Subnetting for beginners

As a matter of fact, I’m no stranger to TCP/IP, and really not a beginner, but every time I need to really grasp subnetting (now third time since 1999, by the way), my brain collapses. It’s a bug of some sort.

One serious question: Anybody knows of a “subnetting for dummies” kind of site. Not the usual technical stuff – my brain already collapsed from it, this evening – but with some twist, or something, to make me go: “Ah, finally! Why didn’t somebody said so from the beginning? I will never need to study this again!”

One not so critical question: Why “mask”? In what sense is a subnet mask a “mask”? (My native language is not english.)

Hoping for you, dopers! I’m sure there’re a lot of TCP/IP geeks hanging around this site.

The IT Pro with a bug in his brain.

The term “mask” is used because a subnet mask is a bitmask. A bitmask masks, or hides, the bits behind a certain part, and lets the other bits pass through. For example, say you have a two byte number, like

10011010 00101110

And say you have a two-byte bitmask, like

11111111 11110000

If you combine them with a bitwise AND operator, the parts of the original number that correspond to the 1s will come through, and the parts that don’t will be “masked.”

    10011010 00101110
AND 11111111 11110000
=   10011010 00100000

Subnet masks work the same way, except the numbers are four bytes long. (Longer in IPV6). The mask allows the networking code to figure out which part of the address is the network number and which is the node number by doing various bitwise operations to combine the mask and address.

I don’t know of a site per se, but I’ll try my hand at at:

IP addresses are 4 8-bit fields. Because they’re 8 bits, they can be in the range of 0 - 255 (00000000 - 11111111).

So a decimal IP address of in represented in binary as
01111111 00000000 00000000 00000001

IP addresses have two components - a “network address”, and a “host address”. The “subnet mask” is just the number of bits which represent the network address.

So, if you have a subnet mask of, this tells you the first 24 bits of the address are ‘network address’, and the remaining 8 bits are ‘host address’. A netmask of yields
11111111 11111111 11111000 00000000

The “1” bits are the portion of the IP used for the network address, and the ‘0’ bits are available for hosts.

So if you had a network starting at with a netmask of, the maximum host address on that network is going to be 2^11. But because IPs are represented as a 8 bit fields, it comes out to be

Clear now?

Here’s an example that may help.

Let’s suppose we work in a large office. We have one big network and its overloaded. So, we take all of the computers in the marketting department, and we put them all on one local network. Then we take all of the computers in the engineering department, and we put them on a different network. We make all of the computers in marketting have an IP address of 192.168.0.x (where x is an individual machine number). We make all of the computers in engineering have an IP address of 192.168.1.x. Our subnet mask is We tie these two networks together with a switch, and now we have two seperate subnets, engineering and marketting.

Let’s say we have 3 computers. Computer A is in engineering, and has an IP address of Computer B is in engineering, and has an IP address of Computer C is in marketting, and has an IP address of Computer A tries to access computer B. If all you look at are the bits that are a 1 in the subnet mask, they all match up. We don’t care that computer A ends in .3 and computer B ends in .4 because those bits aren’t set in our subnet mask. So, we know these computers are on the same subnet, and the network traffic between these computers stays on the engineering subnet. The marketting subnet never even gets these messages, so the marketting network traffic is reduced.

Now, computer A tries to access computer C. Now, there is a difference in the IP address for bits that are in the subnet. Computer A starts with 192.168.0 and computer B starts with 192.168.1. Now, the switches on the network know that the message goes to a different subnet, and the message goes over to the marketting subnet.

All messages between machines on the marketting network and other machines on the marketting network don’t go to engineering, and vice versa. Also, all messages from the outside world only go to their intended subnet, so the engineering subnet isn’t cluttered by messages going to and from marketting to the outside world.

Does that help?

If you went back and changed the subnet mask from to then engineering and marketting would both be on the same subnet, because their IP addresses would then only differ in bits that are not in the subnet mask.

Well, good news and bad news. Bad news first, there’s no way to make it as simple as you want. You basically have to take it as it is. The good news is that it isn’t as hard as you think.

It’s really impossible to put this in a nutshell, but here it is. If you have computer with address A, and it knows it wants to talk to address B, the first thing it needs to know is whether address B is on the same network or a different network. The subnet mask is used in a calculation that determines whether A and B are on the same network.

So, skipping the math involved (already been covered), if you have local address, and you want to send to, your subnet mask tells you whether they’re on the same network. The results are different if you use different masks. If you use then you see them as being on the same network (therefore the rest of the process is resolved by local broadcasts). If you use then you see them as on different networks (and the rest is resolved by sending it to the router). The success, of course, depends whether the netmask accurately reflects the setup of the network and router.

Hope that helps. Just keep reading and experimenting, you’ll get it.

IPCalc - don’t leave your subnet without it.

Thank you all for your efforts. While reading your replies, very well written, I see that I have made things unnecessarily complicated for myself.

Much appreciated!