A subnet mask is a way of telling your computer or router what network addresses it can consider local and which are remote.
Well, to be blunt it’s something you probably never need to know
about. Sure, you may have to “get it right” when you enter one
into a router configuration, but as to what it means or why it
matters, why bother?
You want to know anyway, don’t you? Fair enough.
A subnet mask is just a nifty way to define sub-networks. And that of
course opens up a slightly larger can of worms.
Become a Patron of Ask Leo! and go ad-free!
I’m going to use phone numbers as an analogy here. Like any
it’s an imperfect analogy, but I think it’ll help make the
In North America, phone numbers are 10 digits long and consist of three
The area code of three digits. Originally an area
code defined exactly that – a geographical area. Area code 206 for
example was once all of western Washington state.
The exchange of three digits. The exchange identified
the switching equipment that typically covered a sub-region with in the
area code. For example, 788 represents the “Duvall” exchange –
located near the city of Duvall in western Washington is a small utility
building that houses the equipment that is the 788 exchange.
And finally, the four digit line number. It’s
this number that identifies each pair of wires the leave the exchange and
arrive at a real telephone set.
So what we take for granted as a 10 digit “phone number” is
really a construction of three distinct numbers, each with a specific
meaning. (And for the record, many of those meanings have become blurred
over the years, particularly with the advent of cellular phones.)
Now let’s look at the internet. You already know that each computer
connected to the internet has its own equivalent of a phone number, called
its “address”. Names, such as “www.microsoft.com”
actually map to these numeric addresses, such as
“18.104.22.168”. As you might already be thinking each internet
(or IP – for Internet Protocol) address breaks down into components not
unlike the 10 digit phone number. The difference is that the components are
not always the same size.
IP addresses broken down into what are called “classes”.
Classes are kind of like area codes; they define where, at the highest
level, an address lives. To grossly over-simplify, classes are
really just a contiguous block of internet addresses. Within each block
though it’s still desirable to “subdivide” that network into
smaller logical groups. For example a class-A network can have 16 million
addresses. It’s not a good idea to have traffic for 16 million
computers traveling across the entire network. That’s where
“subnetting” and the subnet mask comes in. The internet
protocol’s rough equivalent to the telephone’s exchange number.
The “problem”with subnets is that each network administrator
who’s been assigned a range of IP addresses is free to create their own
subnets and to define how large they are. It’s the subnet mask
that defines how big a part of the internet address is to be used as the
Unfortunately this is also where we have to start thinking like
computers in binary. We’ll use these addresses:
1) 22.214.171.124 [binary: 10100100 01101101 00011100 00000011]
2) 126.96.36.199 [binary: 10100100 01101101 00011011 11101001]
3) 188.8.131.52 [binary: 10100100 01101101 10001011 00000100]
And this subnet mask:
255.255.128.0 [binary: 11111111 11111111 10000000 00000000]
The mask’s binary digits are set to 1 to indicate the positions of
an internet address that define the subnet. Conversely, it’s set to
zero for that portion of the address that defines the specific computer on
If we do the masking and converting and other what-have-you, we find
that of our example addresses #1 and #2 are on the same subnet:
184.108.40.206 while #3 is on a different subnet: 220.127.116.11.
Which after all this brings us to an even more important question:
why should we care?
It’s all about routing. When information flows across the internet,
it flows through equipment called “routers”. Routers look at the
IP address the information is destined for and decide on the best way to
get it there. A subnet is a quick way to know where the information
belongs. For example, a packet from our example #1 to example #2 is on the
same subnet so routers can take advantage of that information and not send
the packet anywhere else. A packet from #1 to our example #3 however is
destined for a computer on a different subnet and the routers handling
that packet will know to send it along a different path to get there.
To use our telephone analogy again, if I’m in Duvall making a call
on my 788-xxxx telephone to another 788-xxxx telephone then the phone equipment
knows that it doesn’t have to try anywhere else – it all happens within
the Duvall exchange. On the other hand, if I try to call a 483-xxxx number then
the 788 exchange needs to route my call to other equipment within my area
code that knows how to find the 483 exchange.
As you can imagine, I’ve only scratched the surface here. IP
addresses, subnets and supernets, routing, special purpose addresses,
network address translation; the internet’s a complicated world. If
you’re interested in reading further here are some resources: