Subnet Masks
The structure of IPv4 address was devised using classes to indicate the division between the network address and the host address. With increasing pressure on networks to maximise the utilisation of addresses, administrators have subdivided their networks into smaller subnetworks (subnets). Thus the boundary on the 8, 16 or 24 bit point may not be where the division occurs.
Thus we need a different method to indicate where the split is in the IP address. We cannot alter the current structure, so we need an additional parameter.
The Subnet Mask
A subnet mask is a 32 bit binary number where a binary 1 indicates a network bit and a binary 0 represents a host bit in the corresponding IP address. Thus subnet masks are always a series of 1s followed by a series of 0s. These masks are used on routers and end devices to indicate where the split is, so the network portion of the corresponding IP address can be identified.
Routers will learn, or be configured with, which subnet masks to use for the networks they are connected to. End devices will learn their subnetmask through DHCP or be configured with the appropriate value. We can write subnet masks in binary or dotted decimal (just like IP addresses).
Thus we can write the default subnet mask for a class A, B and C networks
Class | Subnet mask (binary) | Subnet mask (decimal) |
---|---|---|
A | 11111111 00000000 00000000 00000000 | 255.0.0.0 |
B | 11111111 11111111 00000000 00000000 | 255.255.0.0 |
C | 11111111 11111111 11111111 00000000 | 255.255.255.0 |
Using a subnet mask
When an IP packet arrives on a router, the router examines the destination address to decide what to do. The router has an internal table (the routing table) which stores all the networks it knows about and the associated interface which leads to that network. The router thus needs to know the destination network of the packet so it can use this as a lookup in the routing table.
When a packet originates on an end device, the end device will need to know if the destination is on the same local network or off on a different network. It does this by examining its own local address to see which network it is on, and then compares this to the destination network of the packet. If the two match, the destination is on its own Local Area Network (LAN). If not it is on a different network and the packet should be forwarded to the default router (sometimes called the gateway).
In the two scenarios above we have a IP address and a subnet mask and have to work out the network address.
The process is to 'bitwise AND' the corresponding bits in the subnet mask and the IP address. The mask acts like a filter, allowing network bits through (where there are 1s in the mask) and blocking host bits (where there are 0s in the mask).
Bitwise AND
Bits | Results |
---|---|
0 AND 0 | 0 |
0 AND 1 | 0 |
1 AND 0 | 0 |
1 AND 1 | 1 |
Thus given a device with the IP address 192.168.1.1 and the subnet mask 255.255.255.0, calculate the IP network address of the device
Field | Dotted Decimal | Binary | Dotted Decimal |
---|---|---|---|
IP address | 192.168.1.1 | 11000000 10101000 00000001 00000001 | |
Network Address | 255.255.255.0 | 11111111 11111111 11111111 00000000 | |
11000000 10101000 00000001 00000000 | 192.168.1.0 |
Thus, an IP packet arriving with a destination address of 192.168.1.1 on an interface is bitwise ANDed with the associated mask of 255.255.255.0. This tells us the destination is on the 192.168.1.0 network and the device can look up where the network is.