A subnet allows the flow of network traffic between hosts to be segregated based on a network configuration. By organizing hosts into logical groups, subnetting can improve network security and performance.
When subnetting, separating the network and host requires a special mechanism called a subnet mask. A subnet mask, which contains a binary bit pattern of ones and zeros, is applied to an address to extract the network ID for purposes of determining whether an address is on the local network. If not, the address is switched or routed on. A subnet mask doesn’t represent any device or network on the Internet. It’s just a way of indicating which portion of an IP address should be used to determine the network ID. (You can spot a subnet mask right away because the first octet is always 255, and 255 is not a valid first octet for any class of IP address.).
Subnet Mask
Perhaps the most recognizable aspect of subnetting is the subnet mask. Like IP addresses, a subnet mask contains four bytes (32 bits) and is often written using the same dotted-decimal notation. For example, a very common subnet mask in its binary representation:
Is typically shown in the equivalent, more readable form:
Each of the four bytes is one bit long. In binary notation, a bit consists of eight zeroes and ones, representing powers of two; the 'to the power of' value is a function of the position of the value in the string, with the rightmost value starting at 0. A bit value of 11111111 is equal to 27+26+25+24+23+22+21+20, or 255. By contrast, a bit value of 00100001 is equal to 25+20, or 33.
Applying a Subnet Mask
A subnet mask neither works like an IP address nor does it exist independently of them. Instead, subnet masks accompany an IP address and the two values work together. Applying the subnet mask to an IP address splits the address into two parts, an extended network address, and a host address.
For a subnet mask to be valid, its leftmost bits must be set to 1. For example:
Is an invalid subnet mask because the leftmost bit is set to 0.
Conversely, the rightmost bits in a valid subnet mask must be set to 0, not 1. Therefore:
Is invalid.
All valid subnet masks contain two parts: the left side with all mask bits set to 1 (the extended network portion) and the right side with all bits set to 0 (the host portion), such as the first example above.
Subnetting in Practice
Subnetting works by applying the concept of extended network addresses to individual computer (and another network device) addresses. An extended network address includes both a network address and additional bits that represent the subnet number. Together, these two data elements support a two-level addressing scheme recognized by standard implementations of IP. The network address and subnet number, when combined with the host address, therefore support a three-level scheme.
Consider the following real-world example. A small business plans to use the 192.168.1.0 network for its internal (intranet) hosts. The human resources department wants their computers to be on a restricted part of this network because they store payroll information and other sensitive employee data. But because this is a Class C network, the default subnet mask of 255.255.255.0 allows all computers on the network to be peers (to send messages directly to each other) by default.
The first four bits of 192.168.1.0 -
Place this network in the Class C range and also fix the length of the network address at 24 bits. To subnet this network, more than 24 bits must be set to 1 on the left side of the subnet mask.
For every additional bit set to 1 in the mask, another bit becomes available in the subnet number to index additional subnets. A two-bit subnet number can support up to four subnets, a three-bit number supports up to eight subnets, and so on.
Private Networks and Subnets
The governing bodies that administer Internet Protocol have reserved certain networks for internal uses. In general, intranets using these networks gain more control over managing their IP configuration and Internet access. Consult RFC 1918 for more details about these special networks.
Summary
Subnetting allows network administrators some flexibility in defining relationships among network hosts. Hosts on different subnets can only talk to each other through specialized network gateway devices like routers. The ability to filter traffic between subnets can make more bandwidth available to applications and can limit access in desirable ways.
Short for subnetwork mask, a subnet mask is data used for bitwise operations on a network of IP addresses that is divided into two or more groups. This process, known as subnetting, divides an IP network into blocks of logical addresses. Subnetting can improve security and help to balance overall network traffic.
A common example of a subnet mask for class C IP addresses is 255.255.255.0, the default subnet mask for many computers and network routers. When applied to subnet, a subnet mask shows the routing prefix.
Related pages
See our netmask definition for a full explanation and examples.