This chapter covers Variable Length Subnet Masking (VLSM) and Classless Inter-Domain Routing (CIDR) notation, two foundational concepts for efficient IP address allocation and routing. On the N10-009 exam, these topics appear in roughly 10-15% of questions, often interwoven with subnetting calculations, routing protocol behaviour, and network design scenarios. Mastery of VLSM and CIDR is essential for passing the exam and for real-world network engineering, as they underpin modern IPv4 addressing and route summarization.
Jump to a section
Imagine a national postal system originally designed with only two-digit ZIP codes (10 zones). As the population grows, the post office realizes that 10 zones are not enough. They could simply expand to a three-digit code, but that would waste millions of addresses in sparsely populated areas. Instead, they adopt a flexible system: they allocate a prefix (e.g., 90) to a large region, but allow sub-postmasters to further subdivide their region using additional digits (e.g., 90210, 90211). This is Variable Length Subnet Masking (VLSM). Meanwhile, the post office also needs to advertise routes efficiently. Instead of listing every single nine-digit ZIP code, they advertise a range like 'all codes starting with 902' using a notation '902/3' meaning the first three digits are fixed. This is Classless Inter-Domain Routing (CIDR). The post office can now aggregate many small routes into one big route (supernetting) or split a big route into smaller ones (subnetting). The key is that the 'mask' (the number of fixed digits) can vary per route, and the system is classless—no one assumes a two-digit code is a 'Class A' anymore. This mirrors how IP addresses and masks work: the network prefix length (CIDR notation) tells routers how many bits are the network portion, and VLSM allows different subnets within the same major network to have different prefix lengths.
What Are VLSM and CIDR?
Variable Length Subnet Masking (VLSM) is the practice of using different subnet masks for different subnets within the same major network (i.e., the same classful address block). Classless Inter-Domain Routing (CIDR) is the method for allocating IP addresses and routing IP packets without regard to the traditional classful boundaries (A, B, C). CIDR uses prefix notation (e.g., /24) to denote the network portion of an address. VLSM is essentially an application of CIDR: it allows a network to be subnetted into subnets of varying sizes, reducing address waste.
Why CIDR Was Necessary
Before CIDR (RFC 1518, 1519), IP addresses were assigned based on class: Class A (/8), Class B (/16), Class C (/24). This led to massive waste because organizations rarely used all addresses in their allocated block. For example, a company needing 300 addresses would receive a Class B (65,534 addresses), wasting over 65,000 IPs. By the early 1990s, the Internet was running out of addresses and routing tables were exploding. CIDR solved both problems: it allowed ISPs to allocate address blocks in any size (e.g., a /23 for 510 addresses) and enabled route aggregation (supernetting) to keep routing tables manageable.
How VLSM Works
VLSM works by allowing a subnet to be further subdivided into smaller subnets, each with its own subnet mask. The key is that the subnet mask must be extended (i.e., more bits set to 1) for the smaller subnets. For example, a /24 network (255.255.255.0) can be divided into two /25 subnets (each with 126 usable hosts), or four /26 subnets (62 hosts each), or one /25 and two /26, etc. The routing protocol must support VLSM (i.e., it must carry the subnet mask in its updates). Classful routing protocols like RIPv1 and IGRP do not support VLSM; classless protocols like RIPv2, OSPF, EIGRP, and BGP do.
Subnetting vs. VLSM
Traditional subnetting uses a fixed-length subnet mask (FLSM) across all subnets. For example, a /24 network subnetted into /26 subnets gives four equal-sized subnets. If one subnet needs only 10 hosts and another needs 50, FLSM forces the 10-host subnet to use a /26 (62 hosts), wasting 52 addresses. VLSM allows the 10-host subnet to use a /28 (14 hosts) and the 50-host subnet to use a /26, reducing waste.
CIDR Notation and Prefix Length
CIDR notation is written as an IP address followed by a slash and the number of bits in the network prefix. For example, 192.168.1.0/24 means the first 24 bits are the network portion. The subnet mask in dotted decimal is 255.255.255.0. Common prefix lengths: - /8 (255.0.0.0) - 16,777,214 hosts - /16 (255.255.0.0) - 65,534 hosts - /24 (255.255.255.0) - 254 hosts - /30 (255.255.255.252) - 2 hosts (point-to-point links) - /32 (255.255.255.255) - 1 host (loopback or host route)
Route Aggregation (Supernetting)
CIDR enables route aggregation, also called supernetting or summarization. Instead of advertising multiple contiguous smaller networks, a router can advertise a single larger network that encompasses them. For example, instead of advertising 192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24, and 192.168.3.0/24 separately, a router can advertise 192.168.0.0/22 (which covers all four /24s). This reduces routing table size and improves network stability.
How to Perform VLSM Calculations
To perform VLSM, follow these steps: 1. List all subnets in descending order of host requirements. 2. Determine the smallest subnet mask that accommodates the largest subnet (including network and broadcast addresses). 3. Assign the first available network address to that subnet. 4. Repeat for the next largest subnet, using the next available address block.
Example: You have network 10.0.0.0/8 and need subnets with 500, 200, 50, and 2 hosts. - 500 hosts: need /23 (510 hosts). Subnet: 10.0.0.0/23 (range 10.0.0.0 - 10.0.1.255). - 200 hosts: need /24 (254 hosts). Next available: 10.0.2.0/24. - 50 hosts: need /26 (62 hosts). Next available: 10.0.3.0/26 (range 10.0.3.0 - 10.0.3.63). - 2 hosts: need /30 (2 hosts). Next available: 10.0.3.64/30 (range 10.0.3.64 - 10.0.3.67). Note that the /26 and /30 are inside the /24 space; VLSM allows this nesting.
VLSM and Routing Protocols
Support for VLSM requires classless routing protocols. RIPv2, OSPF, EIGRP, IS-IS, and BGP all include the subnet mask in their route advertisements. RIPv1 and IGRP do not; they assume the default classful mask. When using VLSM, you must ensure all routers run a classless protocol or manually configure static routes with masks. On the exam, remember that OSPF and EIGRP are classless by default; RIPv2 is classless; RIPv1 is classful.
Discontiguous Networks
VLSM can lead to discontiguous subnets, where subnets of the same major network are separated by another major network. For example, 10.1.0.0/16 and 10.2.0.0/16 are both subnets of 10.0.0.0/8 but are separated by a different network. Classful routing protocols will automatically summarize to the classful boundary (10.0.0.0/8) and will not see the individual subnets, causing routing problems. Classless protocols can handle discontiguous networks if summarization is disabled. The exam tests this: discontiguous networks cause routing loops with classful protocols.
CIDR and the Internet
CIDR is the foundation of Internet routing. ISPs are allocated blocks of IP addresses from Regional Internet Registries (RIRs) in CIDR notation. For example, ARIN may allocate 198.51.100.0/24 to an ISP. The ISP can then subdivide it into smaller blocks for customers. BGP routers exchange routes using CIDR prefixes. Without CIDR, the global routing table would be hundreds of times larger.
Configuration Examples
On a Cisco router, to configure a static route with a /25 mask:
ip route 192.168.1.128 255.255.255.128 10.0.0.1Or using CIDR notation:
ip route 192.168.1.128/25 10.0.0.1To enable RIPv2 (classless):
router rip
version 2
network 10.0.0.0
no auto-summaryTo verify routing table and see masks:
show ip routeThe output includes the prefix length, e.g., 10.0.0.0/8 or 10.0.1.0/24.
Common Pitfalls
Forgetting to include network and broadcast addresses when calculating host counts.
Using FLSM when VLSM is required (wastes addresses).
Using a classful protocol in a VLSM environment (causes routing issues).
Misaligning subnets: VLSM subnets must start at a boundary that matches their mask. For example, a /26 must start on a multiple of 64 (0, 64, 128, 192).
Exam-Relevant Values
Memorize these: - /30: 2 usable hosts (point-to-point) - /29: 6 usable hosts - /27: 30 usable hosts - /26: 62 usable hosts - /25: 126 usable hosts - /24: 254 usable hosts - /23: 510 usable hosts - /22: 1022 usable hosts - /21: 2046 usable hosts - /20: 4094 usable hosts
Summary of Interaction with Related Technologies
NAT: Often used with RFC 1918 addresses (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16). VLSM allows efficient use of these private ranges.
DHCP: DHCP servers can be configured with scopes that match VLSM subnets. The default gateway and subnet mask are provided to clients.
VLANs: Each VLAN typically corresponds to a subnet; VLSM allows VLANs to have different size subnets as needed.
ACLs: Access control lists can filter based on source/destination IP and wildcard masks. Understanding CIDR is essential for writing efficient ACLs.
BGP: BGP relies on CIDR for route aggregation and prefix advertisement.
Step-by-Step VLSM Example
Given network 172.16.0.0/16, create subnets for: 1000 hosts, 500 hosts, 250 hosts, 100 hosts, 2 hosts (WAN link).
Sort: 1000, 500, 250, 100, 2.
1000 hosts -> /22 (1022 usable). Subnet: 172.16.0.0/22 (range 172.16.0.0 - 172.16.3.255).
500 hosts -> /23 (510 usable). Next available: 172.16.4.0/23 (range 172.16.4.0 - 172.16.5.255).
250 hosts -> /24 (254 usable). Next: 172.16.6.0/24.
100 hosts -> /25 (126 usable). Next: 172.16.7.0/25 (range 172.16.7.0 - 172.16.7.127).
2 hosts -> /30 (2 usable). Next: 172.16.7.128/30 (range 172.16.7.128 - 172.16.7.131).
Notice that the /25 and /30 are nested within the /24 space; this is VLSM.
Determine Host Requirements
List all subnets needed and the number of required hosts per subnet. Sort them in descending order (largest to smallest). This ensures that larger subnets are allocated first, preventing address space fragmentation. Remember to account for network and broadcast addresses: usable hosts = 2^(32 - prefix) - 2. For point-to-point links (2 hosts), use /30 (2 usable) or /31 (2 usable with RFC 3021, but not always supported).
Calculate Subnet Mask for Largest Subnet
For the largest host requirement, find the smallest prefix length that provides enough usable addresses. Use the formula: 2^(32 - prefix) - 2 >= required hosts. For example, 500 hosts need at least 502 total addresses, so prefix <= 23 (2^(32-23)=512, minus 2 = 510 >= 500). The subnet mask is /23 (255.255.254.0).
Assign First Available Network Address
Starting from the base network (e.g., 10.0.0.0/8), assign the first block that matches the required prefix. Ensure the block is aligned to its network boundary (the network address must be a multiple of the block size). For a /23, block size = 2^(24-23)=2 in the third octet, so network addresses must be multiples of 2 (e.g., 10.0.0.0, 10.0.2.0, 10.0.4.0).
Repeat for Next Largest Subnet
After assigning the first subnet, the next available network address is the first address after the previous subnet's broadcast. For example, after 10.0.0.0/23 (broadcast 10.0.1.255), the next network is 10.0.2.0. Check if this address is aligned for the required mask. If not, skip to the next aligned address. Continue until all subnets are assigned.
Verify and Document
Double-check that no subnets overlap. Each subnet's range must be within the parent network and not intersect with others. Document the network address, prefix length, subnet mask, broadcast address, and usable host range for each subnet. This documentation is critical for troubleshooting and future expansion.
Enterprise Scenario 1: Campus Network with Multiple Departments
A university has a single /16 network (e.g., 10.0.0.0/16) and needs to allocate subnets to different departments: Engineering (2000 hosts), Business (500 hosts), Admin (100 hosts), and dormitories (4000 hosts). Using VLSM, the network engineer assigns a /20 to dorms (4094 hosts), a /21 to Engineering (2046 hosts), a /23 to Business (510 hosts), and a /25 to Admin (126 hosts). This saves thousands of addresses compared to using a fixed /20 for all. The routing protocol is OSPF, which supports VLSM. Without VLSM, the engineer would have to waste addresses or use multiple major networks. Performance is fine as long as route summarization is configured at the distribution layer (e.g., summarizing all /20s into a single /16). Misconfiguration: if auto-summary is enabled on a router running RIPv2, it would summarize to 10.0.0.0/8 and lose visibility of individual subnets, causing reachability issues.
Enterprise Scenario 2: Data Center with Point-to-Point Links
A data center uses /30 subnets for all inter-switch and inter-router links. For 50 point-to-point links, only 100 IP addresses are needed (50 networks x 2 usable hosts each). Using VLSM, these /30s are carved out of a larger block, say 10.10.0.0/24. The engineer assigns 10.10.0.0/30, 10.10.0.4/30, etc., up to 10.10.0.196/30. This uses only 200 IPs out of 256 in the /24, leaving room for future links. If FLSM were used with /24, each link would waste 252 IPs. Common mistake: using /29 for point-to-point links wastes 6 IPs per link, which adds up. The engineer must ensure that loopback interfaces use /32 masks. BGP is used for external routing; BGP relies on CIDR for route aggregation.
Enterprise Scenario 3: ISP Customer Allocation
An ISP receives a /22 block (1024 addresses) from its upstream provider. It needs to allocate subnets to customers: one customer needs 300 hosts, another needs 50, and several need 2-host links. Using VLSM, the ISP assigns a /23 (510 hosts) to the 300-host customer, a /26 (62 hosts) to the 50-host customer, and /30s for point-to-point links. The ISP must ensure that the subnets do not overlap and that the customer routers use classless routing (e.g., BGP or static routes). The ISP also advertises the /22 as a single prefix to the Internet, aggregating all customer subnets. If the ISP misconfigures and advertises individual /24s, the global routing table grows unnecessarily. Performance consideration: route aggregation reduces BGP table size and convergence time.
What N10-009 Tests on VLSM and CIDR
Objective 1.4 explicitly includes: 'Explain the purpose and properties of subnetting and VLSM' and 'Given a scenario, calculate subnet ranges and apply VLSM.' The exam expects you to:
Calculate the number of hosts per subnet given a prefix.
Determine the subnet mask, network address, broadcast address, and usable range.
Design a VLSM scheme given host requirements.
Identify which routing protocols support VLSM (classless vs. classful).
Understand route aggregation (supernetting) and its benefits.
Recognize discontiguous subnet issues.
Common Wrong Answers
Miscounting usable hosts: Candidates forget to subtract 2 for network and broadcast. For example, they might say a /24 has 256 usable hosts instead of 254. The exam often includes a distractor that is off by 2.
Using FLSM when VLSM is required: A question may ask 'What is the most efficient subnet mask for a subnet needing 100 hosts?' The wrong answer might be /24 (254 hosts) when /25 (126 hosts) is sufficient. The exam tests efficiency.
Confusing prefix length with subnet mask: Candidates might convert /24 to 255.255.255.0 correctly but then fail to apply it to a different scenario. Practice converting between notations.
Assuming classful boundaries: For example, thinking 10.0.0.0 is always /8. The exam will present a scenario where 10.0.0.0/16 is used, and candidates must adjust.
Ignoring network alignment: When assigning VLSM subnets, the network address must be a multiple of the block size. A /27 (block size 32) must start at 0, 32, 64, etc. The exam may present an invalid network address as a distractor.
Specific Numbers and Terms
Memorize these exact values: - /30: 2 usable hosts (point-to-point) - /29: 6 usable hosts - /27: 30 usable hosts - /26: 62 usable hosts - /25: 126 usable hosts - /24: 254 usable hosts - /23: 510 usable hosts - /22: 1022 usable hosts - /21: 2046 usable hosts - /20: 4094 usable hosts
Terms: 'supernetting' (aggregation), 'prefix length', 'CIDR notation', 'classful', 'classless', 'VLSM', 'discontiguous subnet', 'auto-summary'.
Edge Cases and Exceptions
/31 subnets: RFC 3021 allows /31 for point-to-point links, providing 2 usable hosts (no network/broadcast). The exam may test this as an exception. Note that not all platforms support /31.
/32 subnets: Used for loopback interfaces or host routes. The exam may ask about loopback addresses.
Zero subnets: With ip subnet-zero, you can use the all-zeros subnet (e.g., 192.168.1.0/27). The exam assumes ip subnet-zero is enabled unless stated otherwise.
Classful protocols with VLSM: RIPv1 and IGRP do not support VLSM; they will summarize to classful boundary. The exam may ask which protocol is suitable for a VLSM design.
How to Eliminate Wrong Answers
If a subnet mask gives more than double the required hosts, it is probably not the most efficient. Look for the smallest mask that satisfies the requirement.
If the network address is not aligned (e.g., 192.168.1.64/27 is invalid because /27 block size 32, 64 is a multiple of 32? 64/32=2, so it's valid. But 192.168.1.80/27 is invalid because 80/32=2.5).
If the question mentions 'efficient' or 'minimize waste', use VLSM.
If the routing protocol is RIPv1 or IGRP, VLSM cannot be used.
If a route is advertised as 10.0.0.0/8, it may be a summary; check if it hides more specific routes.
VLSM allows different subnet masks within a major network, reducing address waste.
CIDR notation (e.g., /24) specifies the network prefix length; convert to dotted decimal mask as needed.
Usable hosts = 2^(32 - prefix) - 2 (except /31 and /32).
Classless routing protocols (RIPv2, OSPF, EIGRP, BGP) support VLSM; classful (RIPv1, IGRP) do not.
Route aggregation (supernetting) combines multiple contiguous prefixes into a single larger prefix.
Discontiguous subnets cause routing problems with classful protocols due to automatic summarization.
When designing VLSM, always start with the largest subnet and work down.
Subnet addresses must be aligned to their block size (e.g., /26 block size 64, network address multiple of 64).
Common exam values: /30 (2 hosts), /29 (6), /27 (30), /26 (62), /25 (126), /24 (254).
Auto-summary should be disabled on classless routing protocols when using VLSM.
These come up on the exam all the time. Here's how to tell them apart.
FLSM (Fixed-Length Subnet Mask)
All subnets use the same mask.
Simpler to configure and understand.
Wastes IP addresses if subnets have different host requirements.
Supported by classful routing protocols.
Each subnet has the same number of usable hosts.
VLSM (Variable-Length Subnet Mask)
Subnets can have different masks.
More efficient use of address space.
Requires classless routing protocols (RIPv2, OSPF, EIGRP, BGP).
Allows route summarization at non-classful boundaries.
Subnets can be sized exactly to host requirements.
Mistake
VLSM and CIDR are the same thing.
Correct
VLSM is the practice of using different subnet masks within a major network. CIDR is a broader standard for IP address allocation and routing that uses prefix notation. VLSM is an application of CIDR principles.
Mistake
A /24 subnet always has 256 usable addresses.
Correct
A /24 has 256 total addresses, but the first (network) and last (broadcast) are reserved, leaving 254 usable hosts. The exam often tests this subtraction.
Mistake
Classful routing protocols can support VLSM if you configure static routes.
Correct
Static routes with masks can be used on a router running a classful protocol, but the routing protocol itself will not advertise the mask. Dynamic updates from classful protocols (RIPv1, IGRP) do not include the mask, so VLSM information is lost across router boundaries.
Mistake
You can use any network address for a VLSM subnet as long as it is within the parent network.
Correct
VLSM subnets must be aligned to their block size. For example, a /27 (block size 32) must start at an address where the last octet is a multiple of 32 (0, 32, 64, 96, 128, 160, 192, 224). Using an unaligned address like 192.168.1.40/27 would overlap with adjacent subnets.
Mistake
Route summarization always improves routing efficiency.
Correct
Summarization reduces routing table size but can cause suboptimal routing or black holes if the summary hides more specific routes that point to different next hops. It must be used carefully, especially in networks with multiple exit points.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
VLSM is the technique of using different subnet masks within the same major network to match host requirements. CIDR is the overall standard that enables VLSM by allowing prefix lengths to be specified in routing protocols. CIDR also enables route aggregation. In practice, VLSM is a feature enabled by CIDR. For the exam, remember that VLSM requires a classless routing protocol, which CIDR provides.
A /28 has 32 total addresses (2^(32-28)=16? Wait, 2^(32-28)=2^4=16. Then subtract 2 for network and broadcast: 16-2=14 usable hosts. Common mistake: using 2^(32-28)=16, then forgetting to subtract 2. Always subtract 2 for /1 through /30 (except /31 and /32).
No. RIPv1 is a classful routing protocol that does not include subnet masks in its updates. It assumes the default classful mask (e.g., /8 for Class A). To use VLSM, you must use a classless protocol like RIPv2, OSPF, EIGRP, or BGP. Static routes with masks can be used on individual routers, but dynamic VLSM requires classless protocols.
The block size is 64 (2^(32-26)=2^6=64). This means the network addresses for /26 subnets are multiples of 64 in the relevant octet. For example, 192.168.1.0/26, 192.168.1.64/26, 192.168.1.128/26, 192.168.1.192/26.
To summarize, find the common prefix length that covers all the networks. For example, to summarize 192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24, write the addresses in binary and find the first bit where they differ. They share the first 22 bits, so the summary is 192.168.0.0/22. The block size is 4 (2^(24-22)=4).
Auto-summary causes the router to automatically summarize routes to their classful boundary (e.g., 10.0.0.0/8). When using VLSM, this can cause suboptimal routing or black holes because more specific routes are hidden. Disabling auto-summary with 'no auto-summary' allows the router to advertise the exact prefix lengths, preserving VLSM information.
Yes, according to RFC 3021, a /31 subnet provides two usable IP addresses (no network or broadcast). This is efficient for point-to-point links. However, not all devices or operating systems support /31; check compatibility. The exam may present /31 as an exception to the 'subtract 2' rule.
You've just covered VLSM and CIDR Notation — now see how well it sticks with free N10-009 practice questions. Full explanations included, no account needed.
Done with this chapter?