.0 command. Which of the following subnets, when configured on another interface on R1, would not be considered an overlapping VLSM subnet?
1. 10.5.0.0 255.255.240.0
2. 10.4.0.0 255.254.0.0
3. 10.5.32.0 255.255.224.0
4. 10.5.0.0 255.255.128.0
R4 has a connected route for 172.16.8.0/22. Which of the following answers lists a subnet that overlaps with this subnet?
1. 172.16.0.0/21
2. 172.16.6.0/23
3. 172.16.16.0/20
4. 172.16.11.0/25
A design already includes subnets 192.168.1.0/26, 192.168.1.128/30, and 192.168.1.160/29. Which of the following subnets is the numerically lowest subnet ID that could be added to the design, if you wanted to add a subnet that uses a /28 mask?
1. 192.168.1.144/28
2. 192.168.1.112/28
3. 192.168.1.64/28
4. 192.168.1.80/28
5. 192.168.1.96/28
An engineer is following a VLSM design process of allocating the largest subnets first, as the numerically lowest subnets, and then subdividing the next subnet into smaller pieces for the next smaller size of subnet. In this case, the engineer has reserved the first three /20 subnets of 172.16.0.0 to be used in an internetwork: 172.16.0.0/20, 172.16.16.0/20, and 172.16.32.0/20. The next smaller size subnets to be allocated will be subnets with mask /25; this design requires 10 such subnets. Assuming the engineer continues to allocate subnets in sequence, which answers lists the tenth of these /25 subnets?
1. 172.16.48.0/25
2. 172.16.64.0/25
3. 172.16.52.128/25
4. 172.16.68.128/25

Foundation Topics

VLSM Concepts and Configuration

VLSM occurs when an internetwork uses more than one mask for different subnets of a single Class A, B, or C network. Figure 5-1 shows an example of VLSM used in Class A network 10.0.0.0.

Figure 5-1 VLSM in Network 10.0.0.0: Masks /24 and /30

Figure 5-1 shows a typical choice of using a /30 prefix (mask 255.255.255.252) on point-to-point serial links, with mask /24 (255.255.255.0) on the LAN subnets. All subnets are of Class A network 10.0.0.0, with two masks being used, therefore meeting the definition of VLSM.

Oddly enough, a common mistake occurs when people think that VLSM means “using more than one mask in some internetwork,” rather than “using more than one mask in a single classful network.” For example, if in one internetwork diagram, all subnets of network 10.0.0.0 use a 255.255.240.0 mask, and all subnets of network 11.0.0.0 use a 255.255.255.0 mask, the design uses two different masks. However, Class A network 10.0.0.0 uses only one mask, and Class A network 11.0.0.0 uses only one mask. In that case, the design does not use VLSM.

VLSM provides many benefits for real networks, mainly related to how you allocate and use your IP address space. Because a mask defines the size of the subnet (the number of host addresses in the subnet), VLSM allows engineers to better match the need for addresses with the size of the subnet. For example, for subnets that need fewer addresses, the engineer uses a mask with fewer host bits, so the subnet has fewer host IP addresses. This flexibility reduces the number of wasted IP addresses in each subnet. By wasting fewer addresses, more space remains to allocate more subnets.

VLSM can be helpful for both public and private IP addresses, but the benefits are more dramatic with public networks. With public networks, the address savings help engineers avoid having to obtain another registered IP network number from regional IP address assignment authorities. With private networks, as defined in RFC 1918, running out of addresses is not as big a negative, because you can always grab another private network from RFC 1918 if you run out.

Classless and Classful Routing Protocols

Before you can deploy a VLSM design created on paper, you must first use a routing protocol that supports VLSM. To support VLSM, the routing protocol must advertise the mask along with each subnet. Without mask information, the router receiving the update would be confused.

For instance, if a router learned a route for 10.1.8.0, but with no mask information, what does that mean? Is that subnet 10.1.8.0/24? 10.1.8.0/23? 10.1.8.0/30? The dotted-decimal number 10.1.8.0 happens to be a valid subnet number with a variety of masks, and because multiple masks may be used with VLSM, the router has no good way to make an educated guess. To effectively support VLSM, the routing protocol needs to advertise the correct mask along with each subnet, so the receiving router knows the exact subnet that is being advertised.

By definition, classless routing protocols advertise the mask with each advertised route, and classful routing protocols do not. The classless routing protocols, as noted in Table 5-2, are the newer, more advanced routing protocols. And not only do these more advanced classless routing protocols support VLSM, they also support manual route summarization, a feature discussed in Chapter 6, “Route Summarization.”

Table 5-2. Classless and Classful Interior IP Routing Protocols

Routing Protocol	Is It Classless?	Sends Mask in Updates	Supports VLSM	Supports Manual Route Summarization
RIP-1	No	No	No	No
IGRP	No	No	No	No
RIP-2	Yes	Yes	Yes	Yes
EIGRP	Yes	Yes	Yes	Yes
OSPF	Yes	Yes	Yes	Yes

Beyond VLSM itself, the routing protocols do not have to be configured to support VLSM or to be classless. There is no command to enable or disable the fact that classless routing protocols include the mask with each route. The only configuration choice you must make is to use a classless routing protocol, which among the IGPs discussed for CCNA, are RIP-2, EIGRP, and OSPF.

VLSM Configuration and Verification

Cisco routers do not configure VLSM, enable or disable it, or need any configuration to use it. From a configuration perspective, VLSM is simply a side effect of the ip address interface subcommand. Routers collectively configure VLSM by virtue of having IP addresses in the same classful network but with different masks.

For instance, Example 5-1 shows a simple example with two of the interfaces from router Yosemite from Figure 5-1. The example shows the IP address assignments on two interfaces, one with a /24 mask and one with a /30 mask, both with IP addresses in Class A network 10.0.0.0.

Example 5-28. Configuring Two Interfaces on Yosemite, Resulting in VLSM

Yosemite#configure terminal
Yosemite(config)#interface Fa0/0
Yosemite(config-if)#ip address 10.2.1.1 255.255.255.0
semite(config-if)#interface S0/1
Yosemite(config-if)#ip address 10.1.4.1 255.255.255.252

When a router detects VLSM being used in a network, IOS lists the mask per route in the output of the show ip route command, rather than simply listing the mask only in the header line for that network. Example 5-2 lists an example of the routing table on Albuquerque from Figure 5-1; Albuquerque uses two masks inside network 10.0.0.0, as noted in the highlighted line in the example.

Example 5-29. Albuquerque Routing Table with VLSM

Albuquerque#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set
 10.0.0.0/8 is variably subnetted, 11 subnets, 2 masks 
D   10.2.1.0/24[90/2172416] via 10.1.4.2, 00:00:34, Serial0/0
D   10.2.2.0/24 [90/2172416] via 10.1.4.2, 00:00:34, Serial0/0
D   10.2.3.0/24 [90/2172416] via 10.1.4.2, 00:00:34, Serial0/0
D   10.2.4.0/24 [90/2172416] via 10.1.4.2, 00:00:34, Serial0/0
D   10.3.4.0/24 [90/2172416] via 10.1.6.2, 00:00:56, Serial0/1
D   10.3.5.0/24 [90/2172416] via 10.1.6.2, 00:00:56, Serial0/1
D   10.3.6.0/24 [90/2172416] via 10.1.6.2, 00:00:56, Serial0/1
D   10.3.7.0/24 [90/2172416] via 10.1.6.2, 00:00:56, Serial0/1
C   10.1.1.0/24 is directly connected, Ethernet0/0
C   10.1.6.0/30is directly connected, Serial0/1
C   10.1.4.0/30 is directly connected, Serial0/0

So ends the discussion of VLSM as an end to itself. This chapter is devoted to VLSM, but it took a mere 3–4 pages to fully describe it. Why the whole VLSM chapter? Well, to work with VLSM, to find problems with it, to add subnets to an existing design, and to design using VLSM from scratch—in other words, to apply VLSM to real networks—takes skill and practice. To do these same tasks on the exam requires skill and practice. The rest of this chapter examines the skills to apply VLSM and provides some practice for these three key areas:

Finding VLSM overlaps
Adding new VLSM subnets without overlaps
Designing subnetting using VLSM

Finding VLSM Overlaps

Regardless of whether a design uses VLSM or not, the subnets used in any IP internetwork design should not overlap their address ranges. When subnets in different locations overlap their addresses, a router’s routing table entries overlap. As a result, hosts in different locations may be assigned the same IP address. Routers clearly cannot route packets correctly in these cases. In short, a design that uses overlapping subnets is considered to be an incorrect design and should not be used.

These address overlaps are easier to see when using SLSM than when using VLSM. With SLSM, overlapped subnets have identical subnet IDs, so to find overlaps, you just have to look at the subnet IDs. With VLSM, overlapped subnets may not have the same subnet ID. To find these overlaps, you have to look at the entire range of addresses in each subnet, from subnet ID to subnet broadcast address, and compare the range to the other subnets in the design.

An Example of Finding a VLSM Overlap

For example, imagine that a practice question for the CCNA exam shows Figure 5-2. It uses a single Class B network (172.16.0.0), with VLSM, because it uses three different masks: /23, /24, and /30.

Figure 5-2 VLSM Design with Possible Overlap

Now imagine that the exam question shows you the figure, and either directly or indirectly asks whether overlapping subnets exist. This type of question might simply tell you that some hosts cannot ping each other, or it might not even mention that the root cause could be that some of the subnets overlap. To answer such a question, you could follow this simple but possibly laborious process:

Step 1 Calculate the subnet ID and subnet broadcast address of each subnet, which gives you the range of addresses in that subnet.

Step 2 List the subnet IDs in numeric order (along with their subnet broadcast addresses).

Step 3 Scan the list top to bottom, comparing each pair of adjacent entries, to see if their range of addresses overlaps.

For example, Table 5-3 completes the first two steps based on Figure 5-2, listing the subnet IDs and subnet broadcast addresses, in numeric order based on the subnet IDs.

Table 5-3. Subnet IDs and Broadcast Addresses, in Numeric Order, from Figure 5-2

Subnet	Subnet Number	Broadcast Address
R1 LAN	172.16.2.0	172.16.3.255
R2 LAN	`172.16.4.0`	`172.16.5.255`
R3 LAN	`172.16.5.0`	`172.16.5.255`
R1-R2 serial	172.16.9.0	172.16.9.3
R1-R3 serial	172.16.9.4	172.16.9.7

Step 3 states the somewhat obvious step of comparing the address ranges to see whether any overlaps occur. You could just scan the list overall, but if you order the list, you can also methodically scan the list looking at each adjacent pair.

First, look closely just at the subnet number column in Table 5-2. Note that, in this case, none of the subnet numbers are identical, but two entries (highlighted) do overlap.

Next, look closely at the R2 LAN and R3 LAN subnets. All the addresses in the 172.16.5.0/24 subnet are also part of the 172.16.4.0/23 subnet. In this case, the design is invalid because of the overlap, and one of these two subnets would need to be changed.

As far as the three-step process works, note that if two adjacent entries in the list overlap, compare three entries at the next step. The two subnets already marked as overlapped may overlap with the next subnet in the list. For example, imagine a case where you had the following three subnets in a list that you were examining for VLSM overlaps:

10.1.0.0/16 (subnet ID 10.1.0.0, broadcast 10.1.255.255)
10.1.200.0/24 (subnet ID 10.1.200.0, broadcast 10.1.200.255)
10.1.250.0/24 (subnet ID 10.1.250.0, broadcast 10.1.250.255)

If you compare entries 1 and 2, clearly, an overlap occurs, because all the addresses in subnet 10.1.200.0/24 sit inside subnet 10.1.0.0/16. If you then compare only entries 2 and 3, those entries do not overlap. However, entries 1 and 3 do overlap. So what does this mean for the process? Any time you find an overlap, compare all of those overlapped subnets with the next line in the list of subnets until you find one that doesn’t overlap.

Practice Finding VLSM Overlaps

As typical of anything to with applying IP addressing and subnetting, practice helps. To that end, Table 5-4 lists three practice problems. Just start with the five IP addresses listed in a single column, and then follow the three-step process outlined in the previous section to find any VLSM overlaps. The answers can be found near the end of this chapter, in the section, “Answers to Earlier Practice Problems.”

Table 5-4. VLSM Overlap Practice Problems

Problem 1	Problem 2	Problem 3
10.1.34.9/22	172.16.126.151/22	192.168.1.253/30
10.1.29.101/23	172.16.122.57/27	192.168.1.113/28
10.1.23.254/22	192.168.1.113/30	192.168.1.245/29
10.1.17.1/21	172.16.122.1/30	192.168.1.125/30
10.1.1.1/20	172.16.128.151/20	192.168.1.122/30

Adding a New Subnet to an Existing VLSM Design

The task described in this section happens frequently in real networks: choosing new subnets to add to an existing design. In real life, you may use tools that help you choose a new subnet so that you do not cause an overlap. However, for both real life and for the CCNA exam, you need to be ready to do the mental process and math of choosing a subnet that both has the right number of host IP addresses and does not create an overlapped VLSM subnet condition. In other words, you need to pick a new subnet and not make a mistake!

For example, consider the internetwork in Figure 5-2, with classful network 172.16.0.0. An exam question might suggest that a new subnet, with a /23 prefix length, needs to be added to the design. The question might also say, “Pick the numerically lowest subnet number that can be used for the new subnet.” In other words, if both 172.16.4.0 and 172.16.6.0 would work, use 172.16.4.0.

So, you really have a couple of tasks: to find all the subnet IDs that could be used, rule out the ones that would cause an overlap, and then check to see if the question guides you to pick either the numerically lowest (or highest) subnet ID. This list outlines the specific steps:

Step 1 Pick the subnet mask (prefix length) for the new subnet, based on the design requirements (if not already listed as part of the question).

Step 2 Calculate all possible subnet numbers of the classful network using the mask from Step 1, along with the subnet broadcast addresses.

Step 3 Make a list of existing subnet IDs and matching subnet broadcast addresses.

Step 4 Rule out overlapping new subnets by comparing the lists from the previous two steps.

Step 5 Choose the new subnet ID from the remaining subnets identified at Step 4, paying attention to whether the question asks for the numerically lowest or numerically highest subnet ID.

An Example of Adding a New VLSM Subnet

For example, Figure 5-3 shows an existing internetwork that uses VLSM. In this case, you need to add a new subnet to support 300 hosts. Imagine that the question tells you to use the smallest subnet (least number of hosts) to meet that requirement. You use some math and logic you learned earlier in your study to choose mask /23, which gives you 9 host bits, for 2⁹ – 2 = 510 hosts in the subnet.

Figure 5-3 Internetwork to Which You Need to Add a /23 Subnet, Network 172.16.0.0

At this point, just follow the steps listed before Figure 5-3. For Step 1, you have already been given the mask (/23). For Step 2, you need to list all the subnet numbers and broadcast addresses of 172.16.0.0 assuming the /23 mask. You will not use all these subnets, but you need the list for comparison to the existing subnets. Table 5-5 shows the results, at least for the first five possible /23 subnets.

Table 5-5. First Five Possible /23 Subnets

Subnet	Subnet Number	Subnet Broadcast Address
First (zero)	172.16.0.0	172.16.1.255
Second	`172.16.2.0`	`172.16.3.255`
Third	`172.16.4.0`	`172.16.5.255`
Fourth	172.16.6.0	172.16.7.255
Fifth	`172.16.8.0`	`172.16.7.255`

Next, at Step 3, list the existing subnet numbers and broadcast addresses, as seen earlier in Figure 5-3. To do so, do the usual math to take an IP address/mask to then find the subnet ID and subnet broadcast address. Table 5-6 summarizes that information, including the locations, subnet numbers, and subnet broadcast addresses.

Table 5-6. Existing Subnet IDs and Broadcast Addresses from Figure 5-3

Subnet	Subnet Number	Subnet Broadcast Address
R1 LAN	172.16.2.0	172.16.3.255
R2 LAN	172.16.4.0	172.16.5.255
R3 LAN	172.16.6.0	172.16.6.255
R1-R2 serial	172.16.9.0	172.16.9.3
R1-R3 serial	172.16.9.4	172.16.9.7

At this point, you have all the information you need to look for the overlap at Step 4. Simply compare the range of numbers for the subnets in the previous two tables. Which of the possible new /23 subnets (Table 5-5) overlap with the existing subnets (Table 5-6)? In this case, the second, third, and fifth subnets in Table 5-5 overlap, so rule those out as candidates to be used. (Table 5-5 denotes those subnets with gray highlights.)

Step 5 has more to do with the exam than with real network design, but it is still worth listing as a separate step. Multiple-choice questions sometimes need to force you into a single answer, and asking for the numerically lowest or highest subnet does that. This particular example asks for the numerically lowest subnet number, which in this case is 172.16.0.0/23.

Practice Adding New VLSM Subnets

The practice problems in this section all begin with an existing design that uses the following subnets:

10.0.0.0/24

10.0.1.0/25

10.0.2.0/26

10.0.3.0/27

10.0.6.0/28

Treat each of the following five problems as an independent problem. That is, after you choose a subnet for Problem 1, ignore that subnet when solving Problem 2. For each problem: choose the numerically lowest subnet numbers for a new subnet in network 10.0.0.0 that does not cause an overlap when using the following masks:

You can find the answers in the section, “Answers to Practice Problems.”

Designing a Subnetting Plan Using VLSM

CCENT/CCNA ICND1 Official Cert Guide explains several important subnetting design concepts and tasks, but they all assume a single subnet mask is used in each classful network. To perform the similar but more involved design work when using VLSM, you need to apply those same skills in new ways.

For instance, you should understand by now how to design or choose a subnet mask so that a subnet supports a stated number of host IP addresses. You should also know how to list all the subnets of a classful network, assuming one specific mask is used throughout that classful network.

This section discusses how to apply those same concepts when you allow the use of multiple masks.

For example, when assuming SLSM in the ICND1 book, a problem might use Class B network 172.16.0.0, and the design might call for ten subnets, with the largest subnet containing 200 hosts. Mask 255.255.255.0 meets the requirements for that largest subnet, with 8 subnet bits and 8 host bits, supporting 256 subnets and 254 hosts per subnet. (Other masks also meet that requirement.) If using that one mask throughout the network, the subnet numbers would be 172.16.0.0, 172.16.1.0, 172.16.2.0, and so on, counting by one in the third octet.

To create a subnet plan with VLSM, you have to rethink the choice of subnet masks and the choice of allowed subnets. Additionally, you always have to avoid choosing subnets that overlap. This section walks through the VLSM subnet design process, beginning with mask design, and moving on to choosing subnets to use for a particular topology.

Choosing VLSM Masks

With SLSM design, you typically choose the one mask based on the needs of the largest subnet—in other words, the subnet that requires the largest number of host IP addresses. With VLSM design, you can instead choose to use many different masks. You could literally use every mask from /8 through /30 inside a single classful network.

Although using a dozen masks might let you save lots of addresses, it would also create extra complexity. So, the VLSM design choice for how many masks to use, and which ones, requires some compromise and tradeoffs between saving addresses while keeping things simple. Many companies settle on somewhere between two and four different masks as a compromise.

To choose the masks in real life, you need to look at the requirements for each subnet in the design. How many host IP addresses do you need in each case? How much growth do you expect? How many subnets do you need of each size?

In the more theoretical world of exam preparation, you can typically expect a cleaner view of the world, which makes the discussion in this book more objective. For instance, consider Figure 5-4, which lists requirements for two ultra-large data center subnets on the left, several branch office LAN subnets on the right, and a number of typical serial links.

Figure 5-4 Requirements that Feed into a VLSM Design

Figure 5-4 shows requirements for the number of host IP addresses; all you have to do then is pick a mask to meet the requirements for each size subnet as a separate problem, and note the number of subnets you need to create for each size. For the exam, the question might give some guidance that leads you to a single answer, like asking you to choose a mask that meets the goal and uses the lest least host bits. With Figure 5-4, using the least host bits, you would choose these three masks:

/18: 14 host bits, 2¹⁴ – 2 = 16,382 hosts/subnet

/24: 8 host bits, 2⁸ – 2 = 254 hosts/subnet

/30: 2 host bits, 2² – 2 = 2 hosts/subnet

In summary, to choose the masks to use in VLSM, analyze the requirements. Find subnets with requirements for similar numbers of hosts, like the three sizes of subnets in Figure 5-4. The, choose a small number of masks to use for those different sizes of subnets, as summarized in the list for this particular example.

Assigning the Largest Subnet IDs First

VLSM subnet assignment first occurs on paper, when the network engineer looks at a list of subnet IDs and chooses which subnet ID to use for which need in the network topology. For example, Figure 5-4 shows the need for two subnets with a /18 mask, three subnets with a /24 mask, and three subnets with a /30 mask. What specific subnets did the engineer choose? Which subnets could the engineer have chosen? This section explores how to answer these questions and how to go about choosing subnets.

When assigning subnets, follow this strategy: Choose the largest subnets first.

To show you why, we continue the example based in part on Figure 5-4. In that company, the LAN team will assign the subnets for the /18 and /24 subnets, and the WAN team will assign all the /30 subnets. The WAN team has already deployed some WAN links, and they have the political power and are unwilling to change. The WAN team has already used subnets 172.16.50.0/30, 172.16.100.0/30, 172.16.150.0/30, and 172.16.200.0/30.

Although the four WAN subnets have consumed a mere 16 addresses, unfortunately, those subnets have already busted the VLSM design. The four small subnet assignments have created an overlap with all four possible /18 subnets of network 172.16.0.0. Figure 5-5 shows the idea, with the four possible /18 subnets at the top and the overlapping WAN subnets at the bottom.

Figure 5-5 Overlaps Caused by Unfortunate Assignments of Smaller Subnets

When using mask /18, with Class B network 172.16.0.0, only four possible subnets exist: 172.16.0.0, 172.16.64.0, 172.16.128.0, and 172.16.192.0. The four small /30 WAN subnets each overlap with one of these four, as shown in Figure 5-5. How can you avoid making such mistakes? Either assign the smaller subnets from a much tighter range or assign the larger subnet IDs first, as suggested in this chapter. In this case, the LAN team could have allocated the first two /18 subnets first, and made the WAN team avoid using IP addresses from the first half of class B network 172.16.0.0.

Admittedly, the WAN team could not have been any more shortsighted in this contrived example. Regardless, it shows how a small subnet assignment can prevent you from having a larger subnet available. You should always strive to keep large holes open in your address space in anticipation of assigning large subnets in the future.

An Example of VLSM Subnet Design

Other than a general strategy to assign the larger subnets first, what specific steps should you take? Rather than start with a formal process, this section shows an example. In short, the process finds and allocates the largest subnets. Then it takes one of those unused subnets and further subdivides it—sub-subnets it if you prefer—to make the next smaller size of subnets.

This example uses the following requirements; they are the same requirements shown earlier in Figure 5-4.

2 subnets with mask /18

3 subnets with /24

3 subnets with /30

To begin, calculate all possible subnets of network 172.16.0.0 using a /18 mask (the largest subnets). Then, pick two subnets, because the requirements say that you need two. Figure 5-6 shows a representation of these four subnets and the fact that two are allocated for use.

Figure 5-6 Four /18 Subnets Listed, with Two Allocated for Use

The allocation of the first two of these large subnets removes a large set of IP addresses from the pool. When choosing subnets for the next smaller size subnet, you have to avoid the range of addresses in these subnets. In this case, these two subnets consume half the Class B network: addresses 172.16.0.0 – 172.16.127.255. The numerically lowest subnet ID that could possibly be used for the next to-be-allocated subnet, and not overlap, is 172.16.128.0.

For the next step, you take one of the currently free subnets from the list of large subnets and further subdivide it (or “sub-subnet it”) to create the smaller sized subnet. For instance, in this case, the next large subnet ID in sequence is 172.16.128.0/18. You take this range of addresses, and you find all subnets in this range using the next smaller subnet size, which in this example are the subnets that use the /24 mask. You can find all subnets of Class B network 172.16.0.0 using the /24 mask, but you really only have to start at 172.16.128.0. Figure 5-7 shows the idea of what subnets exist in this range, using /24 masks.

Figure 5-7 Subdividing 172.16.128.0/18 into 64 Subnets Using /24 Mask

Figure 5-7 shows a representation of the fact that the subnets 172.16.128.0/24, 172.16.129.0/24, 172.16.130.0/24, and so on, through 172.16.191.0/24, all fit inside the range of addresses of the subdivided larger 172.16.128.0/18 subnet. Although the figure does not show all 64 of these /24 subnets because of space constraints, it shows enough to see the pattern.

To summarize what actions we took so far in choosing and assigning subnets on paper in this example, we

Calculated the four possible subnets of Class B network 172.16.0.0 using mask /18
Allocated the first two subnets for use in the internetwork
Marked the third of four /18 subnets (172.16.128.0/18) to be sub-subnetted into smaller subnets
Listed all subnets using mask /24 that could exist inside 172.16.128.0/18

To continue the exercise, the requirements asked for three /24 subnets, so you need to pick three subnets from the list in Figure 5-7. Using the first three makes sense: 172.16.128.0/24, 172.16.129.0/24, and 172.16.130.0/24.

The process continues until you go through every different mask. In this example, only one other mask was chosen (/30). To proceed, pick one of the currently free /24 subnets, mark it as one to be sub-subnetted, and proceed to subnet it into /30 subnets. Figure 5-8 updates the idea, showing the three allocated /24 subnets, and the next /24 subnet in sequence (172.16.131.0/24) marked as the one to subnet further to create the /30 subnets.

Figure 5-8 The Three Allocated /24 Subnets and the Next Subnet to Divide Further

The process continues with the same logic as before, subnetting the address range implied by 172.16.131.0/24 using a /30 mask. That is, finding these possible /30 subnets within this range:

172.16.131.0/30
172.16.131.4/30
172.16.131.8/30
172.16.131.12/30

And so on, up through 172.16.131.252/30

If you again pick the first three subnets (you pick three because the requirements stated that you needed three subnets with a /30 mask), you would mark the first three in this list as allocated or used. At this point, the process is complete, other than picking exactly where to use each subnet.

Summary of the Formal VLSM Subnet Design Process

The process seems long because it takes time to work through each step. However, you essentially repeat the same process you would use to find and allocate subnets when using a single mask, just repeating the process for each successively longer mask (in other words, from the largest subnets to smallest subnets). For completeness, the following list summarizes the steps:

Step 1 Analyze the requirements for the number of hosts and subnets, choose the masks to use, and list the number of subnets needed using each mask.

Step 2 For the shortest prefix mask (largest subnets):

Calculate, on paper, all possible subnets, using that one mask.
Mark some subnets as allocated for use, per the requirements from step 1.
Pick an unallocated subnet to be further subdivided by the next step (step 3).

Step 3 Repeat Step 2 for each mask, moving to the next longer mask (next smaller sized subnet) each time.

Practice Designing VLSM Subnets

The biggest hurdle in designing with VLSM subnets is to get through the process of finding all the subnets using each mask, particularly after the first step, when you really only care about a more limited range of subnet numbers. The following practice problems help with that process.

Table 5-7 lists the problems. To answer these problems, choose subnet IDs, lowest to highest, first allocating subnets for the largest subnets, then for the next largest subnets, and so on. Always choose the numerically lowest subnet IDs if you want your answer to match what is listed at the end of this chapter.

Table 5-7. VLSM Subnet Design Practice Problems

Problem	Classful Network	First Requirement	Second Requirement	Third Requirement
1	172.20.0.0	3 subnets, /22	3 subnets, /25	3 subnets, /30
2	192.168.1.0	3 subnets, /27	3 subnets, /28	3 subnets, /30

Exam Preparation Tasks

Review All the Key Topics

Review the most important topics from this chapter, noted with the Key Topics icon in the outer margin of the page. Table 5-8 lists a reference of these key topics and the page numbers on which each is found.

Table 5-8. Key Topics for Chapter 5

Key Topic Element	Description	Page Number
Table 5-2	Classless and classful routing protocols listed and compared	203
List	Steps to analyze an existing design to discover any VLSM overlaps	206
List	Steps to follow when adding a new subnet to an existing VLSM design	209
Paragraph	Statement of the main VLSM subnet assignment strategy or assigning the largest subnets first	214
List	Steps to follow to design a subnet plan using VLSM	218

Complete the Tables and Lists from Memory

Print a copy of Appendix J, “Memory Tables,” (found on the DVD) or at least the section for this chapter, and complete the tables and lists from memory. Appendix K, “Memory Tables Answer Key,” also on the DVD, includes completed tables and lists to check your work.

Definitions of Key Terms

Define the following key terms from this chapter and check your answers in the Glossary:

classful routing protocol, classless routing protocol, overlapping subnets, variable length subnet masks (VLSM)

Read Appendix G Scenarios

Appendix G, “Additional Scenarios,” contains five detailed scenarios that both give you a chance to analyze different designs, problems, and command output and show you how concepts from several different chapters interrelate. Appendix G Scenario 1, Part A, and all of Scenario 5 provide an opportunity to practice and develop skills with VLSM.

Appendix D Practice Problems

Appendix D, “Practice for Chapter 5: Variable Length Subnet Masks,” lists additional practice problems and answers. You can find this appendix on the DVD as a printable PDF.

Answers to Earlier Practice Problems

Answers to Practice Finding VLSM Overlaps

This section lists the answers to the five practice problems in the section, “Practice Finding VLSM Overlaps,” as listed earlier in Table 5-4. Note that the tables that list details of the answer reordered the subnets as part of the process.

In Problem 1, the second and third subnet IDs listed in Table 5-9 happen to overlap. The second subnet’s range completely includes the range of addresses in the third subnet.

Table 5-9. VLSM Overlap Problem 1 Answers (Overlaps Highlighted)

Reference	Original Address and Mask	Subnet ID	Broadcast Address
1	10.1.1.1/20	10.1.0.0	10.1.15.255
2	10.1.17.1/21	`10.1.16.0`	`10.1.23.255`
3	10.1.23.254/22	`10.1.20.0`	`10.1.23.255`
4	10.1.29.101/23	10.1.28.0	10.1.29.255
5	10.1.34.9/22	10.1.32.0	10.1.35.255

In Problem 2, again, the second and third subnet IDs (listed in Table 5-10) happen to overlap, and again, the second subnet’s range completely includes the range of addresses in the third subnet. Also, the second and third subnet IDs are the same value, so the overlap is more obvious.

Table 5-10. VLSM Overlap Problem 2 Answers (Overlaps Highlighted)

Reference	Original Address and Mask	Subnet ID	Broadcast Address
1	172.16.122.1/30	172.16.122.0	172.16.122.3
2	172.16.122.57/27	`172.16.122.32`	`172.16.122.63`
3	172.16.122.33/30	`172.16.122.32`	`172.16.122.35`
4	172.16.126.151/22	172.16.124.0	172.16.127.255
5	172.16.128.151/20	172.16.128.0	172.16.143.255

In Problem 3, three subnets overlap. Subnet 1’s range completely includes the range of addresses in the second and third subnets. Note that the second and third subnets do not overlap with each other, so for the process in this book to find all the overlaps, after you find that the first two subnets overlap, you should compare the next entry in the table (3) with both of the two known-to-overlap entries (1 and 2).

Table 5-11. VLSM Overlap Problem 3 Answers (Overlaps Highlighted)

Reference	Original Address and Mask	Subnet ID	Broadcast Address
1	192.168.1.113/28	`192.168.1.112`	`192.168.1.127`
2	192.168.1.122/30	`192.168.1.120`	`192.168.1.123`
3	192.168.1.125/30	`192.168.1.124`	`192.168.1.127`
4	192.168.1.245/29	192.168.1.240	192.168.1.247
5	192.168.1.253/30	192.168.1.252	192.168.1.255

Answers to Practice Adding VLSM Subnets

This section lists the answers to the five practice problems in the section, “Practice Adding VLSM Subnets.”

All five problems for this section used the same set of five pre-existing subnets. Table 5-12 lists those subnet IDs and subnet broadcast addresses, which define the lower and higher ends of the range of numbers in each subnet.

Table 5-12. Pre-Existing Subnets for the Add a VLSM Subnet Problems in This Chapter

Subnet	Subnet Number	Broadcast Address
1	10.0.0.0/24	10.0.0.255
2	10.0.1.0/25	10.0.1.127
3	10.0.2.0/26	10.0.2.63
4	10.0.3.0/27	10.0.3.31
5	10.0.6.0/28	10.0.6.15

The rest of the explanations follow the five-step process outlined earlier in the section, “Finding VLSM Subnets,” except that the explanations ignore Step 3 because Step 3’s results in each case are already listed in Table 5-12.

Problem 1

Step 1 The problem statement tells us to use /24.

Step 2 The subnets would be 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, 10.0.4.0, 10.0.5.0, and so on, counting by 1 in the third octet.

Step 3 The first four new possible subnets (10.0.0.0/24, 10.0.1.0/24, 10.0.2.0/24, and 10.0.3.0/24) all overlap with the existing subnets (see Table 5-12). 10.0.6.0/24 also overlaps.

Step 4 10.0.4.0/24 is the numerically lowest new subnet number that does not overlap with the existing subnets.

Problem 2

Step 1 The problem statement tells us to use /23.

Step 2 The subnets would be 10.0.0.0, 10.0.2.0, 10.0.4.0, 10.0.6.0, 10.0.8.0, and so on, counting by 2 in the third octet.

Step 3 Three of the first four new possible subnets (10.0.0.0/23, 10.0.2.0/23, and 10.0.6.0/23) all overlap with existing subnets.

Step 4 10.0.4.0/23 is the numerically lowest new subnet number that does not overlap with the existing subnets.

Problem 3

Step 1 The problem statement tells us to use /22.

Step 2 The subnets would be 10.0.0.0, 10.0.4.0, 10.0.8.0, 10.0.12.0, and so on, counting by 4 in the third octet.

Step 3 The first two new possible subnets (10.0.0.0/22, 10.0.4.0/22) overlap with existing subnets.

Step 4 10.0.8.0/22 is the numerically lowest new subnet number that does not overlap with the existing subnets.

Problem 4

The answer for this problem requires more detail than others, because the /25 mask creates a larger number of subnets that might overlap with the pre-existing subnets. For this problem, at Step 1, you already know to use mask /25. Table 5-13 shows the results of Step 2, listing the first 14 subnets of network 10.0.0.0 when using mask /25. For Step 4, Table 5-13 highlights the overlapped subnets. To complete the task at Step 5, search the table sequentially and find the first non-grayed subnet, 10.0.1.128/25.

Table 5-13. First 14 Subnets of Network 10.0.0.0, Using /25 Mask

Reference	Subnet Number	Broadcast Address
1	`10.0.0.0`	`10.0.0.127`
2	`10.0.0.128`	`10.0.0.255`
3	`10.0.1.0`	`10.0.1.127`
4	10.0.1.128	10.0.1.255
5	`10.0.2.0`	`10.0.2.127`
6	10.0.2.128	10.0.2.255
7	`10.0.3.0`	`10.0.3.127`
8	10.0.3.128	10.0.3.255
9	10.0.4.0	10.0.4.127
10	10.0.4.128	10.0.4.255
11	10.0.5.0	10.0.5.127
12	10.0.5.128	10.0.5.255
13	`10.0.6.0`	`10.0.6.127`
14	10.0.6.128	10.0.6.255

Problem 5

Like Problem 4, the answer for Problem 5 requires more detail, because the /26 mask creates a larger number of subnets that might overlap with the pre-existing subnets. For this problem, at Step 1, you already know to use mask /26. Table 5-14 shows the results of Step 2, listing the first 12 subnets of network 10.0.0.0 when using mask /26. For Step 4, Table 5-14 highlights the overlapped subnets. To complete the task at Step 5, search the table sequentially and find the first non-grayed subnet, 10.0.1.128/26.

Table 5-14. First 12 Subnets of Network 10.0.0.0, Using /26 Mask

Reference	Subnet Number	Broadcast Address
1	`10.0.0.0`	`10.0.0.63`
2	`10.0.0.64`	`10.0.0.127`
3	`10.0.0.128`	`10.0.0.191`
4	`10.0.0.192`	`10.0.0.255`
5	`10.0.1.0`	`10.0.1.63`
6	`10.0.1.64`	`10.0.1.127`
7	10.0.1.128	10.0.1.191
8	10.0.1.192	10.0.1.255
9	`10.0.2.0`	`10.0.2.63`
10	10.0.2.64	10.0.2.127
11	10.0.2.128	10.0.2.191
12	10.0.2.192	10.0.2.255

Answers to Practice Designing VLSM Subnets

This section lists the answers to the two practice problems in the section, “Practice Designing VLSM Subnets.”

Answers for VLSM Subnet Design, Problem 1

For Problem 1, subnetting network 172.20.0.0 with mask /22 means that the subnets will all be multiples of 4 in the third octet: 172.20.0.0, 172.20.4.0, 172.20.8.0, and so on, through 172.20.252.0. Following the rule to choose the numerically lowest subnet IDs, you would allocate or use 172.20.0.0/22, 172.20.4.0/22, and 172.20.8.0/22. You would also then mark the next subnet, 172.20.12.0/22, to be sub-subnetted.

For the next mask, /25, all the subnet IDs will be either 0 or 128 in the last octet, and increments of 1 in the third octet. Starting at 172.20.12.0 per the previous paragraph, the first four such subnets are 172.20.12.0/25, 172.20.12.128/25, 172.20.13.0/25, and 172.20.13.128/25. Of these, you need to use three, so mark the first three as used. The fourth will be sub-subnetted at the next step.

For the third and final mask, /30, all the subnet IDs will increment by 4 in the fourth octet. Starting with the subnet ID that will be sub-subnetted (172.20.13.128), the next /30 subnet IDs are 172.20.13.128, 172.20.13.132, 172.20.13.136, 172.20.13.140, and so on. The first three in this list will be the three used per the requirements and rules for Problem 1.

Answers for VLSM Subnet Design, Problem 2

For Problem 1, subnetting network 192.168.1.0 with mask /27 means that the subnets will all be multiples of 32 in the fourth octet: 192.168.1.0, 192.168.1.32, 192.168.1.64, 192.168.1.96, and so on, through 192.168.1.224. Following the rule to choose the numerically lowest subnet IDs, you would allocate or use 192.168.1.0/27, 192.168.1.32/27, and 192.168.1.64/27. You would also then mark the next subnet, 192.168.1.96/27, to be sub-subnetted.

For the next mask, /28, all the subnet IDs will be multiples of 16 in the last octet. Starting at 192.168.1.96 per the previous paragraph, the first four such subnets are 192.168.1.96, 192.168.1.112, 192.168.1.128, and 192.168.1.144. Of these, you need to use three, so mark the first three as used. The fourth will be sub-subnetted at the next step.

For the third and final mask, /30, all the subnet IDs will increment by 4 in the fourth octet. Starting with the subnet ID that will be sub-subnetted (192.168.1.144), the next /30 subnet IDs are 192.168.1.144, 192.168.1.148, 192.168.1.152, 192.168.1.156, and so on. The first three in this list will be the three used per the requirements and rules for Problem 1.