VLSM and Supernetting: Advanced Subnetting Techniques

If you have completed our beginner’s guide to subnetting, you can carve a network into equal-sized pieces with CIDR notation. That skill is essential, but it has a limitation. Real networks are never uniform. A server room with 200 hosts and a WAN link with 2 hosts should not get the same size subnet.

This is where VLSM and supernetting come in. VLSM uses different prefix lengths within one address space, allocating exactly what each department or link needs. Supernetting works the opposite direction, combining smaller networks into a single summarized route. Together they form the foundation of efficient IP management and scalable routing. Both operate at Layer 3 of the OSI model, where addressing and routing decisions live.

This article walks through both concepts with complete worked examples. You can apply them in network design, certification exams, or production environments.

Quick Review: Fixed-Length Subnetting (FLSM)

Fixed-length subnet masking gives every subnet the same prefix length. Splitting a /24 into four /26 networks yields four equal blocks of 62 usable hosts each. It is simple but wasteful, because every subnet must be sized for the largest requirement.

In FLSM, every subnet uses the same prefix length. Splitting 192.168.1.0/24 into four subnets gives four /26 networks, each with 62 usable host addresses:

FLSM is simple, but the problem is obvious. If one department needs 100 hosts, a /26 with 62 usable is too small. You would need a /25. Then the other three departments each get a /25 too, and the /24 runs out. FLSM forces you to size every subnet for your largest requirement, wasting addresses everywhere else.

What Is VLSM?

VLSM stands for Variable Length Subnet Mask. It assigns a different subnet mask to each subnet based on actual host requirements, all carved from one parent network. Allocate the largest subnets first, then fill smaller ones from the remaining address space.

Instead of one uniform prefix length, VLSM matches each subnet’s mask to what it actually needs. A large department gets a /25 while a point-to-point link gets a /30, all from the same parent network.

The key principle: allocate the largest subnets first, then fill in smaller subnets from the remaining space. This avoids overlapping allocations and maximizes efficiency. VLSM is how every modern enterprise network is designed. It is also a core topic on the CompTIA Network+ (N10-009) and CCNA (200-301) exams.

To use VLSM well, you need comfort with binary-to-decimal conversion and powers of two. If those feel rusty, review our subnetting beginner’s guide first.

VLSM Step by Step

Sort requirements from largest to smallest. For each subnet, find the smallest power of two that covers the hosts plus two reserved addresses. Convert host bits to a prefix, allocate the block, and start the next subnet right after the previous broadcast address.

Let’s work a complete VLSM example. This is the single most important section of the article, so follow along carefully.

Step 1: Sort by Size (Largest First)

Start with the subnet that needs the most hosts and work down. This prevents fragmentation and overlapping allocations.

1. Sales — 100 hosts
2. Engineering — 50 hosts
3. Management — 25 hosts
4. Point-to-point link — 2 hosts

Step 2: Allocate the Largest Subnet (Sales)

Sales needs 100 hosts. Find the smallest power of two covering 100 hosts plus the network and broadcast addresses:

2^7 = 128 addresses  (128 - 2 = 126 usable)  ✔
2^6 =  64 addresses  ( 64 - 2 =  62 usable)  ✘ too small

We need 7 host bits, which means 32 – 7 = /25. The first available address is the start of our /24:

Sales: 192.168.1.0/25
  Network:    192.168.1.0
  Usable:     192.168.1.1 – 192.168.1.126
  Broadcast:  192.168.1.127
  Hosts:      126 usable (100 needed)

The next available address after this block is 192.168.1.128.

Step 3: Allocate the Next Subnet (Engineering)

Engineering needs 50 hosts. The next power of two:

2^6 = 64 addresses  (64 - 2 = 62 usable)  ✔

That gives a /26 (32 – 6 = 26). Starting from 192.168.1.128:

Engineering: 192.168.1.128/26
  Network:    192.168.1.128
  Usable:     192.168.1.129 – 192.168.1.190
  Broadcast:  192.168.1.191
  Hosts:      62 usable (50 needed)

Next available address: 192.168.1.192.

Step 4: Allocate Management

Management needs 25 hosts:

2^5 = 32 addresses  (32 - 2 = 30 usable)  ✔

A /27 (32 – 5 = 27). Starting from 192.168.1.192:

Management: 192.168.1.192/27
  Network:    192.168.1.192
  Usable:     192.168.1.193 – 192.168.1.222
  Broadcast:  192.168.1.223
  Hosts:      30 usable (25 needed)

Next available address: 192.168.1.224.

Step 5: Allocate the Point-to-Point Link

A point-to-point link needs exactly 2 usable addresses, one per router interface. The standard practice is a /30:

2^2 = 4 addresses  (4 - 2 = 2 usable)  ✔

Point-to-point: 192.168.1.224/30
  Network:    192.168.1.224
  Usable:     192.168.1.225 – 192.168.1.226
  Broadcast:  192.168.1.227
  Hosts:      2 usable (2 needed)

Final VLSM Allocation Table

Total addresses used: 128 + 64 + 32 + 4 = 228 out of 256. The remaining 28 addresses, 192.168.1.228 through 192.168.1.255, stay available for future growth. Verify the results with our subnet calculator. Or expand any block to its full IP list with the CIDR to IP Range Converter.

VLSM vs FLSM: A Direct Comparison

For the same four departments, FLSM wastes 327 addresses and needs a /22 block. VLSM wastes only 43 addresses and fits everything inside a single /24. The efficiency gap widens as host requirements vary more between subnets.

What happens if we force the same four departments into FLSM? Sales needs 100 hosts, so every subnet must be at least a /25 with 126 usable. A /24 only holds two /25 subnets. FLSM fails entirely for this scenario inside a single /24.

Use a larger block instead, say 192.168.0.0/22 (1,024 addresses) with FLSM /25 subnets. That yields eight subnets of 126 hosts each and fits all four departments. Now look at the waste:

FLSM wastes 327 addresses. VLSM wastes only 43. More importantly, VLSM fits everything in one /24 while FLSM demands a /22. In environments where IPv4 addresses are scarce, that difference matters enormously. When designing internal networks from private IP address ranges (10.x.x.x, 172.16.x.x, 192.168.x.x), VLSM keeps allocations efficient across every department.

What Is Supernetting?

Supernetting combines multiple contiguous networks into one larger block with a shorter prefix. It is also called route aggregation or route summarization. Routers advertise a single summary route instead of many specific routes, shrinking routing tables and speeding lookups.

Supernetting is the conceptual opposite of subnetting. Instead of dividing a network into smaller pieces, you combine contiguous networks into one larger block. The technique also goes by route aggregation, route summarization, or simply CIDR aggregation.

The purpose is routing table reduction. Suppose a router knows four separate /24 routes that are contiguous and share the same next hop. It can advertise a single /22 summary instead. Fewer routes mean faster lookups, lower memory usage, and more stable routing.

Supernetting Example

Four contiguous /24 networks starting at 192.168.0.0 share their first 22 bits. They summarize into 192.168.0.0/22, covering 1,024 addresses. Convert the changing octet to binary and count the matching leading bits to find any summary prefix.

Suppose an ISP has assigned your organization four contiguous /24 networks:

• 192.168.0.0/24
• 192.168.1.0/24
• 192.168.2.0/24
• 192.168.3.0/24

Can these become one supernet? Convert the third octet of each network to binary and look for the common prefix:

192.168.0.0   →  192.168.00000000.0
192.168.1.0   →  192.168.00000001.0
192.168.2.0   →  192.168.00000010.0
192.168.3.0   →  192.168.00000011.0
                      ^^^^^^^^^^^^^^^^
Common bits:          192.168.000000xx.x = first 22 bits match

The first 22 bits are identical across all four networks. They summarize as:

Supernet:  192.168.0.0/22
Mask:      255.255.252.0
Range:     192.168.0.0 – 192.168.3.255
Total:     1,024 addresses (4 × 256)

Instead of advertising four routes, the router advertises one. Use our IP to Binary Converter to verify the bit alignment yourself.

Why Supernetting Matters

The global IPv4 routing table now holds roughly one million routes. Without aggregation, it would be several times larger. Summarization keeps BGP tables manageable, lowers router memory and CPU use, and speeds convergence after topology changes.

Supernetting is not an academic exercise. It has critical real-world applications:

• BGP route aggregation: The global internet routing table holds roughly one million IPv4 routes as of 2026. Without summarization, that number would be several times higher, overwhelming router memory and CPU.
• ISP address allocation: ISPs receive large CIDR blocks from registries like ARIN or RIPE and allocate smaller blocks to customers. Supernetting lets them advertise one summarized route upstream.
• Internal routing efficiency: Large enterprise networks run hundreds of subnets. Summarization at area or distribution boundaries keeps OSPF and EIGRP tables manageable.
• Faster convergence: Fewer routes mean routing updates propagate faster when topology changes.

Supernetting and RPKI: A Modern Caveat

Route aggregation now intersects with routing security. Most large networks publish a Route Origin Authorization (ROA) through RPKI. An ROA cryptographically states which network may originate a given prefix.

As of 2026, more than half of all BGP prefixes are covered by ROAs. Here is the trap. Suppose you advertise a /22 aggregate. If your ROA only authorizes the four /24 sub-prefixes, validators can mark the aggregate Invalid. Many networks then drop it.

The fix is simple. Set the ROA maxLength to cover the aggregate, or register the summary prefix itself. Always confirm your ROAs match what you actually advertise. Aggregation and origin validation must agree.

When to Use VLSM vs Supernetting

VLSM divides networks downward for efficient internal allocation. Supernetting combines routes upward to shrink routing tables. VLSM is the network designer’s tool, while supernetting is the routing engineer’s tool. Most production networks rely on both every day.

Both techniques manipulate prefix lengths, but they solve different problems at different levels of network design:

Think of it this way. VLSM is an architect’s tool for designing a building’s floor plan, the internal layout. Supernetting is a city planner’s tool for grouping buildings into one postal zone, the external routing. Most network engineers use both daily.

Common Pitfalls

Five traps catch engineers. Non-contiguous blocks cannot be summarized. Overlapping VLSM allocations break routing. Classful protocols like RIPv1 cannot carry VLSM masks. Allocating every last address leaves no growth room. And invalid supernet boundaries fail on exams and routers alike.

Advanced subnetting introduces traps that catch even experienced engineers:

1. Non-Contiguous Blocks Cannot Be Superneted

You cannot summarize 192.168.0.0/24 and 192.168.5.0/24 into one route. The networks must sit adjacent in the address space with no gaps. If they are not contiguous, advertise them separately.

2. Overlapping VLSM Allocations

The most common VLSM mistake is overlap. Allocate 192.168.1.0/25 (addresses .0 through .127) and then start the next subnet at 192.168.1.64/26, and the two collide. Always start the next allocation at the first address after the previous subnet’s broadcast. Double-check boundaries with our subnet calculator. Or run each block through the CIDR to IP Range Converter to see start and end addresses side by side.

3. Routing Protocol Compatibility

Not every routing protocol carries subnet mask information in its updates. That matters. A router receiving a route for 192.168.1.0 needs to know whether it is a /25, /26, or /27.

• Supports VLSM: OSPF, EIGRP, IS-IS, BGP, RIPv2
• Does NOT support VLSM: RIPv1, IGRP (both classful and deprecated)

If your network runs RIPv1, every subnet must share one mask. This is one of many reasons classful routing protocols have been retired.

4. Forgetting Future Growth

When planning VLSM allocations, do not consume every last address. Leave gaps between subnets for expansion. Our worked example left 28 addresses unallocated. A production network should aim for 20-30% headroom in each subnet.

5. Incorrect Supernet Boundaries

A common exam mistake is supernetting networks that do not align to a valid boundary. 192.168.1.0/24 through 192.168.4.0/24 is four networks, but 192.168.1.0 is not a valid /22 boundary. The third octet must be divisible by 4. Valid /22 boundaries in the third octet are 0, 4, 8, 12, 16, and so on.

Related Tools & Resources

NetworkCheckr pairs this guide with free calculators. The Subnet Calculator validates each VLSM allocation. The CIDR to IP Range Converter shows block boundaries side by side. The IP to Binary Converter verifies summary prefixes, and the beginner’s guide covers the fundamentals.

• Subnet Calculator — validate every VLSM allocation before deployment.
• CIDR to IP Range Converter — expand blocks to check boundaries and overlaps.
• IP to Binary Converter — verify the bit math behind summary prefixes.
• Subnetting Beginner’s Guide — the fundamentals this article builds on.
• IP Address Formats Explained — decimal, binary, hex, and CIDR notation.
• Public vs Private IP Addresses — the RFC 1918 ranges used in these examples.
• All NetworkCheckr Tools — the complete collection of free utilities.

Frequently Asked Questions

Six questions cover the advanced ground here. VLSM versus FLSM, and which routing protocols support variable masks. What route summarization does. How IPv6 handles prefix lengths. Avoiding overlapping allocations. And whether supernetting and CIDR are the same thing.