Variable Length Subnet Masks

Consider the XYZ Corporation which has been assigned the network number from the InterNIC. The world sees this company as Within the XYZ Corporation, however, the division of the network is very different. They could use Variable Length Subnet Masks to divide their world into a multi-level hierarchy.

The term Variable Length Subnet Mask (VLSM) refers to a design practice of creating sub-subnets in a tree-structured network. XYZ Corp has an office in many states, 23 field offices in all. The designers of the XYZ Corp network decide to divide their network into 32 subnets using a mask of In binary, the mask bits are:

11111111  11111111  11111100  00000000

The six bits of “1” in the third octet are the subnet bits (since the first 16 bits represent the network). These six bits can differentiate between up to 64 different subnetworks. This is the same logic as would be applied to any subnet mask.

Now, however, it is realized that at each site there is a sales division, an accounting department, a marketing group, and a technical support group. The designers want to further subdivide each site with a router. This would require further division of the address field. No problem. The main, central routers are subnetted and they differentiate between field offices. The field office routers, however, are subnetted with Think about this in the binary representation.

Main Router: 11111111 11111111 11111100 00000000
Field Router: 11111111 11111111 11111111 10000000

Notice that the field router defines an additional three bits in the mask. These three bits can be used to differentiate between 7 more subnet numbers (Since 2 raised to the 3rd power = 8). Of these eight possible values, the 000 and 111 value are not available for use in identifying a specific subnet. Refer to the Reserved IP Address List for more information on these restrictions. These are going to be used to route between the sales, accounting, marketing, and tech support groups at each field site. Perhaps the assignment is like this:

Sales = 001
Accounting = 010
Marketing = 011
Tech Support = 100

So, at a particular location, we discover that the bit sequence “000011” has been used to represent the site, say the network at the field office in Palo Alto, California. Here are the four divisions:

Sales = 000011 001 XXXXXXX
Accounting = 000011 010 XXXXXXX
Marketing = 000011 011 XXXXXXX
Tech Support = 000011 100 XXXXXXX

The “X”s represent the bits that are available to differentiate between individual stations (hosts) in each department. When viewed in the binary sense this scheme identifies FOUR fields. The NETWORK PORTION (in each case this is, the SUBNET (which is 000011), a “sub”-subnet (001,010,011, and 100) and the node portion (the “X”s). The routers understand how to divide the address based on the subnet mask. The world, in our example, sees The company sees Each field office sees The router masks the address and looks up the result in its table to determine how to forward the frame. Since the router “thinks” in binary there is no confusion, no problem. We, however, don’t think in binary. Consider these three stations shown with their dotted decimal and binary representations: 10100000 . 00000110 . 00001100 . 10000001 10100000 . 00000110 . 00001110 . 00000001 10100000 . 00000110 . 00001110 . 10000001

When looking at the dotted-decimal notation there is nothing immediately obtuse. In fact, when looking at the binary you don’t necessarily see the conflict immediately. To understand any subnet masking it is necessary to break the 32-bit address into the fields defined by the variable length masks.

First, mask the addresses with the used by the world at large:

Mask = 11111111 . 11111111 . 00000000 . 00000000 = 10100000 . 00000110 . 00001100 . 10000001
Result = 10100000 . 00000110 . 00000000 . 00000000

You can see that all three address mask back to; they are all on the same network as far as the world is concerned. Now lets just consider the last 16 bits of each address (since we know the first 16 are the same in all three cases).

The next router uses that mask; we are considering the 252.0 part. The masking now continues as follows:

Mask = 11111100 . 00000000
(160.6).12.129 00001100 . 10000001
(160.6).14.1 00001110 . 00000001
(160.6).14.129 00001110 . 10000001

Do you see that all three station are identified with 000011 as the bit pattern included in the masked portion? This means that the next router in line (the one masked as will direct frames to all three of these stations to the same destination router according to its routing table.

The last router in this hierarchy is using the mask Here is the masking:

Result Of Masking
Mask = 11111111 . 10000000
(160.6).12.129 00001100 . 10000001 00001100 . 10000000
(160.6).14.1 00001110 . 00000001 00001110 . 00000000
(160.6).14.129 00001110 . 10000001 00001110 . 10000000

It is critical that you understand this last step. Do you see that the bits included by the mask have been included in the result? Do you see the three additional bits used as the mask went from to Now we can assess the validity of the addresses. We know that the design intent called for four “sub”-subnetworks (001, 010, 011, and 100). Don’t be confused because these bits “span” the dot in the dotted-decimal notation. This is the confusing aspect of using anything other than “255”s in a subnet mask; the actual fields don’t break at the dots. The fields break as defined by the mask bits.

In this example, we know that all three stations are on the subnet defined with the leading bits “000011”. This leaves the “other” three bits to further differentiate between sub-subnets. (By the way, the term “sub”-subnet is being used only in the context of this document. The real world simply calls all of them “subnets” without regard for their level of hierarchical differentiation.) The remaining three bits may be broken out as follows (this is the table above simply repeated and clarified):

Result Of Masking
Mask = 11111111 . 10000000
(160.6).12.129 00001100 . 10000001 000011 [ 00 . 1 ] 0000000
(160.6).14.1 00001110 . 00000001 000011 [ 10 . 0 ] 0000000
(160.6).14.129 00001110 . 10000001 000011 [ 10 . 1 ] 0000000

Compare this to the design document which defined:

Sales = 000011 001 XXXXXXX
Accounting = 000011 010 XXXXXXX
Marketing = 000011 011 XXXXXXX
Tech Support = 000011 100 XXXXXXX

What we now see is that the address has the subnet bits 101 at the mask point This is an address which is not defined by the design of the network. Herein lies the danger with variable length masking: it’s awfully confusing to our decimal brains.