NET 222: Introduction to Routers and Routing

Chapter 3: IP Subnetting and Variable Length Subnet Masks (VLSMs)


This chapter continues the discussion of the TCP/IP suite, introducing subnetting. The objectives important to this chapter are:

  1. Subnetting basics
  2. Subnetting a class C network
  3. Variable Length Subnet Masks
  4. Summarization
  5. Troubleshooting
Concepts: Part 1

This chapter introduces the concept of subnetting, like some other discussions in this text, with an infusion of unexplained jargon. Bear with me, while I try to make it more understandable.

Suppose your company has six divisions or locations, and logically needs six networks. You would want to be assigned six different network addresses (such as, and five more). Suppose, however, that you either cannot get or cannot afford licenses for six networks. Then you take the one network address that you do have and create six subnets. (Six, by the way, is not a magic number, it is just an example.)

Subnet Masks

Subnetting works by borrowing bits from the host portion of an address, and using those bits to identify subsections of your network. The use of borrowed bits only works because of subnet masks. A subnet mask tells hosts on a network which bits in an address are network address bits and which bits are host address bits. It does it by the use of 1s and 0s. Consider the table below:

Subnet Masks for Classes A, B, and C
Decimal Mask Binary Mask
Class A 11111111.00000000.00000000.00000000
Class B 11111111.11111111.00000000.00000000
Class C 11111111.11111111.11111111.00000000

Network devices read a mask to learn how to interpret addresses. Address positions marked by 1s in a mask are considered network address positions. Address positions marked by 0s in a mask are considered host address positions. Another way of saying this is that certain address bits are considered to be network address bits and the rest are considered host address bits. The actual method used involves Boolean math, but understanding it is not critical to understanding or using the concept. When a device reads an actual IP address, the rule from the subnet mask is applied, and the device understands which bits are the net address and which are the host address.

If you need another metaphor, think about this one. A router on a class C network might receive traffic bound for device When received, that address would look like this:
(No dots, remember?)

A subnet mask is like a filter that only shows a portion of an address to a device. Routers only care about the network portion of an address. Imagine a pair of glasses that has one red lens and one blue lens. Imagine that the subnet mask colors all the bits of an incoming address so that the network bits are red and the host bits are blue. On a class C network, the subnet mask is, so the address would look like this:

The router would look at the address through a filter that would show it only the network address portion. This would be like looking through the blue lens, hiding the host portion of the address.

If this traffic were received by a device that cared only about the host portion of the address, it would be like looking through the red lens.


By borrowing one bit, two subnets are theoretically possible. However, as a general rule, subnet numbers using all 1s and all 0s are not used, so borrowing one bit will usually not yield any usable subnet addresses. This is why the traditional formula for number of usable subnets is:
2N - 2 = number of subnets (where N is the number of bits borrowed).

Your text tells us that this limitation can be overcome with Cisco routers, but does not explain it for several pages. The router command to accomplish it is IP subnet-zero. This command allows us to borrow one bit, so this would eliminate the need to subtract 2 from the number of possible subnets.

Assume we borrow two bits in each of the three classes above. Borrowed bits are shown in red in the resulting subnet mask numbers below:

Subnet Masks if Borrowing 2 Bits
Decimal Mask Binary Mask
Class A 11111111.11000000.00000000.00000000
Class B 11111111.11111111.11000000.00000000
Class C 11111111.11111111.11111111.11000000

Note that the subnet masks above do not match the standard masks from the previous table. The standard masks are classful masks, because they match the intended use of class address schemes. The masks above are classless, because they do not match any network class.

Be aware that routers on the Internet only use the network bits of an address for routing. Routers connecting subnets within a network must use the network, subnet, and host bits for routing.

Regarding the topic of assigning subnet addresses:

  • Each address on a network must be unique. This is true for all IP addresses, not just subnet addresses.
  • The network and subnet numbers must be the same for all devices on the same network. A classic error is to assign two workstations to different subnets and expect them to communicate as if they were on the same logical LAN.
  • The host (physical) portion of the address must not be set to all 1s or all 0s.
  • Plan for growth. You will have to add more stations later to most LANs, and you may have to add more subnets than you need today. In general, you calculate the number of subnets required, then round up to the nearest power of two. Do the same with the number of hosts needed per subnet. You may find that the two goals are in conflict.
  • Don’t use IP addresses reserved for special use. These have been noted already in the text.

TCP/IP support is expected on networks. It was optional, previously, but the Internet has made it the common protocol suite for all networks of any note.

In an IP network, each device needs a unique IP address. Assignment of these addresses takes some planning. First, there are two major approaches:

  • Static assignment - someone has to manually configure the address on each device, including workstations, servers, and printers. Unless your network is small, this is very painful.
  • Dynamic assignment - a server on the network can assign an address to workstations as they are signed on. You will still want to manually configure addresses on servers, printers, routers, and other network resource devices. However, you can automate the "manual" part: see below.

Dynamic Host Configuration Protocol (DHCP) service allows us to dynamically assign IP addresses to hosts on an IP network. You need to understand that, as far as IP is concerned, "host" means any device on the network. Three methods for assigning addresses are listed:

  • Automatic Allocation: DHCP assigns a permanent IP address to a host.
  • Dynamic Allocation: An IP address is assigned to a host for a limited period of time (or until the host relinquishes the address). Also called address leasing.
  • Manual Allocation: This method requires that you assign the address. DHCP simply delivers the address to the host. Read that carefully: you can make the assignment, but you tell the DHCP server to deliver it, so you don't have to visit the host yourself.

Whether you use dynamic or static assignment, you can assign more than the IP address of a device. You can also specify what server to use for Domain Name Service (DNS), and what server to use for Gateway service (route to other networks). A DHCP server can provide this information when the device powers up, or it can be configured by hand as shown in the text.

CIDR Notation

A concept that is not covered in your book, but that belongs in this chapter is Classless Inter-Domain Routing (CIDR). CIDR is a router standard that allows the use of classless subnet masks. In the CIDR standard, IP addresses are followed by a slash and the decimal number of bits used in the network portion of the subnet mask.

An example of CIDR notation might be This example shows a network address, It is followed by a forward slash, and the number 24. The number 24 means that the subnet mask for addresses on this network uses 24 bits as network identifiers. This is the same thing as saying that the subnet mask for this network uses 3 bytes as network identifiers, which is the same thing as saying the subnet mask is In the table below, the same network is described three ways. Each is telling us the same thing: IP addresses on this network hold network information in the first three numbers, and host information in the fourth.
3 descriptions of the same network Example
subnet mask
number of bytes that hold network bits 3
CIDR notation /24

When addresses are sent on networks that allow CIDR notation, they can include this helpful notation that is the equivalent of sending the subnet mask along with the address. This is particularly helpful in networks that use subnetting. In such cases, the number following the forward slash probably will not be a multiple of 8.

How to Solve Story Problems

Back to subnetting, the text describes two methods for designing subnets. It begins with an example of a class C address. Most of the address work you are likely to do with subnets will be with class C addresses. Obviously, you cannot use eight bits to define a subnet on a class C network: you only have eight bits to define a host address to begin with, and you must use some of them for the host address. You must strike a balance between how many subnets you need and how many hosts you may put on each subnet. If the network administrator has decided to borrow 3 bits from the host byte for subnets, this leaves 5 bits for host addresses. To calculate how many usable subnets are obtained when borrowing a specific number of bits, use the formula above:
2N - 2 = number of subnets (where N is the number of bits borrowed). Do NOT subtract 2 if you are using the IP subnet-zero command.

To calculate the number of hosts possible for each subnet, do the same calculation, except that for the value of N, you use the TOTAL number of host bits available in the address. For instance, if this were a class B address, and you were borrowing 3 bits from the third byte for subnet addresses, the remaining 5 bits in the third byte and the 8 bits in the fourth byte would give you 13 as the value of N. Some methods call the exponent M when calculating the possible hosts, but the math is the same. DO subtract 2 in this case, because you cannot have all host bits as 0s (this is the subnet address) or all host bits as 1s (this is the broadcast address for the subnet).

A class C network is born with the classful subnet mask of If we borrow two bits from the host section of the address, we make the subnet mask (128 + 64 = 192).

The next step is to calculate the actual subnet addresses, that is, the addresses of the subnets themselves. The method is this:

  • Find the right-most 1 in the binary version of the subnet mask. The mask you are using is this: 11111111.11111111.11111111.11000000

  • Determine the value of this digit, based on its position in its byte. This value can only be 128, 64, 32, 16, 8, 4, 2 or 1. Call the value delta. (For those who are curious, Δ (the Greek letter delta) is a common physics symbol for "the amount of change".) In this example, two bits are borrowed, so this value of delta is 64.
  • The value of delta is used as the value of the shared byte, creating the first practical subnet address. In our Cisco world, delta is the address of the second subnet, since 0 is the address of the first one. The network address in this example is, so the first subnet address would be, and the second subnet would be Subsequent subnet addresses are multiples of delta, used as the value of the shared byte. Obviously, no value greater than 255 can be used. In this example, the subnet addresses would look like this (Delta times 0, times 1, times 2, and times 3): 11010010.11000111.00001010.00000000 11010010.11000111.00001010.01000000 11010010.11000111.00001010.10000000 11010010.11000111.00001010.11000000

    These are not masks, nor are they host addresses. They are the addresses of the possible subnetworks.
    Subnet addresses using all 0s or all 1s in the subnet address section can be used with the IP subnet-zero command. They are possible only if your routers support them. If you were not to use that command, there would be two fewer possible subnets, and delta would be the value of the first one.

The text explains that you must be able to calculate the number of possible subnets and possible hosts per subnet. We have covered this. You must also be able to state the addresses of the possible subnets. We have just covered this. You are further required to calculate the broadcast address of each subnet, and the range of host addresses on each. The text offers an easy technique for this.

The broadcast address of each subnet is actually one less than the address of the next subnet. For the last subnet, it is the broadcast address of the network. For example, the broadcast address for subnet above is Why? Because this is the same address with all host bits turned on:
This is easily seen in binary, but also easily calculated in decimal. So for each subnet, the broadcast address is easily obtained.

Subnet Broadcast address

Once you have this information, you can derive the host address range for each subnet: it is the range of numbers between the subnet address and its broadcast address.

Subnet Broadcast address Host address range

The chapter includes several examples of calculating subnets and host addresses for class A, B, and C scenarios. Students are advised to practice each of them.


The text moves on to describe Variable Length Subnet Masks (VLSMs). We have already discussed changing a network's subnet mask from classful to classless. VLSMs allow us to use different subnet masks in different parts of a network. To appreciate this concept, you need to know that this is not a common practice: usually all devices on a given network must use the same subnet mask, even if they are on different subnets.

This begs a question: why bother? In some cases, it is less wasteful than a single subnet mask scheme would be. Think about what subnetting costs: addresses. When you subnet, you lose addresses because each new subnet costs one address for the subnet and another for the broadcast address for that subnet.

Class C Network
subnet bits CIDR # of subnets (if IP subnet-zero) # of hosts per subnet # of possible hosts on network # of addresses lost on network
0 /24 2N = 1 2N - 2 = 254 254 0
1 /25 2N = 2 2N - 2 = 126 252 2
2 /26 2N = 4 2N - 2 = 62 248 6
3 /27 2N = 8 2N - 2 = 30 240 14
4 /28 2N = 16 2N - 2 = 14 224 30
5 /29 2N = 32 2N - 2 = 6 192 62
6 /30 2N = 64 2N - 2 = 2 128 236
7 /31 2N = 128 2N - 2 = 0 0 All

The text offers an example of a network segment that is populated only by two routers. The rest of this network is using a subnet mask of (3 bits borrowed, or /27). The wastefulness is in assigning a subnet to the two routers with this mask. The mask only allows 8 subnets. This subnet is two routers on a WAN link. It wastes any other addresses that could have been used on it.

The text discussion of this concept is murky. I suggest that you will benefit from looking at another example that I will discuss here. Please right-click the link below, and choose to open it in another window. You will see a printer-friendly version of a Microsoft lesson on VLSM from their online material about Windows Server 2000. Don't worry about knowing anything about Server 2000, just read the lesson, then come back here for my discussion of it.

Microsoft Lesson on VLSM

As the Microsoft example shows, VLSM is useful for subdividing (subnetting) a single network several different ways. When you have separate requirements for multiple subnets, you will do well to follow their example. Begin with the biggest subnet, and work down to the smallest in terms of number of hosts required. What you are doing is creating subnets within subnets.

In the Microsoft example, we are given a network ID of This is a Class B network, and it is currently using a classful Class B subnet mask (, shown above as /16). You are required to create "one subnet with up to 32,000 hosts, 15 subnets with up to 2,000 hosts, and eight subnets with up to 250 hosts". We will start with the subnet with the most hosts, and work down.

One Subnet with up to 32,000 Hosts

To do this part, use the formula for hosts on each subnet: 2N - 2 must equal 32,000 or more. What power of 2 is that? I have shaded the appropriate row green in the first table below. (Other rows are shaded other colors for the rest of the problem.)

Bits not borrowed 2N 2N - 2 (Hosts per subnet)
1 2 0
2 4 2
3 8 6
4 16 14
5 32 30
6 64 62
7 128 126
8 256 254
9 512 510
10 1024 1022
11 2048 2046
12 4096 4094
13 8192 8190
14 16384 16382
15 32768 32766
Bits borrowed 2N (Possible subnets)
1 2
2 4
3 8
4 16
5 32
6 64
7 128
8 256
9 512
10 1024
11 2048
12 4096
13 8192
14 16384
15 32768


So, we need 15 host bits. There are 32 bits in an address, so 32 - 15 gives us 17 as the length of our network mask. We started with a /16 mask. We borrow one bit for this subnet, to make it /17, creating two subnets, both of which will use the subnet mask Note that this solution is not possible unless we allow subnets to be defined by one bit (IP subnet-zero). The value of the borrowed bit will be 0 for the first subnet, and 1 for the other: and The Microsoft lesson says that " is chosen as the network ID". If we were not using VLSM, we would now be done, but would not have achieved all our goals. We will subdivide the second subnet to meet our second requirement.

Fifteen Subnets with up to 2,000 Hosts

Now, we need to have 15 subnets with at least 2,000 hosts on each one. Consulting the tables above, we see that we need 11 host bits for that many hosts per subnet. (I shaded this row a light orange.) We also need to have at least 15 subnets, which leads us to borrowing 4 more bits from the subnet we already created. Think about that: we created two /17 subnets. We used the first subnet, and we need to subdivide the second subnet on that network into 15 (or more) parts, so we borrow 4 more host bits (allowing us 16 new subnets), creating a series of /21 subnets. Per the example, "This produces 16 subnets (, . . .,, allowing up to 2,026 hosts per subnet." We will use the first 15 subnetted network IDs ( to We will continue to subnet the remaining /21 subnet ( to meet the next requirement.

Eight Subnets with up to 250 Hosts

We start this part of the problem with one subnet as our working area: We need 8 subnets with up to 250 hosts each. Can we do it? Consulting the table on the right, we need to borrow 3 more bits to make 8 subnets on this network. We also need to leave 8 host bits to allow as many as 250 hosts per subnet. We start out with a /21 network. If we borrow 3 more bits, this takes us to /24. The problem designer left no leeway: we have exactly 8 host bits left, so the requirements can both be met.

Again, per the example, we obtain eight subnets (, . . ., which allow up to 254 hosts per subnet. All 8 subnetted network IDs ( to will be used, so thank the designer for having no more parts to the problem.

The Microsoft lesson also provides a note: In dynamic routing environments, variable length subnetting can only be deployed where the subnet mask is advertised along with the network ID. Routing Information Protocol (RIP) for IP version 1 does not support variable length subnetting. RIP for IP version 2, Open Shortest Path First (OSPF), and Border Gateway Protocol version 4 (BGPv4) all support variable length subnetting. Your text agrees with this statement.

Concepts: Part 2

The next topic in the chapter is summarization, also called route aggregation. If you are not aware of it, routers keep lists of networks and routes to those networks in RAM. The lists are called routing tables. A router connected to a network must advertise its connection to other routers, and these advertisements become the items listed in routing tables. In the example above, we might expect a router connected to the parent network to have to advertise its connection to the parent, the two large subnets, the sixteen medium size subnets, and the eight small subnets. That would be a large number of entries in the tables of other routers. This can be avoided (but the process is not explained until chapter 6), by advertising a network address that summarizes (groups) all of those subnets together.

The text also describes summarization as supernetting, which may make the concept clearer. For some of us, it does not. Supernetting is defined in some networking literature as treating two or more networks as the same network, for the purpose of putting more hosts on a network than are normally allowed. In a sense, that is what VLSM and summarization advertisements do.

The following illustration is taken from a lecture by Dr. Colin Lemmon at James Cook University in Australia. His lecture is no longer available, so I will summarize a bit of it.We are going to summarize six subnets. They are nearly consecutively numbered:,,,,, and Obviously, the first two bytes of the addresses of these subnets are identical. If we compare the binary version of the third byte of each network address, we see that the first nibble is identical in all cases.

Network address Binary version of third byte 0110 0010 0110 0011 0110 0100 0110 0101 0110 0110 0110 1001

We will summarize these networks as one. We will use the identical portion of the third bytes, and say that all of these networks are part of (The 64 bit and the 32 bit are turned on. See the read digits above.) We will also describe this route as 8 bits from the first byte, 8 bits from the second byte, and 4 bits from the third byte make 20 bits as the network portion of the subnet mask. Traffic sent to any address on any of these networks will fit this route summarization.

Troubleshooting IP problems begins the same way on most networks. The text offers a sequence of suggestions from Cisco about troubleshooting communication problems. Before trying them, gather some information about the host: host's IP address, address of the default gateway, and address of the device that can't be reached.

  1. If a host cannot reach another device, start by pinging the local loopback address: This is a reserved address that stands for the IP stack on the host itself. This test only tests the IP stack itself. If this fails, you should reinstall TCP/IP.
  2. If you get by the first step, ping the address assigned to the host. This tests the communication between the IP stack and the the host's NIC. Failure indicates a problem with the NIC.
  3. If test 2 worked, ping the default gateway (router) for the host's network. Failure to ping the router may mean a problem anywhere between the NIC and router. This could be a switch, a cable, a bad address, or a bad subnet mask.
  4. If the previous steps worked, ping the remote device. If this works, you have proven that the remote device has a working IP stack and it is responding to pings. If this does not work, it could mean a problem anywhere beyond the router.

If all the tests above work, it only means that a ping made it to the device and back. There are lots of other problems that prevent devices from communicating. The text offers an observation that devices are often misconfigured by being given the wrong IP address, wrong gateway address, or wrong subnet mask.

The text walks through an example that requires you to make some assumptions. We learn that a workstation cannot contact a server on another subnet. There is another server on that remote subnet, but the user cannot attempt to connect to it as a test, due to having no rights on the second server. All four tests above are tried and test 4 fails: we can't ping the remote server. So, we now gather information about the devices, their subnet masks, their subnets, the broadcast addresses for the subnets, and the valid host ranges for the subnets.

  • We know that the user's workstation is given the address
  • The workstation's default gateway is
  • The workstation connects to a switch
  • The switch connects to a router called Lab A router. Its IP address is The router connects to another router by a WAN link. Its address on that connection network is
  • The next router is called Lab B router. Its address on the connecting WAN network is It address on the Lab B subnet is
  • The Lab B router connects to a switch.
  • The Lab B switch is connected to the two servers. Their addresses are and They are both configured with as their default gateway.

What the example does not tell us is the actual subnet mask used by any device but the two routers on their WAN network. The author tells us to assume that we are using the same subnet mask on the other subnets. Okay, if we do that, then /27 means that we are subnetting a class C network ( with three borrowed bits. Assuming that we are using IP subnet-zero, borrowing three bits yields 8 subnets, and the value of delta is 32. (The author calls delta a block size. This terminology is less clear, but you should recognize its use.) So, we derive the subnet addresses, the broadcast addresses, and host ranges for each subnet.

8 subnets, Δ = 32 Broadcast address Host range 1-30 33-62 65-94 97-126 129-158 161-190 193-222 225-254

Compare this table with the data in the bullets above. There is a problem that is now obvious. The text states it oddly. The problem is that the Lab B router has been given a bad address on the Lab B subnet. Its assigned address is This is an address that should never be assigned to a host, because it is the broadcast address for subnet 64. That router needs a new address, and every device on that subnet, including the two servers, must have the new address set as the default gateway. Had we run more ping tests, we might have tested from a workstation on the Lab B subnet, and found that we could not ping any device outside that subnet.

Students should go over the other troubleshooting examples in the text to become familiar with the methods provided in the text.