Rise of the Fellowship movie banner

Subnet Masking Definition

What is subnet masking, and what it is used for?

TCP/IP communication between computers is divided into packets with headers (electronic address labels) that identify the IP address of the computer a packet is coming from, and the IP address of the computer it is going to (the destination).

Every IP address is divided into a network ID portion and a client ID portion. On the internet, routers look at the 3 binary digits on the left of the destination IP address to determine an IP address's "class." (An IP address is 32 binary digits.) The router then uses the class to determine how many binary digits make up the network portion of the IP address: 8 for class A's, 16 for class B's, and 24 for class C's. It uses a database in the router (called the routing table) to decide where to send it next.

Once a packet is passed by an Internet router to its destination network, it is either on the LAN segment of the destination computer, or the LAN has been subdivided by the LAN administrators. If its on the destination computer's LAN segment, the destination computer uses it and it goes no further. If a network administrator has divided the LAN, and the destination computer is not on the current LAN segment, the corporate routers (not Internet routers) must now determine how to forward the packet to the correct LAN segment. These corporate routers are what sub-divide the LAN.

The "network" portion of the IP address doesn't help the corporate router, because every IP address in the subdivided LAN has the same network ID. This is what the subnet mask is for. Here's a key point: A subnet mask is used both when a LAN is subdivided, and when it is not subdivided (a single LAN segment).

If the LAN is not subdivided, the subnet mask shows that the LAN is a single segment. For example, with a class C IP address, the first 3 octets (w.x.y in the w.x.y.z format, or the left-most 24 binary digits) are the network ID portion, and a subnet mask of 255.255.255.0 would be used to indicate that there was only one undivided LAN segment. In this case, the client ID portion of the IP address (the z in the w.x.y.z format) is not divided, and all 8 binary digits are used to identify a specific computer on the LAN segment. (In binary, a mask of 255.255.255.0 is 11111111.11111111.11111111.00000000.)

When a LAN is subdivided, the client ID portion of the IP address is split! The part on the left is used to identify the corporate LAN segment, and the part on the right is used to identify a specific computer on that LAN segment. With a class C IP address, and a subnet mask of 255.255.255.192, the 192 tells the corporate routers that of the eight binary digits making up the client ID in a class C IP address, the 2 on the left are to identify the LAN segment, and the remaining 6 identify the specific computer on that LAN segment. (In binary, a mask of 255.255.255.192 is 11111111.11111111.11111111.11000000, and the digits in red show which digits of the client ID portion are masked, and therefore used to identify a corporate subnet.)

Here's a class B example. The client ID of a class B IP address is the 16 binary digits on the right (y.z in the w.x.y.z format). A mask of 255.255.248.0 tells the corporate routers that the first 5 of those 16 is to identify the LAN segment, while a mask of 255.255.255.192 tells the corporate routers that the first 10 of those 16 is to identify the LAN segment. (Though the mask of 255.255.255.192  is the same as the mask for the class C address, a class B address has a larger client ID portion, so the digits in red show the first 10 digits of the client ID portion being masked: 11111111.11111111.111111111.11000000.)

For a chart that shows how all the normal mask numbers split an octet, see table 2 in my subnet masking summary. If you're a little confused about IP Addressing, get a definition here.


If you have specific questions you need answered, try the Networking Resource Channel at Experts-Exchange.


Copyright 1999-2006 John Lambert, all rights reserved. John is a premier field engineer with Microsoft.

Subnet Masking Articles MENU

Elf Ink's
Bodacious
Networking Gear

I Speak TCP/IP, clock
Knight of the Routing Table, framed print
I Speak TCP/IP, thong
I Speak TCP/IP, t-shirt
I Am The Net, t-shirt
I Speak TCP/IP, teddy bear
I Speak Cisco IOS, shirt
I Speak TCP/IP, hat
Elf Ink's
Bodacious
Networking Gear