networking ip-addressing

Subnet Mask

subnetting ip-addressing cidr networking-fundamentals
Plain English

A subnet mask is like a zip code system for networks. Just as a zip code tells the postal service which neighborhood a house belongs to, a subnet mask tells a computer which part of an IP address is the “neighborhood” (network) and which part is the specific “house” (device). Two devices with the same network portion can talk directly; if the network portions differ, traffic must go through a router.

Technical Definition

A subnet mask is a 32-bit value (IPv4) that partitions an IP address into a network prefix and a host identifier. In binary, a subnet mask is a contiguous sequence of 1-bits (network) followed by 0-bits (host). It is never valid to have a 0-bit followed by a 1-bit in a subnet mask.

CIDR notation (Classless Inter-Domain Routing, RFC 4632) expresses the mask as a prefix length: /24 means 24 network bits, equivalent to 255.255.255.0.

The device performs a bitwise AND between the IP address and the subnet mask to determine the network address:

IP:     192.168.1.100  = 11000000.10101000.00000001.01100100
Mask:   255.255.255.0  = 11111111.11111111.11111111.00000000
Result: 192.168.1.0    = 11000000.10101000.00000001.00000000

Common subnet masks and their host capacity:

CIDRMaskHostsTypical Use
/8255.0.0.016,777,214Class A, large ISP blocks
/16255.255.0.065,534Class B, campus networks
/24255.255.255.0254Class C, standard LAN
/25255.255.255.128126Split a /24 in half
/30255.255.255.2522Point-to-point links
/32255.255.255.2551Host route, loopback

Two addresses in every subnet are reserved: the network address (all host bits 0) and the broadcast address (all host bits 1).

Variable Length Subnet Masking (VLSM) allows different subnets within the same address space to use different mask lengths, enabling efficient address allocation.

192.168.1.0 /24Octet 1Octet 2Octet 3Octet 42552552550...11111111.11111111.11111111.00000000Network Portion (24 bits)Host Portion (8 bits)Usable range: 192.168.1.1 to 192.168.1.254254 hosts | .0 = network | .255 = broadcast

Subnet calculation with ipcalc 

$ ipcalc 192.168.1.0/24
Address:   192.168.1.0          11000000.10101000.00000001. 00000000
Netmask:   255.255.255.0 = 24   11111111.11111111.11111111. 00000000
Wildcard:  0.0.0.255            00000000.00000000.00000000. 11111111
=>
Network:   192.168.1.0/24       11000000.10101000.00000001. 00000000
HostMin:   192.168.1.1          11000000.10101000.00000001. 00000001
HostMax:   192.168.1.254        11000000.10101000.00000001. 11111110
Broadcast: 192.168.1.255        11000000.10101000.00000001. 11111111
Hosts/Net: 254                   Class C, Private Internet
In the Wild

Subnetting is the foundation of network design. Every firewall rule, VLAN configuration, routing table entry, and access control list references subnet masks. In cloud environments (AWS VPCs, Azure VNets), you define subnets when creating networks, and the mask determines how many instances can live in each subnet. A /28 gives you 14 usable IPs, which is common for small management subnets, while a /20 gives you 4,094 hosts for larger application tiers. Misconfigured subnet masks are a frequent cause of “I can ping some hosts but not others” problems, because the device thinks a remote host is local (or vice versa) and routes traffic incorrectly.

← Back to Dictionary