A subnet mask is a 32-bit value that separates an IP address into a network portion and a host portion, defining which devices belong to the same subnet. A subnet mask such as 255.255.255.0 works alongside an IPv4 address to tell a device which part of the address identifies the network and which part identifies the individual host. This article defines the subnet mask, explains how a mask such as 255.255.255.0 divides an address, describes CIDR notation such as /24, distinguishes network bits from host bits, explains why subnetting is used for segmentation, efficiency, and security, shows how to calculate the number of hosts per subnet, and explains the relationship between the subnet mask and the default gateway.
The Internet Engineering Task Force (IETF) defined subnetting in RFC 950 and Classless Inter-Domain Routing in RFC 4632. A subnet mask is required on every IPv4 device, because a device cannot determine whether a destination sits on the local network without the mask. Each section names the value, standard, or calculation involved.
What Is a Subnet Mask?
A subnet mask is a 32-bit number that divides an IPv4 address into a network part and a host part by marking which bits identify the network. The mask uses consecutive 1 bits for the network portion and consecutive 0 bits for the host portion. A device compares its own address and mask against a destination address to decide whether the destination sits on the same local network or requires a router.
The subnet mask never travels across the network in a packet, because the mask is a local configuration value on each device. A common subnet mask is 255.255.255.0, which reserves the first three octets for the network and the last octet for hosts. The mask pairs with an IP address on every configured device.
How Does a Subnet Mask Work?
A subnet mask works by applying a bitwise AND operation between the mask and the IP address to extract the network address. The mask 255.255.255.0 marks the first 24 bits as network bits.
- A device writes its IP address in binary, such as 192.168.1.20.
- The device writes the subnet mask in binary, such as 255.255.255.0.
- The device performs a bitwise AND, keeping the bits where the mask shows 1.
- The result is the network address, such as 192.168.1.0, shared by every host in the subnet.
- The device repeats the operation on any destination address to compare network addresses.
The destination is local when its network address matches the source network address. The destination is remote when the network addresses differ, so the device sends the packet to the default gateway instead. The octet value 255 marks all eight bits as network bits, and the value 0 marks all eight bits as host bits.
What Is CIDR Notation?
CIDR notation writes a subnet mask as a slash followed by the number of network bits, such as /24 in place of 255.255.255.0. CIDR stands for Classless Inter-Domain Routing.
| CIDR | Subnet Mask | Network Bits | Host Bits | Usable Hosts |
|---|---|---|---|---|
| /8 | 255.0.0.0 | 8 | 24 | 16,777,214 |
| /16 | 255.255.0.0 | 16 | 16 | 65,534 |
| /24 | 255.255.255.0 | 24 | 8 | 254 |
| /25 | 255.255.255.128 | 25 | 7 | 126 |
| /26 | 255.255.255.192 | 26 | 6 | 62 |
| /30 | 255.255.255.252 | 30 | 2 | 2 |
The IETF introduced CIDR in RFC 4632 to replace the older fixed Class A, B, and C system. CIDR allows any prefix length, so a network can be sized to the exact number of hosts it needs rather than rounded up to a class boundary.
What Is the Difference Between Network Bits and Host Bits?
Network bits identify the subnet a device belongs to, while host bits identify the individual device within that subnet. The subnet mask sets the boundary between the two groups.
- Network bits stay the same across a subnet. Every device in a /24 subnet shares the same first 24 bits, which form the network address.
- Host bits change for each device. The remaining bits give each device a unique value within the subnet.
- The all-zero host value names the network. An address with every host bit set to 0, such as 192.168.1.0, is the network address and is not assigned to a device.
- The all-one host value is the broadcast. An address with every host bit set to 1, such as 192.168.1.255, is the broadcast address for the subnet.
Why Is Subnetting Used?
Subnetting is used to divide a large network into smaller subnets for segmentation, efficient address use, and improved security. Three measurable benefits drive the practice.
- Segmentation reduces broadcast traffic. A broadcast stays within its subnet, so dividing a network limits the number of devices that receive each broadcast frame.
- Efficient addressing prevents waste. A correctly sized subnet assigns only the addresses a segment needs rather than reserving an entire address class.
- Security improves through isolation. Separate subnets let an administrator apply firewall rules between segments, such as keeping guest devices away from internal servers.
- Performance rises with smaller domains. A smaller broadcast domain reduces the load each device processes from network-wide broadcast traffic.
How Do You Calculate Hosts Per Subnet?
The number of usable hosts per subnet equals 2 raised to the number of host bits, minus 2 for the network and broadcast addresses. The formula applies to any IPv4 subnet.
- Count the host bits by subtracting the CIDR prefix from 32, so a /24 leaves 8 host bits.
- Raise 2 to the number of host bits, so 2 to the power of 8 equals 256 total addresses.
- Subtract 2 to remove the network address and the broadcast address, leaving 254 usable hosts.
- Apply the same steps to any prefix, so a /26 with 6 host bits gives 62 usable hosts.
- Use the result to confirm a subnet holds enough addresses for every device on the segment.
The two reserved addresses are the network address with all host bits zero and the broadcast address with all host bits one. A /31 is the exception defined in RFC 3021, which allows two hosts on point-to-point links without reserving those addresses.
How Does the Subnet Mask Relate to the Default Gateway?
The subnet mask tells a device whether a destination is local, and the default gateway is the router a device uses to reach destinations outside the local subnet. The two values work together on every device.
A device compares the network address of a destination against its own network address using the subnet mask. The device sends the packet directly when the destination is on the same subnet. The device sends the packet to the default gateway when the destination sits on a different subnet, because only a router can forward between subnets.
A wrong subnet mask makes a device treat a remote address as local, so the packet never reaches the gateway. Assigning a fixed address and the matching mask is covered in the guide to set up a static IP.
How Do Subnet Masks Work With IPv6?
IPv6 replaces the dotted-decimal subnet mask with a prefix length in CIDR notation, such as /64, because IPv6 addresses are 128 bits long. IPv6 abandons the older mask format entirely.
A standard IPv6 subnet uses a /64 prefix, which reserves the first 64 bits for the network and the last 64 bits for the host portion. The vast address space of IPv6 removes the need to conserve host addresses through small subnets, so subnetting in IPv6 focuses on hierarchy rather than efficiency. The differences between the two protocols, including address length and notation, appear in the comparison of IPv4 versus IPv6.
What Are the Default Subnet Mask Classes?
The original IPv4 system defined three default subnet masks tied to address classes A, B, and C before CIDR replaced the fixed scheme. Each class set a default boundary between network and host bits.
- Class A uses 255.0.0.0. A Class A address reserves the first 8 bits for the network and 24 bits for hosts, covering addresses from 1 to 126 in the first octet.
- Class B uses 255.255.0.0. A Class B address reserves 16 bits for the network and 16 bits for hosts, covering the first octet range 128 to 191.
- Class C uses 255.255.255.0. A Class C address reserves 24 bits for the network and 8 bits for hosts, covering the first octet range 192 to 223.
- Classes D and E serve special roles. Class D carries multicast traffic, and Class E is reserved for experimental use, so neither holds a host subnet mask.
The classful system wasted addresses, because a network slightly larger than a Class C had to take a full Class B. CIDR replaced the fixed classes in 1993 to allow any prefix length and reduce that waste.
What Are Private IP Address Ranges?
Three IPv4 ranges are reserved for private networks, and each pairs with a default subnet mask for internal use. The IETF reserved these ranges in RFC 1918.
- The 10.0.0.0/8 range serves large networks. The single Class A private block provides over 16 million host addresses for one organization.
- The 172.16.0.0/12 range serves medium networks. The block spans 172.16.0.0 through 172.31.255.255 for mid-sized deployments.
- The 192.168.0.0/16 range serves small networks. Home routers commonly use a 192.168.1.0/24 subnet from this block for local devices.
- Private addresses require translation. A device on a private range reaches the internet only through Network Address Translation on the router.
Key Takeaways
- A subnet mask splits an IP address. The mask separates the network portion from the host portion of an IPv4 address.
- The mask 255.255.255.0 equals /24. CIDR notation writes the number of network bits after a slash.
- Network bits stay fixed and host bits vary. Devices in one subnet share the network bits and differ in the host bits.
- Hosts per subnet follow a formula. Usable hosts equal 2 to the host bits minus the network and broadcast addresses.
- The mask decides local versus remote. A device sends remote traffic to the default gateway based on the subnet mask comparison.
What is a subnet mask in simple terms?
A subnet mask is a 32-bit value that splits an IP address into a network part and a host part. It tells a device which addresses belong to the same local network.
What does 255.255.255.0 mean?
The mask 255.255.255.0 reserves the first 24 bits for the network and the last 8 bits for hosts. It equals /24 in CIDR notation and allows 254 usable host addresses per subnet.
What is the difference between a subnet mask and CIDR?
A subnet mask writes the network boundary in dotted decimal, such as 255.255.255.0. CIDR writes the same boundary as a slash and a number of network bits, such as /24.
How many hosts are in a /24 subnet?
A /24 subnet has 8 host bits, giving 256 total addresses. Two addresses are reserved for the network and broadcast, leaving 254 usable host addresses for devices.
Why is a subnet mask needed?
A subnet mask is needed so a device can tell whether a destination is on the local network or must be sent to the default gateway. Without it, routing decisions fail.
What is the most common subnet mask?
The most common subnet mask on home and small office networks is 255.255.255.0, written as /24. It supports up to 254 devices on a single local network segment.
Last Thoughts on a Subnet Mask
A subnet mask is the 32-bit value that divides an IPv4 address into a network portion and a host portion so a device knows which destinations sit on its local network. The mask uses 1 bits for the network and 0 bits for hosts, CIDR notation such as /24 records the count of network bits, and a simple formula gives the usable hosts per subnet.
The subnet mask works with the default gateway to route remote traffic, and IPv6 replaces the mask with a prefix length. The address the mask divides is explained in the overview of an IP address, the move to longer addresses in the comparison of IPv4 and IPv6, and the broader structure on the how networks work hub.
