VLSM and Supernetting: Beyond Basic Subnetting
Master variable length subnet masks and route aggregation to design efficient, real-world networks.
TL;DR
- VLSM (Variable Length Subnet Mask) lets you divide a network into subnets of different sizes, matching each subnet to actual host requirements.
- Fixed-length subnetting (FLSM) wastes addresses by forcing every subnet to be the same size.
- Supernetting (route aggregation) is the reverse: combining multiple contiguous networks into one larger block to shrink routing tables.
- VLSM works downward (splitting a network for internal design); supernetting works upward (combining routes for efficient routing).
- Both techniques rely on binary math and are fundamental to modern CIDR addressing.
Introduction
If you have completed our beginner’s guide to subnetting, you already know how to carve a network into equal-sized pieces using CIDR notation. That skill is essential, but it comes with a limitation: real networks are never perfectly uniform. A server room with 200 hosts and a point-to-point WAN link with 2 hosts should not receive the same size subnet.
This is where VLSM and supernetting come in. VLSM allows you to use different prefix lengths within a single address space, allocating exactly what each department or link needs. Supernetting works in the opposite direction, combining multiple smaller networks into a single summarized route. Together, these advanced subnetting techniques form the foundation of efficient IP address management and scalable routing. Both operate at Layer 3 (Network) of the OSI model, where IP addressing and routing decisions are made.
In this article, we will walk through both concepts with complete worked examples so you can apply them in network design, certification exams, or production environments.
Quick Review: Fixed-Length Subnetting (FLSM)
In fixed-length subnet masking (FLSM), every subnet uses the same prefix length. For example, splitting 192.168.1.0/24 into four subnets gives you four /26 networks, each with 62 usable host addresses:
| Subnet | Network Address | Usable Range | Broadcast | Usable Hosts |
|---|---|---|---|---|
| 1 | 192.168.1.0/26 |
.1 – .62 |
.63 |
62 |
| 2 | 192.168.1.64/26 |
.65 – .126 |
.127 |
62 |
| 3 | 192.168.1.128/26 |
.129 – .190 |
.191 |
62 |
| 4 | 192.168.1.192/26 |
.193 – .254 |
.255 |
62 |
FLSM is simple, but the problem is obvious: if one department needs 100 hosts, a /26 (62 usable) is too small. You would need a /25, but then the remaining three departments each get a /25 too, and you run out of addresses in a single /24. FLSM forces you to size every subnet for your largest requirement, wasting addresses everywhere else.
What Is VLSM?
VLSM stands for Variable Length Subnet Mask. Instead of applying one uniform prefix length across all subnets, VLSM lets you assign a different subnet mask to each subnet based on how many hosts it actually needs. A large department gets a /25 while a point-to-point link gets a /30, all carved from the same parent network.
The key principle is straightforward: allocate the largest subnets first, then fill in smaller subnets from the remaining address space. This avoids overlapping allocations and maximizes efficiency. VLSM is how every modern enterprise network is designed, and it is a core topic on the CompTIA Network+ and CCNA exams.
To use VLSM effectively, you need to be comfortable with binary-to-decimal conversion and powers of two. If those feel rusty, review our subnetting beginner’s guide first.
VLSM Step by Step
Let’s work through a complete VLSM example. This is the single most important section of the article, so follow along carefully.
You have been assigned the network 192.168.1.0/24 (256 total addresses, 254 usable). You need to create subnets for four departments:
- Sales: 100 hosts
- Engineering: 50 hosts
- Management: 25 hosts
- Point-to-point WAN link: 2 hosts
Step 1: Sort by Size (Largest First)
Always start with the subnet that requires the most hosts and work your way down. This prevents fragmentation and overlapping allocations.
- Sales — 100 hosts
- Engineering — 50 hosts
- Management — 25 hosts
- Point-to-point link — 2 hosts
Step 2: Allocate the Largest Subnet (Sales)
Sales needs 100 hosts. Find the smallest power of two that accommodates 100 hosts plus network and broadcast addresses:
2^7 = 128 addresses (128 - 2 = 126 usable) ✔
2^6 = 64 addresses ( 64 - 2 = 62 usable) ✘ too smallWe need 7 host bits, which means 32 – 7 = /25. The first available address is the start of our /24, so:
Sales: 192.168.1.0/25
Network: 192.168.1.0
Usable: 192.168.1.1 – 192.168.1.126
Broadcast: 192.168.1.127
Hosts: 126 usable (100 needed)The next available address after this block is 192.168.1.128.
Step 3: Allocate the Next Subnet (Engineering)
Engineering needs 50 hosts. The next power of two:
2^6 = 64 addresses (64 - 2 = 62 usable) ✔That gives us a /26 (32 – 6 = 26). Starting from 192.168.1.128:
Engineering: 192.168.1.128/26
Network: 192.168.1.128
Usable: 192.168.1.129 – 192.168.1.190
Broadcast: 192.168.1.191
Hosts: 62 usable (50 needed)Next available address: 192.168.1.192.
Step 4: Allocate Management
Management needs 25 hosts:
2^5 = 32 addresses (32 - 2 = 30 usable) ✔A /27 (32 – 5 = 27). Starting from 192.168.1.192:
Management: 192.168.1.192/27
Network: 192.168.1.192
Usable: 192.168.1.193 – 192.168.1.222
Broadcast: 192.168.1.223
Hosts: 30 usable (25 needed)Next available address: 192.168.1.224.
Step 5: Allocate the Point-to-Point Link
A point-to-point link needs exactly 2 usable addresses (one for each router interface). The standard practice is a /30:
2^2 = 4 addresses (4 - 2 = 2 usable) ✔Point-to-point: 192.168.1.224/30
Network: 192.168.1.224
Usable: 192.168.1.225 – 192.168.1.226
Broadcast: 192.168.1.227
Hosts: 2 usable (2 needed)Final VLSM Allocation Table
| Department | Network | Mask | Usable Range | Broadcast | Needed | Available |
|---|---|---|---|---|---|---|
| Sales | 192.168.1.0/25 |
255.255.255.128 |
.1 – .126 |
.127 |
100 | 126 |
| Engineering | 192.168.1.128/26 |
255.255.255.192 |
.129 – .190 |
.191 |
50 | 62 |
| Management | 192.168.1.192/27 |
255.255.255.224 |
.193 – .222 |
.223 |
25 | 30 |
| Point-to-point | 192.168.1.224/30 |
255.255.255.252 |
.225 – .226 |
.227 |
2 | 2 |
Total addresses used: 128 + 64 + 32 + 4 = 228 out of 256. The remaining 28 addresses (192.168.1.228 through 192.168.1.255) are available for future growth. Try verifying these results with our subnet calculator.
VLSM vs FLSM: A Direct Comparison
What happens if we try to fit the same four departments into FLSM instead? Since Sales needs 100 hosts, every subnet must be at least a /25 (126 usable). But a /24 only gives us two /25 subnets, so FLSM fails entirely for this scenario with a single /24.
If we use a larger block, say 192.168.0.0/22 (1,024 addresses) with FLSM /25 subnets, we get eight subnets of 126 hosts each. That accommodates all four departments, but look at the waste:
| Department | Hosts Needed | FLSM (/25) Allocated | FLSM Wasted | VLSM Allocated | VLSM Wasted |
|---|---|---|---|---|---|
| Sales | 100 | 126 | 26 | 126 | 26 |
| Engineering | 50 | 126 | 76 | 62 | 12 |
| Management | 25 | 126 | 101 | 30 | 5 |
| Point-to-point | 2 | 126 | 124 | 2 | 0 |
| Total | 177 | 504 | 327 | 220 | 43 |
FLSM wastes 327 addresses; VLSM wastes only 43. More importantly, VLSM fits everything inside a single /24, while FLSM requires a /22. In environments where IPv4 addresses are scarce, this difference matters enormously. When designing internal networks using private IP address ranges (10.x.x.x, 172.16.x.x, 192.168.x.x), VLSM ensures you use those ranges efficiently across departments of varying sizes.
What Is Supernetting?
Supernetting is the conceptual opposite of subnetting. Instead of dividing a network into smaller pieces, you combine multiple contiguous networks into one larger block. This is also called route aggregation, route summarization, or simply CIDR aggregation.
The purpose is to reduce the number of entries in routing tables. If a router knows about four separate /24 routes that are contiguous and share the same next-hop, it can advertise a single /22 summary route instead. Fewer routes mean faster lookups, lower memory usage, and more stable routing.
Supernetting Example
Suppose an ISP has assigned your organization four contiguous /24 networks:
192.168.0.0/24192.168.1.0/24192.168.2.0/24192.168.3.0/24
Can these be summarized into a single supernet? To find out, convert the third octet of each network to binary and look for the common prefix:
192.168.0.0 → 192.168.00000000.0
192.168.1.0 → 192.168.00000001.0
192.168.2.0 → 192.168.00000010.0
192.168.3.0 → 192.168.00000011.0
^^^^^^^^^^^^^^^^
Common bits: 192.168.000000xx.x = first 22 bits matchThe first 22 bits are identical across all four networks. That means we can summarize them as:
Supernet: 192.168.0.0/22
Mask: 255.255.252.0
Range: 192.168.0.0 – 192.168.3.255
Total: 1,024 addresses (4 × 256)Instead of advertising four routes, the router advertises one. Use our IP binary converter to verify the bit alignment yourself.
Supernetting only works when the networks are contiguous and the count is a power of two (2, 4, 8, 16…). The starting network address must also be evenly divisible by the total number of networks being combined. For example, you cannot supernet 192.168.1.0/24 through 192.168.4.0/24 because 192.168.1.0 is not on a /22 boundary.
Why Supernetting Matters
Supernetting is not just an academic exercise. It has critical real-world applications:
- BGP route aggregation: The global internet routing table contains over 950,000 IPv4 routes. Without route summarization, that number would be many times higher, overwhelming router memory and CPU.
- ISP address allocation: ISPs receive large CIDR blocks from regional registries (like ARIN or RIPE) and allocate smaller blocks to customers. Supernetting lets them advertise a single summarized route upstream.
- Internal routing efficiency: In large enterprise networks with hundreds of subnets, route summarization at area or distribution boundaries keeps OSPF and EIGRP routing tables manageable.
- Faster convergence: Fewer routes mean routing protocol updates propagate more quickly when a topology change occurs.
When to Use VLSM vs Supernetting
While both techniques involve manipulating prefix lengths, they solve different problems and operate at different levels of network design:
| Aspect | VLSM | Supernetting |
|---|---|---|
| Direction | Divides down (longer prefixes) | Combines up (shorter prefixes) |
| Purpose | Efficient internal address allocation | Routing table reduction |
| Typical use | Network design, IP planning | BGP, OSPF summarization, ISP allocation |
| Prefix change | /24 becomes /25, /26, /27, /30 | Four /24s become one /22 |
| Scope | Within a single allocated block | Across multiple contiguous blocks |
Think of it this way: VLSM is an architect’s tool for designing the floor plan of a building (internal layout). Supernetting is a city planner’s tool for grouping buildings into a single postal zone (external routing). Most network engineers use both daily.
Common Pitfalls
Advanced subnetting introduces several traps that catch even experienced engineers:
1. Non-Contiguous Blocks Cannot Be Superneted
You cannot summarize 192.168.0.0/24 and 192.168.5.0/24 into a single route. The networks must be adjacent in the address space with no gaps. If they are not contiguous, you must advertise them as separate routes.
2. Overlapping VLSM Allocations
The most common VLSM mistake is accidentally overlapping subnets. For example, if you allocate 192.168.1.0/25 (addresses .0 through .127) and then start the next subnet at 192.168.1.64/26, those two subnets overlap. Always start the next allocation at the first address after the previous subnet’s broadcast address. Use our subnet calculator to double-check boundaries.
3. Routing Protocol Compatibility
Not all routing protocols carry subnet mask information in their updates. This matters because a router receiving a route for 192.168.1.0 needs to know whether that is a /25, /26, or /27.
- Supports VLSM: OSPF, EIGRP, IS-IS, BGP, RIPv2
- Does NOT support VLSM: RIPv1, IGRP (both are classful and deprecated)
If your network runs RIPv1, every subnet must use the same mask (FLSM). This is one of the many reasons classful routing protocols have been retired in modern networks.
4. Forgetting Future Growth
When planning VLSM allocations, do not allocate every last address. Leave gaps between subnets for future expansion. In our worked example, we left 28 addresses unallocated. A production network should aim for at least 20-30% headroom in each subnet.
5. Incorrect Supernet Boundaries
A common exam mistake is trying to supernet networks that do not align to a valid boundary. For example, 192.168.1.0/24 through 192.168.4.0/24 is four networks, but 192.168.1.0 is not a valid /22 boundary (1 is not divisible by 4). The valid /22 boundaries in the third octet are 0, 4, 8, 12, 16, and so on.
Frequently Asked Questions
What is the difference between VLSM and FLSM?
FLSM (Fixed-Length Subnet Mask) uses the same subnet mask for every subnet in a network, regardless of how many hosts each subnet actually needs. VLSM (Variable Length Subnet Mask) allows each subnet to have a different mask, so you can allocate a /25 for a large department and a /30 for a point-to-point link from the same parent network. VLSM is far more address-efficient and is the standard approach in all modern network design.
Do all routing protocols support VLSM?
No. Only classless routing protocols support VLSM because they include the subnet mask in their route advertisements. These include OSPF, EIGRP, IS-IS, BGP, and RIPv2. Older classful protocols like RIPv1 and IGRP assume all subnets use the same mask and cannot handle VLSM. In practice, classful protocols have been deprecated and should not be used in new deployments.
What is route summarization?
Route summarization (also called route aggregation or supernetting) is the process of combining multiple contiguous network routes into a single, shorter-prefix route. For example, four /24 networks can be summarized into one /22. This reduces the number of entries in routing tables, lowers memory and CPU usage on routers, and speeds up route convergence when topology changes occur.
Can I use VLSM with IPv6?
Yes, but it is less critical. IPv6 has a vastly larger address space (128-bit versus 32-bit), so address conservation is not the primary concern. However, the concept of using different prefix lengths for different network segments still applies. The standard IPv6 practice is to assign a /64 to every LAN segment and a /127 to point-to-point links, which is conceptually similar to VLSM.
How do I avoid overlapping subnets in VLSM?
Follow two rules: always allocate subnets from largest to smallest, and always start each new subnet at the first address after the previous subnet’s broadcast address. After completing your plan, verify that no subnet’s range overlaps with another. Tools like a subnet calculator can help confirm boundaries. Drawing a number line of the full address space and shading each allocation is also a reliable visual check.
Is supernetting the same as CIDR?
They are closely related but not identical. CIDR (Classless Inter-Domain Routing) is the broader system that eliminated the old Class A/B/C boundaries and introduced slash notation (like /22). Supernetting is a specific application of CIDR where you combine multiple smaller networks into a larger aggregate. In other words, CIDR is the framework and supernetting is a technique made possible by that framework. See IP address formats explained for more on CIDR notation.
References
- Fuller, V. & Li, T. “Classless Inter-Domain Routing (CIDR).” RFC 4632, IETF, 2006. datatracker.ietf.org
- Pummill, T. & Manning, B. “Variable Length Subnet Table For IPv4.” RFC 1878, IETF, 1995. datatracker.ietf.org
- Cisco Systems. “VLSM and CIDR.” Cisco Documentation. cisco.com
- CompTIA. “Network+ Certification Exam Objectives.” CompTIA. comptia.org
- Cloudflare. “What Is CIDR?” Cloudflare Learning Center. cloudflare.com