~/geeksubnet/guides/vlsm

VLSM: design a real addressing plan

From requirements to a non-overlapping plan. Check the result in the VLSM solver.

Variable Length Subnet Masking (VLSM) is just subnetting where the pieces are different sizes. It matters because real networks are lopsided: a user VLAN might need 500 addresses while a router-to-router link needs two. Giving both a /24 wastes a thousand addresses. This guide treats VLSM as a repeatable design process and works a full example end to end.

Why fixed-size subnets waste space

Suppose you carve 10.0.0.0/24 into eight equal /27 subnets (30 hosts each). A point-to-point link between two routers uses 2 of those 30 addresses; the other 28 are stranded — you cannot lend them to the busy user segment next door, because they belong to a different subnet. Multiply that across dozens of links and you run out of space in a block that is mostly empty. VLSM fixes this by sizing each subnet to its actual need.

The algorithm: largest first

There is one rule that makes VLSM work without overlaps: allocate the largest subnet first, then the next largest, and so on. Each subnet is placed at the next free, correctly aligned boundary. Sorting largest-to-smallest guarantees alignment falls into place naturally; doing it in the wrong order leaves awkward gaps.

List every segment with its required usable host count.
For each, find the smallest prefix that fits: round the requirement (plus 2 for network and broadcast) up to the next power of two.
Sort the list from largest block to smallest.
Assign blocks in order, each starting where the previous one ended.

Worked example: five segments in a /22

You are given 172.16.0.0/22 (1,024 addresses) and these requirements:

Segment	Hosts needed	Smallest prefix	Block size
Office LAN	400	/23	512
Wi-Fi	200	/24	256
Servers	60	/26	64
Management	20	/27	32
Router link	2	/30	4

A 400-host segment needs 402 addresses including network and broadcast; the next power of two is 512, a /23. Wi-Fi's 200 rounds up to 256, a /24. Now allocate largest first, starting at 172.16.0.0:

Office LAN  /23   172.16.0.0    →  172.16.1.255    (510 usable)
Wi-Fi       /24   172.16.2.0    →  172.16.2.255    (254 usable)
Servers     /26   172.16.3.0    →  172.16.3.63     ( 62 usable)
Management  /27   172.16.3.64   →  172.16.3.95     ( 30 usable)
Router link /30   172.16.3.96   →  172.16.3.99     (  2 usable)

Each block begins exactly where the last one ended, and each start address is a multiple of its own block size — that is what "aligned" means. Total consumed: 512 + 256 + 64 + 32 + 4 = 868 addresses out of 1,024, leaving 172.16.3.100 through 172.16.3.255 (156 addresses) free for growth. Efficiency: about 85%.

Always size to the realistic maximum, not today's count. A segment with 60 servers that grows past 62 forces a painful renumber. If you expect growth, give Servers a /25 (126 usable) now — VLSM is about deliberate sizing, not squeezing every address.

Verifying the plan

Two checks catch almost every mistake. First, no overlap: each subnet's broadcast address must be lower than the next subnet's network address. Second, alignment: each network address modulo its block size must be zero (e.g. a /26's network must be a multiple of 64). The VLSM solver enforces both and shows the allocation efficiency; the subnet splitter handles the simpler case where every segment is the same size.

Common mistakes

Allocating smallest first. You end up with a /30 sitting at 172.16.0.0, and the next /23 cannot start until 172.16.2.0 — wasting an entire /23 of alignment padding.
Forgetting the +2. A segment needing exactly 254 hosts does not fit in a /24 (only 254 usable — fine) but one needing 255 needs a /23. Always add network and broadcast before rounding.
Ignoring /31 for point-to-point. RFC 3021 allows /31 on links between two routers, giving 2 usable addresses with no waste. Many designs still use /30 out of habit.

Open the VLSM solver → ← Subnetting basics Next: IPv6 → All guides