VLSM (Variable Length Subnet Masks)  


VLSM, just as with subnets, is a local, LAN scheme.  The Internet backbone routers have no concept of VLSM !!!

It allows the boundary between the subnet bits and host bits to vary - in otherwords, the length, in bits, of both the extended prefix and hosts can vary.  In all previous examples, there is a specific number of network bits (prefix bits), a specific number of subnet bits (where the extended prefix = network prefix + subnet bits), and a specific number of host bits.  With VLSM you can have several subnets and several extended prefixes of varying length. Those subnets, in turn, can be separated into other subnets of varying length, and so on.

However, the prefix (network) bits stay the same !!!

NOTE:  You cannot use the RIP-1 routing protocol with VLSM !!!  RIP-1 does not send the prefix info in it's routing update messages.  It only allows a single mask to be used.  OSPF and IS-IS supply the extended prefix length or mask along with each route advertisement included with the router updates, and therefore work well with VLSM.

Longest Match Algorithm

All routers must implement a consistent forwarding algorithm based on the "longest match" algorithm. The deployment of VLSM means that the set of networks associated with extended-network-prefixes may manifest a subset relationship. A route with a longer extended-network-prefix describes a smaller set of destinations than the same route with a shorter extended-network-prefix. As a result, a route with a longer extended-network-prefix is said to be "more specific" while a route with a shorter extended-network-prefix is said to be "less specific." Routers must use the route with the longest matching extended-network-prefix (most specific matching route) when forwarding traffic.

For example, if a packet's destination IP address is and there are three network prefixes in the routing table (,, and, the router would select the route to The route is selected because its prefix has the greatest number of corresponding bits in the Destination IP address of the packet. 

Destination = 00001011.00000001.00000010.00000101 

* Route #1 = 00001011.00000001.00000010.00000000 

   Route #2 = 00001011.00000001.00000000.00000000 

   Route #3 =   00001011.00000000.00000000.00000000 

* Best Match is with the Route Having the Longest Prefix (Most Specific) 

There is a very subtle but extremely important issue here. Since the destination address matches all three routes, it must be assigned to a host which is attached to the subnet. If the address is assigned to a host that is attached to the or subnet, the routing system will never route traffic to the host since the "longest match algorithm" assumes that the host is part of the subnet. This means that great care must be taken when assigning host addresses to make sure that every host is reachable!

Where you would use VLSM ?

For example, in a campus environment.  You might have a Class B block of addresses to be used across several campuses.  One of the campuses requires half of the addresses and the other two need a fourth.  So you use variable length subnets.  Within each campus, there are several buildings, so you further subnet the subnets.  And in those buildings you could have workgroups, which require subnets of the subnets of the subnets.  All these entities require different numbers of IP addresses.  To use fixed subnet masks, where all would receive the same number of IP addresses, would be very wasteful.

VLSM Route Aggregation

VLSM is simlilar to CIDR, in that is performs route aggregation.  The ISP applies CIDR to reduce the number of routes that must be stored.  Similarly, the customer applies VLSM to their LAN to optimize usage of their alloted address space.  They do not create any new addresses - but they can group them more efficiently.  The difference is that with CIDR, the ISP or Internet Registry agregates smaller variable-length address blocks into one larger block and with VLSM the end organization aggregates smaller variable-length address blocks into their larger, assigned address block.

You may be thinking . . . "wait a minute . . . CIDR is supernetting and VLSM is subnetting".  Actually, VLSM uses subnet masks, but the purpose is to combine them into a larger network address - a supernet !!  Both CIDR and VLSM perform supernettinf, or route aggregation.  

But the similarity stops there - with aggregation.  CIDR goes a lot farther - it includes the complex formula for routing classless packets across the Internet backbone.  VLSM is not concerned with routing, and it is not concerned with either classless or classful.  It is only a method of using variable length subnet masks to allow variable length subnets to exist, and to be combined into one larger network address.

This allows networks to use different subnet masks of varying lengths, so that the address space can be more fully used.  For example, a company may have several mid-size groups and then several smaller groups all on different network segments.  VLSM could be used to give the mid-size segments /24 subnets and the smaller segments /27 subnets.  All of the smaller subnets are combined into the larger subnets, and all the routes are agrregated as shown in the following diagram:



Example -