3

There are several questions out there asking what the CIDR netmask is, and how it's calculated. But after reading all the top answers, I'm still left wondering, how does the netmask let us distinguish two IP addresses?

For example, if I give you addresses:

  • 25.47.130.1 /32
  • 25.47.130.1 /8

I don't see how these are two different addresses just because you added a more specific "sub group" to one. They are (or seem to be) the same IP address!

To me this seems the equivalent to providing two ways to describe "Bob's House" but claiming they are different locations, for example

  • Bob's House / New York City
  • Bob's House / Brooklyn

Both addresses are exactly the same. They both refer to the same house. It's irrelevant that in one of the "masks" you narrowed it down to the smaller sub-location.

I hope someone understands what I am struggling to understand, and doesn't mark this as a duplicate. I have not found a similar question or answer that addresses this confusing aspect.

Paul Gear
  • 3,938
  • 15
  • 36
CodyBugstein
  • 222
  • 1
  • 3
  • 11

7 Answers7

7

how does the netmask let us distinguish two IP addresses?

It doesn't. I lets us or a device distinguish the scope of the network to which it is attached.

I don't see how these are two different addresses just because you added a more specific "sub group" to one. They are (or seem to be) the same IP address!

They are the same address. It is the scope of what you are referring to that has changed. Generally speaking, when you see a /32 referenced, you are referring to a single host. When you use a smaller netmask, such as the /8 in your example, you are defining the size of the (sub)network to which that host is attached.

While you are reading the IP address in a dotted decimal format, the address used by computers/network devices is in binary. It is a string of 32 binary 1's and 0's. The mask just differentiates what part of that 32 character binary string is used to designate the network and which part can be used to designate hosts.

Adding to my general statement above, when you are referring to a network and not a specific host, the host bits of the address are all set to 0. If one or more of the host bits are set to 1, then this typically indicates a specific host within the network of the designated size. So when you included 25.47.130.1/8 above, this would tend to indicate a specific host in the /8 network of 25.0.0.0/8.

Both addresses are exactly the same. They both refer to the same house. It's irrelevant that in one of the "masks" you narrowed it down to the smaller sub-location.

Extending your example, which takes this out of networking. Yes, they are both the same house, but that doesn't make the mask "irrelevant." This is actually a very important piece of information for Bob.

Bob is identified by a numerical value (25.47.130.1/32) lives in a town (represented as 25.47.130.0/24). Bob has an old fashioned post office with separate mail boxes, one box for local mail (i.e. someone else in town) and one for all other mail.

This way local mail can be delivered more directly to the destination (making delivery faster and better for the environment). Mail that goes in the all other mail box gets sent to a regional sorting/handling post office before it is sent along it's way to the destination.

Bob has two letters to send, one to 25.47.130.2 and one to 35.57.140.2. Bob, who knows his town is 25.47.130.0/24, determines that the letter to 25.47.130.2 is local and puts it in the local box. However 35.57.140.2 is not in his town, so puts it in the all other mail box.

You could even extend this further and say that Bob knows his town is located in a state (25.47.0.0/16) and that state is part of a larger country (25.0.0.0/8). Bob now knows that his letter to 35.57.140.2 is out of state and out of country (which may have additional requirements, like additional postage).

However, typically most network end points (Bobs) simply wouldn't need to know or care about anything more than if the traffic (mail) is local or not. In other words, is the traffic sent directly to a local destination or is it handed off to another device to route it to the proper destination.

YLearn
  • 1,237
  • 7
  • 17
6

The network mask is not part of the address. It defines how big your neighborhood is, as in Mikhail Khirgiy's example. With a /8 mask, Bob knows everyone in New York personally. He can hand-deliver a letter to anyone in the city without any help. With a /16 mask, Bob only knows people in Brooklyn (assuming Bob himself lives in Brooklyn). If he wants to deliver a letter to someone in Queens, he needs to take it to the post office (which would be his gateway address). With a /24 mask, Bob only knows people in his apartment block. To send to anyone outside (even the rest of Brooklyn) he needs to send it through his gateway (maybe the resident manager in this case). In short, the gateway is part of the equation. The mask is there to determine how many other addresses he can send to without any help. If he can't contact the destination, he sends it to his gateway instead.

Charles Burge
  • 758
  • 6
  • 16
4

The netmask tells the device how to contact other IP addresses. Anything in the same network, as defined by the netmask, is contacted directly; anything outside the same network has to be contacted via a router (the default gateway, unless there’s a local routing table with an applicable route).

Mike Scott
  • 7,903
  • 29
  • 26
3

You can aggregate networks to one by using more little mask. It is used only for routing or in firewall rules. By example:

25.0.0.0/8 - NewYork

25.47.0.0/16 - Brooklyn

25.47.130.0/24 - Bob's house or campus

25.47.130.1/32 - Bob.

This isn't used in real networks. By example Bob got the 25.47.130.1/24 IP address in 25.47.130.0/24 network. It can connect directly (without routing) to any IP address from this network. But it can't directly connect to 25.47.131.1/8 because this IP address isn't from Bob's network 25.47.130.0/24. That is why Bob's computer will send packets to 25.47.131.1/8 via gateway host (router).

Mikhail Khirgiy
  • 2,003
  • 9
  • 7
  • So Bob can send to `25.47.130.2/24` but not to `25.47.130.2/8`? I don't understand why not. They are ultimately the same address – CodyBugstein Mar 22 '18 at 06:33
  • Bob can send to 25.47.130.2/24 and to 25.47.130.2/8, but Bob can't send to 25.47.131.2/8. Because the network 25.47.130.0/24 includes IP address 25.47.130.1/24 and includes IP address 25.47.130.2/8, but the network 25.47.130.0/24 doesn't include IP address 25.47.131.2/8. Another words - the 25.0.0.0/8 network includes the network 25.47.130.0/24, but the network 25.47.130.0/24 doesn't include the 25.0.0.0/8 network. – Mikhail Khirgiy Mar 28 '18 at 12:19
1

The netmask for an IP assigned to a system is used to calculate the entry that will be added to the local systems route table for that IP.

Whenever a packet is set the local route table is consulted. If the destination is on the local subnet your computer will use the local medium (probably Ethernet) to communicate with the destination directly. If the destination is not local, your packets will be forwarded to the router with the first matching route in your route table, or the 'default' router/gateway if you don't have any specific routes. In the route table local routes are checked first, then routes are processed from most to least specific.

Zoredache
  • 128,755
  • 40
  • 271
  • 413
0

What does the netmask in an IP address actually tell you?

The network mask determines which part of an IP address is the network, and which part is the host.

IP addresses and masks are binary numbers (32-bit for IPv4, and 128-bit for IPv6). The IP address and mask are ANDed (remember the truth tables from school) to give you the network address. If you AND the address with the inverse of the mask, you get the host number.

For example, to get the network address:

Address 10.11.12.13   is 00001010000010110000110000001101
Mask    255.255.248.0 is 11111111111111111111100000000000
                         ================================ AND
              Network is 00001010000010110000100000000000 10.11.8.0

To get the host number:

Address 10.11.12.13   is 00001010000010110000110000001101
Mask    255.255.248.0 is 00000000000000000000011111111111
                         ================================ AND
          Host number is 00000000000000000000010000001101 0.0.4.13 or 1037

I'm still left wondering, how does the netmask let us distinguish two IP addresses?

That is not the purpose of the network mask. The actual addresses determine the difference. On the same network, the hosts will have different host numbers. On different networks, the host numbers can be the same. It is the full IP address that must be unique on the public Internet.

Your confusion stems from the fact of using Private IPv4 Addressing. Private addresses need not be unique between private networks because they are translated by NAT to unique public addresses before packets with those addresses are sent over the public Internet. The private addresses must be unique within the private network where a host is addressed, but each private network can use the same addressing as other private networks.

Ron Maupin
  • 3,158
  • 1
  • 11
  • 16
  • Thanks for the answer but that doesn't answer the question. There are plenty of sources that explain how netmask works, Ive even linked to a few. My question is not about how but about "why". – CodyBugstein Mar 22 '18 at 06:30
  • 2
    @CodyBugstein, the question is, "_What does the netmask in an IP address actually tell you?_" I explained that, and I explained that there can be two private addresses the same because of NAT. I don't know what else you want. – Ron Maupin Mar 22 '18 at 13:44
0

with a few words it tells you how many hosts you can add on this network etc /24 is 254 (256-2 broadcast and network) if you go into /23 this will get double into 512 (510) if you go into /22 will go again double of preview that means 1024 (1022H) if you go into /25 will go into half of /24 that means 128 (126H)

N3kos
  • 17
  • 2