IP Subnets and Netmasks Demystified

I had to explain the purpose of netmasks to my field tech yesterday and recalled the great difficulty I had with the concept when I started taking an interest in networking. In this article I will attempt to put the matter in terms I wish I had heard first.

The Internet is a network composed of networks which may be composed of smaller networks ad infinitum. These networks are called sub-networks or "subnets." Hosts on the same subnet can generally communicate directly with one another. Hosts on different subnets communicate with one another by sending the traffic via one or more gateways or "routers" which have a presence on each subnet. Some say proper protocol is to only call a router a gateway when it connects two or more different layer 2 technologies, however in OS network configuration common parlance is usually just gateway.

Hosts on a network need to know what traffic they can send directly over the layer 2 (or otherwise transparently local) network to other hosts and what packets need to be passed to the gateway. The value of the configured netmask is laid over the host's own IP address in such a way that is difficult to visualize in dotted-decimal notation, so let's take the IP address and netmask and look at them in binary:


A netmask of when applied to means "anything that doesn't match the first 24 digits of your IP is NOT local traffic and must be sent to the gateway." The bits in the local address which are in the same position as the 1 bits of the netmask determine if an address is local or not, so it could be said that the "1 bits" are masked out. The "0 bits" are called the rest field and by ignoring them the host can quickly tell is on the local subnet but is not, and neither is

11000000101010000000000000000001 local host
11111111111111111111111100000000 netmask

There are 8 rest bits in this example so we can tell that the address space of this subnet is 256 addresses deep and they range from to (00000000 - 11111111).

Before Classless Inter-Domain Routing or CIDR, the subnets of the Internet were divided into fixed-width blocks called classes. Class names were given to subnets of various sizes and specializations, starting with large Class A subnets at the beginning of Internet address space and advancing to smaller and even experimental subnets as it descends. CIDR did away with the concept of classes and opened the netmask to single-bit-level control; subnets could now be created at sizes of any power of two, in any position of the global address space. CIDR also brought with it a new notation for routing prefixes, a slash after an IP followed by the number of "1 bits" in the netmask. In this way the IP netmask can be written Whle CIDR notation can be used to determine the netmask of a subnet and vice versa it is typically used only to describe whole subnets or convey that a given IP is part of a certain sized subnet.

Netmask Netmask (binary) CIDR Contains 11111111.11111111.11111111.11111111 /32 Host (single address) 11111111.11111111.11111111.11111110 /31 Unusable 11111111.11111111.11111111.11111100 /30 2 usable 11111111.11111111.11111111.11111000 /29 6 usable 11111111.11111111.11111111.11110000 /28 14 usable 11111111.11111111.11111111.11100000 /27 30 usable 11111111.11111111.11111111.11000000 /26 62 usable 11111111.11111111.11111111.10000000 /25 126 usable 11111111.11111111.11111111.00000000 /24 "Class C" 254 usable
- 11111111.11111111.11111110.00000000 /23 2 Class C's 11111111.11111111.11111100.00000000 /22 4 Class C's 11111111.11111111.11111000.00000000 /21 8 Class C's 11111111.11111111.11110000.00000000 /20 16 Class C's 11111111.11111111.11100000.00000000 /19 32 Class C's 11111111.11111111.11000000.00000000 /18 64 Class C's 11111111.11111111.10000000.00000000 /17 128 Class C's 11111111.11111111.00000000.00000000 /16 "Class B"
- 11111111.11111110.00000000.00000000 /15 2 Class B's 11111111.11111100.00000000.00000000 /14 4 Class B's 11111111.11111000.00000000.00000000 /13 8 Class B's 11111111.11110000.00000000.00000000 /12 16 Class B's 11111111.11100000.00000000.00000000 /11 32 Class B's 11111111.11000000.00000000.00000000 /10 64 Class B's 11111111.10000000.00000000.00000000 /9 128 Class B's 11111111.00000000.00000000.00000000 /8 "Class A"
- 11111110.00000000.00000000.00000000 /7 11111100.00000000.00000000.00000000 /6 11111000.00000000.00000000.00000000 /5 11110000.00000000.00000000.00000000 /4 11100000.00000000.00000000.00000000 /3 11000000.00000000.00000000.00000000 /2 10000000.00000000.00000000.00000000 /1 00000000.00000000.00000000.00000000 /0 This Network

It should be noted here that in any size subnet you create you will be shy two usable IP addresses from the full number of slots. This is because subnets have a broadcast address that reaches every host at the last IP and their routes are represented by their lowest, therefore represents the subnet, is the broadcast address and - can be used for real hosts, a total of 254 usable addresses.


• Ingwie Phoenix

Quite useful. Currenty, Im exploring things about networking and such. Things in the admin interface which is dedicated to my server and which was given to me by the DC hoster get me confusing at times. And one of these things just got well explained ^^!

• Bob Alexander

Good info - I just wanted to point out that a /31 can be used in generally the same manner as a /30, as a Point-to-Point link such as with serial or directly connected ethernet links.

Using the /31 method gets you twice as many possible PtP links as the /30 traditional method.


Great point, thanks!