Understanding the jist between CIDR and VLSM

[BSpendlove]

I try now and again to write blogs because I really think it helps me understand what I am studying but I thought I'd write a bit on here to see where I am going wrong, and if I am going in the right direction in some places.. My favorite part so far is the subnetting but let me start...

 

 

I'll use 172.16.x.x for this example.

 

 

I have created a scenario in my head where I have a network... Let's say......We have exactly 828 computers in a total of 4 rooms so we will approach this example to subnet each room.

 

Although the total computers in each room follows:

 

Room 1: 500 computers (woah big room... Just imagine, just an example)

Room 2: 57 computers

Room 3: 243 computers

Room 4: 28 computers

 

So if we take 172.16.0.0 /22 (since /23 will give us 510 valid IP's on the whole network and we need 828.... or maybe 832 because we will have a router with... 4 ports which will be the 'default gateway' for the computers blah blah blah)

 

/22 gives us say 11111111.11111111.11111100.00000000 (subnet mask of 255.255.252.0)

2^6 = 64 subnets

2^10 = (1024 - 2) 1022 valid host

easy way to find IP ranges 256-252 = increase by 4

 

NetA (Room1): 172.16.0.0 -> 172.16.3.255 /22

NetB (Room2): 172.16.4.0 -> 172.16.7.255 /22

NetC (Room3): 172.16.8.0 -> 172.16.11.255 /22

NetD (Room4): 172.16.12.0 -> 172.16.15.255 /22

etc...

 

IP valid range for hosts:

NetA: 172.16.0.1 -> 172.16.3.254

NetB : 172.16.4.1 -> 172.16.7.254

NetC: 172.16.8.1 -> 172.16.11.254

NetD: 172.16.12.1 -> 172.16.15.254

 

Left over IP's (room 1 = 522, room 2 = 965, room 3 = 779, room 4 = 994)?

 

 

 

Now my understanding with VLSM is that instead of using a 'fixed' of /22 on all the subnets, we can actually use the appropriate relating to how many hosts we need so...

 

NetA could be /23 (total of 510 valid hosts)

NetB could be /26 (total of 62 valid hosts)

NetC could be /24 (total of 254 valid hosts)

NetD could be /27 (total of 30 valid hosts)

 

NETWORK

Net A: 172.16.0.0 -> 172.16.1.255

NetB: 172.16.2.0 -> 172.16.2.63

NetC: 172.16.2.64 -> 172.16.3.63

NetD: 172.16.3.64 -> 172.16.3.95

 

IP Valid range for hosts:

NetA: 172.16.0.1 -> 172.16.1.254

NetB: 172.16.2.1 -> 172.16.2.62

NetC: 172.16.2.65 -> 172.16.3.62

NetD: 172.16.3.65 -> 172.16.3.94

 

 

Sorry if I got a few ranges mixed up, to make things easier, I could rearrange the networks into size (NetA being 500, NetB being 243, NetC being 57, NetD being 28 in the example below)

 

A bit neater would be:

 

NetA = 500 Computers (room 1) = /23 (510 valid)

NetB = 243 Computers (room 3) = /24 (254 valid)

NetC = 57 Computers (room 2) = /26 (62 valid)

NetC = 28 Computers (room 4) /27 (30 valid)

 

NETWORK

NetA: 172.16.0.0 -> 172.16.1.255

NetB : 172.16.2.0 -> 172.16.2.255

NetC: 172.16.3.0 -> 172.16.3.63

NetD: 172.16.3.64 -> 172.16.3.95

 

IP Valid

NetA: 172.16.0.1 -> 172.16.1.254

NetB: 172.16.2.1 -> 172.16.2.254

NetC: 172.16.3.1 -> 172.16.3.62

NetD: 172.16.3.65 -> 172.16.3.94

 

 

This example doesn't seem practical but was good practice for me.... But it seems that the original fixed /22 would give me a total of (1022 IP's x 4 subnets) 4088 usable IP's which would give me 3260 wasted IP addresses, but now I have reserved them using the VLSM method? Of course, if I wanted to expand a room, I couldn't expand it as much (like room 1)....

[leadeater]

Yep this is a good example of VLSM at work. Here are a few practical tips to address a few points, including the expansion issue you mentioned.

 

Create the largest subnets first and work your way down to the smallest, this can potentially allow more subnets to fit before having to use a new Major Network and is easier for human reading (You have already shown this):

1. Room 1:  172.16.0.0 -> 172.16.1.255
2. Room 3:  172.16.2.0 -> 172.16.2.255
3. Room 2:  172.16.3.0 -> 172.16.3.63
4. Room 4:  172.16.3.64 -> 172.16.3.95

If you look at the IP ranges you will notice it is much easier to read and figure out what a particular IP address would fall in to each subnet, humans see patterns and we are used to seeing IP subnets starting at 0 and ending at 255 (Screw you IPv6 ).

 

There is a counter argument to this which will make sense further below.

 

Account for 50% IP growth for each subnet:

One of the down sides to VLSM and creating tight IP ranges as you mentioned is the inability to expand a subnet in the middle of the Major Network. It is considered good practice to allow for 50% more IP address space than what you need at the time of creating it, so each subnet is actually too small.

 

Keep it simple, use /24 for host subnets.

Unless your network is extremely large use /24 subnets or larger where needed. Not everyone is a networking expert and understands IP subneting, keep life simple and use /24 so the last octet is the host and the second to last is subnet. If we ignore the unlikely event of 500 devices in a single room you can do a subnet for a building, floor or room depending on what makes the most sense for the situation.

 

Use tight ranges for inter router links etc, /30 or /31 (If device supports it)

Rather self explanatory but can help prevent unwanted devices getting between vital links. This is more about saving IP space etc.

 

Use a different Major Network for management networks

It is a good idea to keep client/host IP ranges well away from management IP ranges e.g. Switch management IP, Firewall management IP etc. Management networks grow at a much smaller rate and for network stability/maintenance these are much more important. I use 172.16.0.0/12 for management and 10.0.0.0/8 or 192.168.0.0/16 client/host.