What does it mean to have a subnet mask /32?

17

3

I see in this question, the routing table has:

192.168.1.1/32     link#4             UCS             2        0     en0
openwrt.lan        46:94:fc:63:fc:7   UHLWIir        11     3610     en0   1200
192.168.1.125/32   link#4             UCS             2        0     en0

What does it mean to have a subnet mask of /32 and in that case what will be its network ID? Can a host exist without a network ID in case we consider the above as a single host?

As far as I know, the network ID and IP address assigned to a host in that network are 2 different things. 192.168.0.0 is a network ID and if its subnet is 255.255.255.0, then the hosts in this network can be 192.168.0.1 - 192.168.0.254. In this case how a host can exist without a network ID?

Linked : Why is my subnet mask 255.255.255.255?

Number945

Posted 2019-08-20T13:10:47.847

Reputation: 297

I've seen the A.B.C.D/# syntax used in various ways in software and hardware, and in general it is just used to mean how many bits must match (L2R) for that line/rule/case to be in effect. So 192.168.1.1/32 would mean the information following it applies for the exact address 192.168.1.1 and no other. – simpleuser – 2019-08-28T20:22:35.650

Answers

23

There's a bit of confusion here; that /32 doesn't refer to the size of any (sub)network, but to the range of addresses that particular routing table entry applies to. Usually the two are the same (because you route a network or subnet as a unit, right?), but macOS does things a little different for other hosts on the same local network. Let me add some lines before the ones you quoted:

Destination        Gateway            Flags        Refs      Use   Netif Expire
default            openwrt.lan        UGSc           10        0     en0
...
192.168.1          link#4             UCS             2        0     en0
192.168.1.1/32     link#4             UCS             2        0     en0
openwrt.lan        46:94:fc:63:fc:7   UHLWIir        11     3610     en0   1200
192.168.1.125/32   link#4             UCS             2        0     en0

Note that 192.168.1 (short for 192.168.1.0/24) is routed over en0 (aka link#4); not via any gateway, just over the interface itself. This is the network that the Mac itself is on. 192.168.1.1 and 192.168.1.125 are both specific addresses within that network range. If you compare those /32 entries with the 192.168.1 entry, they're basically redundant duplicates; they say the same thing, just about specific addresses instead of the entire network range.

I don't know why macOS creates these redundant address-specific entries, but it's probably related to another thing you can see in the listing above: macOS lists its ARP table entries in the routing table. The "openwrt.lan" entry above (which I'm pretty sure is actually 192.168.1.1, just listed by name rather than number) says that it's routed via en0 to the MAC address 46:94:fc:63:fc:7.

So what you're seeing in the route listing is a mix of actual network routes (like the "default" and 192.168.1 entries), and per-host entries (the /32 and MAC-targeted entries).

Gordon Davisson

Posted 2019-08-20T13:10:47.847

Reputation: 28 538

How did you deduce 192.16.1 short for 192.16.1.0 /24 ? (Also, I think you meant 192.168.1.0) – Number945 – 2019-08-21T09:34:22.550

1

@BreakingBenjamin netstat sometimes uses a shorthand where it just lists the network portion of the address (omitting the host portion); in "192.16.1" three octets are listed, indicating 8 octets = 24 bits of network portion. If you look at the full output in the original question, you'll also see entries for "224.0.0" (short for 224.0.0.0/24, the multicast local control block), "169.254" (169.254.0.0/16, dynamic link-local addresses), and "127" (127.0.0.0/8, local loopback).

– Gordon Davisson – 2019-08-21T17:40:22.210

@BreakingBenjamin in other words, any trailing ".0"s are removed from addresses to display a number with less than three dots. The user is supposed to know to add them back when they're needed. – Monty Harder – 2019-08-22T17:25:59.410

19

/32 addressing

Generally speaking, /32 means that the network has only a single IPv4 address and all traffic will go directly between the device with that IPv4 address and the default gateway. The device would not be able to communicate with other devices on the network.

There are a couple of possible reasons for this that I've seen. It could be:

  • A webserver serving multiple sites with each site bound to a specific IPv4 address
  • A loopback address used for testing.
  • Isolating a machine from the network to allow only statically set routes to connect. (For decommissioning, for example.)

Network ID

The network ID portion of an IP address is determined by the subnet mask. For example:

  • A /24 IPv4 network has a subnet mask of 1111.1111.1111.0000, meaning the first 3 octets are the network ID and the last octet is used for assigning host IDs (256 available IDs, though usually some are reserved).
  • A /16 IPv4 network has a subnet mask of 1111.1111.0000.0000, meaning the first 2 octets are the network ID and the last octet is used for assigning host IDs (65536 available IDs, though usually some are reserved).

In the case of /32, this doesn't apply as the address is both a network ID and host ID. /31 addresses are also all host IDs with no reserved 0th address.

Worthwelle

Posted 2019-08-20T13:10:47.847

Reputation: 3 556

But this network cannot exist as it won't have then network id ? The only id , as you said , gets assigned to host ? – Number945 – 2019-08-20T14:08:47.877

More accurately, this would have only a network ID and no host ID. In the case of a loopback address, you have no need for host IDs as there is only one. – Worthwelle – 2019-08-20T14:36:20.977

A web server runs on a machine which have an ip address. Inside web server , we host sites. so how can anyone host a site by such /32 addressing because that ip belongs to the machine and not to the site ? If we say a site have ip /32 , we are actually saying that the machine have /32 addressing and in such a case how is that machine connected to network ? – Number945 – 2019-08-20T15:01:47.987

Since a computer can have multiple network interfaces (whether virtual or phyrical), it can also have multiple IPs. A common example of this is a laptop which is connected to a WiFi network and has an Ethernet cable attached to the same router that runs the WiFi. In the case of a webserver, these addresses are aliases and serve only for identifying which connection is requesting which website. – Worthwelle – 2019-08-20T15:05:20.323

4/31 and /32 are exceptions to the general rule; all addresses within them are host IDs. (They still have a network ID, but it's simultaneously a host ID too.) – user1686 – 2019-08-20T15:28:38.953

4To clarify, a /31 still has only one "network ID" (like in all other cases) – it just has two hosts and no reserved/unusable addresses. – user1686 – 2019-08-20T15:35:40.457

Actually in that case the default gateway does not come into play, if you have a /32 route it’s the Peer address and there is no network Id (maybe is a point-to-point link with no broadcast domain or it’s an local ip alias bound to loopback or some more complicated proxy/rerouting/vip setups. – eckes – 2019-08-21T11:04:46.803

4

It is just CIDR value. You can learn more in here for CIDR.

TL;DR

A CIDR network address looks like this under IPv4:

192.30.250.00/18

The "192.30.250.0" is the network address itself and the "18" says that the first 18 bits are the network part of the address, leaving the last 14 bits for specific host addresses. subnet-mask

monst3r

Posted 2019-08-20T13:10:47.847

Reputation: 56

2

easiest thing is web search and read articles related to subnet mask and subnet mask binary shorthand and CIDR

and also check out subnet calculators

the /32 is the CIDR (shorthand) and refers to how many 1's are in the subnet mask. For /32 that is 255.255.255.255 or 11111111.11111111.11111111.1111111

that means you can only have one ip address, on your network before needing a gateway/router to get outside that network. with /32 it's just you. A subnet mask is a number that defines a range of IP addresses available within a network

CIDR = classless inter-domain routing

what does using /32 mean : I don't believe it is an invalid setting however it effectively turns off networking... or limits the network to just you... you can only talk to yourself if you don't have a gateway set up to reach outside that netmask.

what will its network id be: I assume you mean what will ip address be, and ip address will be whatever you set it to be. The IP address and subnet mask (which is what you are dealing with) are two different although related things.

can a host exist without a network id [ip address?] : can you exist without having a first and last name or without an address? yes the host can exist. kinda need to better define what u mean by exist.

ron

Posted 2019-08-20T13:10:47.847

Reputation: 628

"network ID" usually refers to the address with all 'host' bits zeroed out – i.e. one of the two "reserved" addresses in a subnet. It's not the host's address. – user1686 – 2019-08-20T14:03:00.490

@ron As far as I know , network id and ip address assigned to host in that network are 2 different things. Like 192.168.0.0 is a network id and if its subnet be 255.255.255.0 , then host in this network can be 192.168.0.1 - 192.168.0.254 . hence I asked in this case how a host can exist without a network id ? – Number945 – 2019-08-20T14:06:11.217

I think it's a matter of symantics and can get hard to discuss typing out like this. strictly speaking if you say host then you imply or require a valid identifier (id) which is what? Not necessarily a hostname because their can be two systems having the same host name on a network. In most cases the unique identifier should be the network hardware MAC address.. which is never supposed to duplicate between billions of computer devices today? And old school nomenclature i think is host vs terminal, so without a valid network interface your system becomes a terminal and not a host. – ron – 2019-08-20T14:38:57.280

and then as a terminal would not be reachable on the network, only hosts with properly configured network interfaces can communicate on the network(s). however with /32 netmask and a properly configured network interface (including gateway) then yes you can be a host on the network and exist. but with /32 on a host having ip 10.1.2.3 it will not communicate to something right next to it at 10.1.2.4 which u would take for granted usually because 10.1.2.3 and 10.1.2.4 would be separate networks and require a gateway/router to make the connection between those two networks. – ron – 2019-08-20T14:46:37.140

correction: network hardware mac address is unique on your local network as defined by the subnet mask. – ron – 2019-08-20T14:52:35.453

0

What you're looking at are not subnet masks. They are indications of the length of the routing table¹ prefixes.

A naïve implementation of a routing table would list every possible IP address so that, given any IP address, you'd look up that exact one and get back the routing information² associated with it.

Clearly some sort of compression is needed. The nature of routing information is that adjacent addresses are likely to use the same information, so we can use a form of radix tree to compress these together. Here, briefly, is how it works.

Given the numbers 0-7, we can represent them in binary as so:

0   000
1   001
2   010
3   011
4   100
5   101
6   110
7   111

Now if we have two routing table entries, one for addresses 0 and 1, and another for addreses 2 and 3, we can store them under the binary prefixes that these share. If we use a . to indicate the "unused" bit after the end of the prefix, we have 00. for the range 0-1 and 01. for the range 2-3.

A standard way of representing this is with the lowest number from the range followed by the length of the prefix; in this case these would be 0/2 for the range 0-1 and 2/2 for the range 2-3.

But what happens if we want to look up the routing information for address 6? Normally we'd add a "default" set of routing information with prefix 0/0, i.e., matching any bits at all and then when we search we look for the most specific information i.e, the longest matching prefix, we can find. So the full routing table we've just described is:

0/2     00.     Matches addresses 1 and 2.
2/2     01.     Matches addresses 3 and 4.
0/0     ...     Matches any address.

Subnet masks can be described with prefixes in the same way, and so this scheme is often used for that. But keep in mind that just because this scheme can be used for describing subnets does not mean that it's used only for describing subnets.

As an example of routing table prefixes not being subnets, you could have two network interfaces connected to the same network, say, 192.168.2.0/24. (This could be implemented by connecting two separate network cards to the same switch, each with its own cable.) You could then set up the routing table to "balance" outgoing traffic across the two interfaces by using two routing table entries:

192.168.2.0/25      eth0        # range ...2.0   to ...2.127
192.168.2.128/25    eth1        # range ...2.128 to ...2.255

This would send packets destined to addresses 0-127 on that network out eth0, but packets destined to addresses 128-255 on that network out eth1. This is a bad way of doing this (for reasons I won't get into here), but demonstrates how routing prefixes and network addresses might not match.

¹ The Wikipedia article on routing tables unfortunately says that the prefix field holds the "Network ID." While this may be true in certain specific implementations of routing tables, it's not always a network ID in the general case, as seen in both the example you provide and my example later in this answer.

² This routing information typically includes things like what interface to use, what router to contact on that interface, if any, the MAC address of a host for hosts directly reachable through that interface, what source address we should put on the packet if the host has multiple source addresses, security information, and so on. There's a huge variety of data that could be there, but none of that is important for the purposes of this discussion since we're talking just about how you look up the correct data set for a given address, not what's in the data set itself.

cjs

Posted 2019-08-20T13:10:47.847

Reputation: 380

Asked: 2019-08-20T13:10:47.847

Viewed: 12 129 times

Active: 2019-08-22T05:10:46.600