Subnet Masks

Subnet Masks

Subnet masks are the same size as IP addresses (32-bit values) that allow the recipient of IP packets to distinguish the network ID portion of the IP address from the host ID. Like an IP address, the value of a subnet mask is frequently represented in dotted decimal notation. Subnet masks are determined by assigning 1’s to bits that belong to the network ID and 0’s to the bits that belong to the host ID. Once the bits are in place, the 32-bit value is converted to dotted decimal notation, as shown in the table below.

Address classBits for subnet maskSubnet mask
Class A11111111 00000000 00000000 00000000255.0.0.0
Class B11111111 11111111 00000000 00000000255.255.0.0
Class C11111111 11111111 11111111 00000000255.255.255.0

Table – Default Subnet Masks for Standard IP Address Classes

The result allows TCP/IP to determine the host and network IDs of the local computer. For example, when the IP address is and the subnet mask is, the network ID is 102.54 and the host ID is 94.97.

Keep in mind that all of this with the subnet masks is the principle and not necessarily the practice. If you (meaning your company) has been assigned a Class B address, then the the first two octets are assigned to you. You could then breakdown the class B net into Class C nets. If we take a look at Table 0\1, we see that there are 65,534 possible nodes in that network. That is really too many to manage on a single network.

However, if we considered each of the third octets to represent a sub-net of our class B network, they would all have 254 possible nodes per sub-net. This is basically what a class C net is anyway. We can then assign each sub-net to a department or building and then assign one person to manage each of the class C sub-nets, which is a little easier to do.

To keep the different class C subnet from interfering with each other, we give each sub-net a Class C subnet-mask, although the first octet is in the range for a Class B network. That way machines on this subnet are only concerned with packets for the subnet. We can also break down the sub-nets physically so that there is a gateway or router between the subnets. That way the physical network is not overburdened with traffic from 65,534 machines.

Let’s look at an example. Assume your company uses the private Class B network The different departments within the company are assigned a class C address that might look like this: Although the first octet (10) says that this is a class B address, it is really the subnet-mask that makes that determination. In this case, our subnet mask would be: Therefore, any packet that is destined for an address other than one starting is not on this network.

For example, to send a packet to the IP address, we compare the binary presentation of the network ID for the network interface and the IP address of the outgoing packet, which looks like this:

00001010 00000010 00011100 00000000 – Network ID
00001010 00000010 00011100 00000001 – Interface IP
00001010 00000010 00011100 00001011 – Destination Host IP

As you can see the network portion (the first three octets) is the same. Thus the machine knows that this IP packet is bound for a machine on the network reached by the interface with the IP address

You may have noticed that according to previous table the network address should be a Class B network, but we have used a Class C netmask (i.e. This is actually done quite often to allow one extra octet for the network address, so if your Class B address was 10.2 as in this example, you could also have the networks,,, and so forth.

It is the responsibility of IP to ensure that each packet ends up going to the right machine. This is accomplished, in part, by assigned a unique address to each machine. This address is referred to as the Internet address or IP address. Each network gets a set of these IP addresses that are within a specific range. In general, packets that are destined for an IP address within that range will stay within the local network. Only when a packet is destined for somewhere outside of the local network is it “allowed” to pass.

In other words, IP is responsible for the delivery of the packet. It functions similar to the post office, whereby you have both a sending and receiving address. Often times you have many more letters than a single mail bag can handle. The mail carrier (or someone else at the post office) will break down the number of letters into sets small enough to fit in a bag. This is what IP does.

Since there are many people using the line all at once, IP will break down the TCP packets into units of a specific size. Although often referred to also a packets, the more correct terminology is to refer to IP packets as datagrams. Just like bags of mail need to go from one post office to the next to reach their final destination, IP datagrams must often go through different machines to reach their final destination.

Saying that IP routing can be accomplished completely in software isn’t entirely accurate. Although, no physical router is needed, IP can’t send a packet to someplace where there is no physical connection. This is normally accomplished by an additional network card. With two (or more) network cards a single machine can be connected to multiple networks. The IP layer on that one machine can then be used to route IP packets between the two networks.

Once configured (how that’s done, we’ll talk about later), IP maintains a table of routing information, called (logically) a routing table. Every time the IP layer receives a packet, it checks the destination address

You will frequently see IP addresses referred to as, where the IP address is followed by a slash and a number representing how many bits should be used for the network portion of the address. In this example, there are 24 bits or three octets, which is a traditional Class C network. If we specified the address like this, it would mean that 28 bits would represent the network portion (which is obviously more bits than a traditional Class C network). This means that fewer bits are available for the host portion of the address. The point of all this, is that you can create networks of different sizes than the traditional three network classes. When you do, you have created a network that lies outside these three standard network classes, and your network is called classesless. This is referred to as Classless Inter-Domain Routing (CIDR).

Typically, the netmask is only needed when you are configuring new components. For example, when adding a new network card.