Why do we need subnet mask?

37

24

Since a IPv4 address already gives the information of the network and and host, why do we still need a subnet mask?

The 1st Octet already specify the network class (1-127: A, 128-191: B, 192-223: C etc.). A, B, or C implies the number of octets for network (respectively, 255.0.0.0, 255.255.0.0, 255.255.255.0), which automatically tells you how many hosts is allowed for each class of network.

The IP gives all the information a subnet mask has, and more. Why do we need subnet mask in the first place? If the information a subnet contains is not entirely a subset of that inside an IP, then what else does it contain or what in addition does the subnet do, that require us to specify it independently?

KMC

Posted 2012-02-27T02:49:41.087

Reputation: 1 537

21Class A, B, C are so 1980's and long dead. As address exhaustion came into being, it was realized that a lot of assigned Class A and B space was totally wasted on the holders, hence CIDR and the given assignment of small, useable blocks of addresses throughout the whole address space. – Fiasco Labs – 2012-02-27T03:19:47.867

2@FiascoLabs That does not answer his question dude. Did Routers still use those subnet masks? Yes with classful(if no further subnetting, which is perhaps unlikely), the subnet mask can be calculated from the address. But a)is it necessary to use a subnet mask with a logical AND, if you already know how many bits you want, and Why is that? Probably doen to CPU operations not being able to test for x bits of a byte, so others have to be zeroed out and the EQU operator is applied. – barlop – 2012-02-27T03:21:26.330

8The routers I've worked with don't assume that the first octet of Class A, B or C mean anything. I've always had to set a netmask or CIDR to let the router know the addresses where the net and broadcast were located. Of course Class address assignments have really easy netmasks, 255.0.0.0, 255.255.0.0 and 255.255.255.0, so yes, it is necessary to use a subnet mask. – Fiasco Labs – 2012-02-27T03:33:42.247

VLSM - variable length sumbet masks, you can create a network or broadcast domain as big or as small as you would like! – Mark S. – 2012-02-27T10:25:33.110

3Even in the days of classes, you could have a large network subnetted (sic) into various other smaller ones. A workstation in a large university would still have an address in a class A network, but it could a subnet of a subnet of a subnet of the entire class A. So naturally routers made no assumptions. – Alexios – 2012-02-27T11:49:16.000

Answers

38

We need a subnet mask for IPv4 addresses because the address doesn't give any information on the network size. Class sizes are not the network sizes. In practical networks all IPv4 networks are broken up into subnets that are smaller than the class size.

For example you could break up the class C network 200.200.200.0/255.255.255.0 into two smaller networks (potentially at separate locations) 200.200.200.0/255.255.255.128 and 200.200.200.128/255.255.255.128 assuming neither needed more than 126 hosts. In reality most companies only get enough IPv4 addresses for the servers that need to be on the public Internet. I've personally seen set ups with 32,16, & 8 address networks (that would be masks of 255.255.255.224, 255.255.255.240, & 255.255.255.248 respectively)

Having IP networks only in class size blocks was too restrictive in limited the number of networks that could be allowed - the 127 class A networks taking half of the space. Not to mention that having a 24 billion node network is completely unmanageable Instead in 1993 Classless Inter-Domain Routing (CIDR) was introduced to allow the networks to be split up.

Also to be clear the purpose of the subnet mask is to determine which hosts are on the local network and which are outside of the network. Hosts can talk directly to hosts on the same network, but they need to communicate with a router to talk to hosts on external networks.

shf301

Posted 2012-02-27T02:49:41.087

Reputation: 7 582

when using CIDR you attaching a prefix to specific the number of bits used for network addressing, and the rest for host addresses. For example, 200.200.200.0/27, then automatically implies host address has to be 63 or lower. Again, the IP still tells you this piece of information, hence, persist my question... – KMC – 2012-02-27T04:54:08.310

It's still an address and a netmask when all's said and done and that's what the underlying hardware uses to calculate it's netblock, does it not? – Fiasco Labs – 2012-02-27T05:31:59.697

My question is persist because the IP still contains all the information that a subnet mask necessary to have. I still find no reason for subnet mask to exist at all. – KMC – 2012-02-27T06:05:40.047

1@KMC: I do not really get your comment, a CIDR prefix is comparable to a subnet mask and software, thus, often uses either the prefix or the mask, as a matter of taste. – Legolas – 2012-02-27T08:47:28.193

20@KMC: /27 is the subnet mask, just written in a different notation. – Heinzi – 2012-02-27T09:06:06.190

@KMC What he's saying, is the IP does not contain all the information that the subnet mask does, because the subnet mask subnets beyond the class. So the subnet mask is necessary. The more interesting question is also with classful addressing but perhaps early days of it, people didn't subnet beyond the class, so was a subnet mask stored and used then, and if so, why (since it can be calculated from the IP)? – barlop – 2012-02-27T10:24:54.263

@barlop Any subnetting would be beyond the class. By definition, a subnet is a subset of an entire network. With classful addressing, the class tells you what is the network and what is the host. It has nothing whatsoever to do with subnetting. – David Schwartz – 2012-02-27T11:00:01.350

@DavidSchwartz well, this site http://www.tcpipguide.com/free/t_IPDefaultSubnetMasksForAddressClassesABandC.htm uses the term default subnet mask but may be not using proper terminology. What I meant by no subnetting beyond the class, was no subnetting.I'll go with the terminology you mention seems more likely. I see, there always was subnetting even from the start of classful addressing and even if people just kept 255.0.0.0 for any network within the Class A subnetwork given to them, then they are still applying a subnet mask. My terminology was a bit screwy.

– barlop – 2012-02-27T13:27:27.687

@DavidSchwartz Was there was a time straight after classful addressing came out, that people didn't make subnets longer than the network portion assigned to them. So any of their subnet masks were calculable based on what class the network was. And were router implementations always flexible and allowing things like 255.248.0.0 right from the beginning? – barlop – 2012-02-27T13:52:08.827

@barlop That method was proposed as an option in RFC 950, section 2.1. But that's the same RFC that proposed VLSM, which is what was ultimately adopted. Essentially, subnetting is historically synonymous with a chosen subnet mask independent of the class. – David Schwartz – 2012-02-27T20:05:22.817

@DavidSchwartz yes VLSM was in the days pre CIDR. I suddenly remembered when Mark mentioned VLSM (RFC 1878). The methods of subnetting were infact in use already before then without that name, almost right from the start. Here are some relevant RFCs RFC 1009(1987),1878(1995),950(1985),917(1984),940(1985). RFC 917(1984), the earliest of those RFCs says " many organizations have chosen to divide one Internet network into several subnets, instead of acquiring a set of Internet network numbers." So the RFCs on subnets were written after the fact. – barlop – 2012-02-27T21:48:35.683

@DavidSchwartz Also this article http://www.ciscotrick.com/variable-length-subnetting-in-the-rfcs/ mentions that the capability was always there though people didn't generally realise see it initially. Also, from what I recall when reading about it years ago, there was Variable length subnet masks, and Fixed length subnet masks. I am not sure which RFC was for fixed length subnet masks but it'd have been before VLSM.

– barlop – 2012-02-27T22:04:42.980

20

The 1st Octet already specify the network class (1-127: A, 128-191: B, 192-223: C etc.). A, B, or C implies the number of octets for network (respectively, 255.0.0.0, 255.255.0.0, 255.255.255.0), which automatically tells you how many hosts is allowed for each class of network.

Right, but if someone were to subnet that network, you'd need the subnet mask to know how big a subnet you were in. Yes, with classful addressing, the class tells you the size of the network and allows you to tell whether a host is in the same network as you, but if that network is subnetted, without the subnet mask, how would you know whether another node is in the same subnet as you?

Say you're on an Ethernet network. We use classful addressing with subnetting. Your IP address is 1.2.3.4 and you want to reach 1.3.1.1. Do you use ARP to reach that address? Well, it depends on whether 1.2.3.4 and 1.3.1.1 are in the same subnet. Even if they're in the same network, if there in different subnets, a router needs to be used. If they're in the same subnet, then ARP should be used.

So you need the subnet mask if subnetting is in use, even with classful networks.

I think you're confusing subnetting with CIDR, actually. Without CIDR, even with subnetting, you don't need the subnet mask between administrative regions. But you still need it inside the network!

David Schwartz

Posted 2012-02-27T02:49:41.087

Reputation: 58 310

6

A subnet mask is used to do a bit wise operations on an IP address, in conjunction with a network address. If my memory serves me well, you take an IP address and do a bit wise AND on it and the subnet mask for a given network. If the result equals the network address, then the IP address is on that particular network. Routers that have routing tables of network addresses and subnet masks can use simple binary maths (which is very fast, if not the fastest for computers to handle) to find out which interface to punt a packet out of.

Adrian Thompson Phillips

Posted 2012-02-27T02:49:41.087

Reputation: 61

3

"The 1st Octet already specify the network class (1-127: A, 128-191: B, 192-223: C etc.)."

There aren't many protocols in common use today that respect this anymore (see @Fiasco Labs comment - RIP is the only one I can think of). So, this statement in your question:

The IP gives all the information a subnet mask has, and more.

is not true for the great majority of protocols in use in the Internet today.

If you have a number of machines that are connected to each other, and only ever communicating with each other, with no router ever involved, then the subnet mask isn't really needed (although modern TCP/IP stacks insist you specify one).

Routers define the edges of (sub)networks. Anything needing to go through a router is on a different network - and vice versa: anything needing to go to a different network needs to go through a router.

The subnet mask is how all machines can tell whether traffic is for the current network or needs to be sent to a router to get to its destination. Your computer's TCP/IP stack will send its traffic directly to the destination if it's within the subnet mask, otherwise it consults its routing table, and the usual situation is that sends other traffic to the default gateway.

LawrenceC

Posted 2012-02-27T02:49:41.087

Reputation: 63 487

3

The 1st Octet already specify the network class (1-127: A, 128-191: B, 192-223: C etc.). A, B, or C implies the number of octets for network (respectively, 255.0.0.0, 255.255.0.0, 255.255.255.0), which automatically tells you how many hosts is allowed for each class of network.

While this was historically true. This hasn't been true for years. Years ago 24.0.0.0/8 was given out in pieces to various ISPs. (I believe this was mostly to cable providers.)

Even when it was true for network assignments, netmasks were necessary for internal networks to simplify routing. Efficient routing of a network like 10.0.0.0/8 requires subdivision into smaller networks. This may be a simple scheme using /16 and /8 subdivisions, but is more likely to be classless subdivision. Larger subnets make more efficient use of address space (over 99% of a /24 is available for devices, while only 50% of a /30 is available.

The local network is routed directly from the device, while other addresses are passed through a router. Hosts with multiple interfaces may be connected to networks of different sizes.

For sub-nets without multi-homed hosts a /24 contains more addresses than is required. Most routers I have worked with have 24, 48, or 96 ports and can be supported with /27, /26, or /25 sub-nets. This allows some extra addresses for DCHP and/or multi-homing. Organizations may standardize on allocating sub-nets of /24 or /23 for routing.

Since a IPv4 address already gives the information of the network and and host, why do we >still need a subnet mask?

Many devices use a default netmask of /24 which in many cases matches the size of the local subnet (localnet) assigned to the router. This is equally applicable to classes A, B, and C. Unless the subnet size matches the default subnet a netmask is required.

If addresses are specified using CIDR format, the netmask and network can be calculated from the address. If not the network can be calculated from the address and netmask. It is not possible to reliably calculate the netmask from the address and network.

Providing a gateway (router) address for a subnet allows the default route to be configured allowing routing to addresses outside the subnet.

BillThor

Posted 2012-02-27T02:49:41.087

Reputation: 9 384

2

Except for @Adrian's answer I'm not sure any of these actually mention WHY we use the mask instead of some simpler to understand solution--and he only touched on the fact that masking is FAST, I mean why not just specify that you are interested in addresses 192.168.1.200-192.168.1.220, or why not just use names like *.my.address.com for this, just naming each computer instead of assigning numbers?

You actually could now to some degree completely remove numbers from routing, most PCs could handle the kinds of traffic they are sent, but there is still a problem on the larger scale devices.

Filtering like this is happening all the time, and it's happening a LOT. Masking can be done in hardware, completely eliminating the need to waste time on uninteresting packets (which used to be 99% of the packets you'd have pass through your wire, now with switched hubs you shouldn't see any that aren't addressed to your machine, again making it less relevant).

For a solution that is so easy on the hardware it is also very flexible. The same hardware can route an entire class A network (10.x.x.x) or just one or two ip addresses with the same implementation.

This is not a replacement for any of the other answers, just a little more info.

Bill K

Posted 2012-02-27T02:49:41.087

Reputation: 267

"why not just use names like *.my.address.com for this, just naming each computer " - you mean, like, DNS? – Piskvor left the building – 2012-02-27T19:28:50.757

@Piskvor Exactly! DNS resolves to IP addresses, you could use DNS directly but the processing power used goes up. You could even sub-divide domains so that *.meh.com goes to one address except *.alt.meh.com goes to another... – Bill K – 2012-02-27T20:57:57.290

That works, yes - that is, when it works (additional complexity); plus you need to know where the DNS server is; chicken-and-egg problem. – Piskvor left the building – 2012-02-28T06:16:59.963

@Piskvor I'm just saying that there are other possibilities that would work fine except for performance--still significant in some cases--and the fact that it would require re-writing EVERYTHING. (Do you really think the problem with a DNS server would be any different if you switched to a different addressing scheme?) – Bill K – 2012-02-28T17:12:51.623

No, the problem would indeed persist. (and btw, the push for a simple networking stack is not going away - quite the contrary, getting stronger with the "internet of things": simple also means less power needed and longer battery life) – Piskvor left the building – 2012-02-28T17:25:36.927

@Piskvor well, with many devices on switching networks the performance shouldn't matter--for the most part you would only see packets that you were interested in--More with wireless but the filter wouldn't be too busy and these days could probably be done in hardware anyway. Regarding your scenario-if you broadcast a DNS request for a name and the server returned ".../Machine/11" instead of "192.168.1.11", how would that be technically harder? But the reason I posted is the same thing you are saying--the performance for switches and routers is huge and it's the big difference here. – Bill K – 2012-02-28T18:28:06.533

I guess we're violently agreeing with each other then :) – Piskvor left the building – 2012-02-28T19:11:21.150

1

To date, there's still no answer as to why subnets (as opposed to CIDR) are still in use. There's two problems with subnet masks:

  1. you can specify non-contiguous masks, which are invalid.
  2. (also applies to CIDR) they introduce possible overlap - ISPs could give out the same IP address as part of different subnets. e.g.

    customer A: 22.132.124.121 subnet mask 255.255.255.0
    customer B: 22.132.114.55   subnet mask 255.255.0.0

which isn't immediately visible as should be.

https://blog.certskills.com/ccent/vlsmo_01_01/

LogicBreaker

Posted 2012-02-27T02:49:41.087

Reputation: 11

1

There are already many things explained in other answers, but not the main thing.

You want to know, if IP address can already give you full address of the recipient, then why subnet masks exist. You know, in large organizations, sometimes departments need separate networks, so, for example, accountants are in a different subnet and cannot access marketing department's inner IP addresses. So, for example, an employee with the IP 192.168.10.3 wouldn't be able to access the printer at 192.168.15.76, because it would be in a different subnet.

Luka Ramishvili

Posted 2012-02-27T02:49:41.087

Reputation: 111

0

Noramally, subnet mask works as an indicator to the below subnetworks. usually a network contains several subnets and the subnet mask is the way, the router uses, to deliver traffic to the specific destination (in any subnet using the subnet mask) this link contains an introduction to Subnet masks

Salah Amean

Posted 2012-02-27T02:49:41.087

Reputation: 71

1Please add the important information from the link to here, add the link as source. – avirk – 2014-03-23T08:26:14.727

Asked: 2012-02-27T02:49:41.087

Viewed: 56 484 times

Active: 2017-08-25T13:01:09.227