Why are subnet masks so long?

If they are intended to split an address (i.e. 255.255.252.0 or 11111111111111111111110000000000), why not just encode where the split takes place? (i.e. 22 or 10)

Sorry, the numbers are wrong in my example (got it from this thread: http://boards.straightdope.com/sdmb/showthread.php?t=350087). But the basic idea remains.

I’m not an expert in this sort of thing, but my WAG is tradition and simplicity. The reason for the subnet mask is to do some calculations on it, the local IP address and a destination IP address to see if the destination is also local or must be routed through the local gateway. This is done most easily with the subnet address in its expanded form.

As long as subnets follow the traditional form, they could be converted back and forth from a more condensed expression like yours, but sysadmins are used to the current notation and don’t find it too long. And they’re the ones who do most of the work with subnets.

In many cases it would be notated exactly the way you propose.

192.168.5.8/24 indicating an IP of 192.168.5.8 and a Subnet mask of 255.255.255.0, or 24 netmask bits “set”.

Both of the notations can be used to find the same thing.

In your 255.255.252.0, I can tell by a quick glance that the first 2 octets (192.168 in my example) are network descriptors only, and the third & fourth octets are for the nodes, though I’d need a subnet calculator, or to do the calculation long hand to figure out exactly where the breaks are.

I’m honestly not sure, but couldn’t you have say an address/subnet mask like
172.16.1.2/0.255.255.0 that would allow x.16.1.x, or would that not work?

You can indicate the split (butler1850 explained it well), but it’s not a subnet mask if you do that. A mask needs to have the same number of bits as the number being masked or you can’t do the calculation with a simple AND instruction.

If you’re using a 32-bit IP address with a 32-bit subnet mask, you can derive the node addresses in a single machine-language instruction, which is one machine cycle on many processors (e.g., really fast). If you’re storing the subnet length in a byte representing the offset, masking will take quite a few more instructions.

You couldn’t do 0.255.255.0 because the IP standard requires at minimum the first octet to be network (class A address). Technically you could do a 192.168.42.1 255.255.0.255. As far as I know that does not break any rules in the RFC, but it is not recomended. Also there is no reason to break your network portion up except to make it dificult on other people to figure out. Job security. Also I wouldn’t be suprized if some devices have problems handling that kind of subnet mask.

-Otanx

Short answer… you can, and some people and programs do. Longer answer… because subnet masks don’t have to be contiguous, so you might be making a mistake in doing this (I thought we just went through this?) A longer, and a sort of different answer… the masking algorithm compares two 32-bit addresses. No matter what kind of shorthand you use, at the lowest levels it will still be converted to a 32-bit number to derive the result.

If you’re to the point of fooling with netmasks, chances are that you’re knowledgeable enough that you won’t find this kind of shorthand overwhelmingly useful.

If you look at the history of network design, there is an overwhelming trend towards making networks simple at the sake of efficiency. Thier reasoning has always been bandwidth will continue to grow so inefficiency matters less but complications never go away once they are set into standards. Transmitting a mask is easy because you can just do a simple hardware AND, even though you need an extra 3.5 bytes.

I’m not certain that the mask is transmitted. There would be simply no reason.

The only reason for the mask is for the sending device to determine if the destination machine is on the same network or not.

If it’s not, it needs to be sent to a device for routing to a different network. To do this, the packets are sent to the default gateway described in the IP setup, or to a gateway (router) specified in a routing table. (This would be a more rare occasion for an individual workstation/device, but I’ve seen it done, and used them for specific specialty reasons.)

E.g.

Your PC ip 192.168.1.50 / sm 255.255.255.0 / dg 192.168.1.1

You want to communicate with two devices, a file server on your network, and google.com.

192.168.1.10 (File SERVER)
72.14.207.99 (google.com)

Your computer wants to send a packet of data destined for SERVER, so it compares that address with it’s own, combined with the subnet mask, and determines it’s on the same network. It address the packet, and drops it on the wire. The SERVER ‘hears’ it, and accepts it, processing as it needs, and replies the same way.

Your computer now wants to start a session with google.com, so it does the same as above, but determines that it’s not on the same network, so it sends the information to the default gateway (dg) and says “hey, pass this along to your next connection.” The gateway (router) does it’s thing, and passes it along to the next connection, etc…

Routing 101 stuff.

Can you do more “complex” things for security? Sure, but the reality is that many devices will not see your complex subnet mask as “valid” or may have issues with non standard setups. Why complicate things that have to work 100% of the time? (Or face the wrath of the boss/chief whiney user :cool: )

Do you really want to think that hard to diagnose network issues? I certainly don’t. Ease of troubleshooting/maintenance/support is often a much more compelling reason for a particular design than efficiency. As Shalmanese says, bandwidth isn’t the problem here. Most folks have more internally than they need, and the real “speed” is determined by the slowest link in the path anyway.