← Back to Networking

What is a Subnet Mask and How Does Subnetting Work?

A subnet mask is a 32-bit number that divides an IP address into a network portion and a host portion. It determines which devices belong to the same network and enables efficient IP address allocation. Subnetting—the process of splitting a network into smaller subnets—allows organizations to optimize network performance, improve security, and reduce IP address waste.

Understanding IP Addresses and Network Basics

Before diving into subnet masks, you need to understand IPv4 addresses. An IPv4 address consists of four octets (eight bits each), totaling 32 bits. Each octet ranges from 0 to 255 and is separated by a dot. For example, 192.168.1.100 is a private IP address commonly used in home and business networks.

The internet originally used classful routing, where IP addresses were divided into fixed classes:

This inflexible approach wasted vast amounts of addresses. A small organization needing 300 addresses would receive an entire Class B network supporting 65,534 hosts. Subnetting solved this problem by allowing flexible network division.

What is a Subnet Mask?

A subnet mask is a binary pattern used to separate the network and host portions of an IP address. It's always 32 bits, matching the size of an IPv4 address. In a subnet mask, 1s represent the network portion, and 0s represent the host portion.

Subnet Mask Formats

Subnet masks are written in two common formats:

Dotted Decimal Notation: The traditional format, identical to IP address format.

255.255.255.0
255.255.255.128
255.255.0.0

CIDR Notation: A compact format showing the number of network bits.

192.168.1.0/24    (24 network bits)
10.0.0.0/8        (8 network bits)
172.16.0.0/12     (12 network bits)

The "/24" in CIDR notation means the first 24 bits define the network, leaving 8 bits (32 - 24 = 8) for hosts. This octet can hold 256 values (0-255), but the first address is the network address and the last is the broadcast address, leaving 254 usable host addresses.

How Subnetting Works: Step-by-Step

The Binary Process

Let's examine how a subnet mask actually works at the binary level. Consider the IP address 192.168.1.100 with subnet mask 255.255.255.0:

IP Address:     11000000.10101000.00000001.01100100
Subnet Mask:    11111111.11111111.11111111.00000000
Network Address:11000000.10101000.00000001.00000000
                (192.168.1.0)

The bitwise AND operation between the IP address and subnet mask gives the network address. When you AND a bit with 1, you keep that bit. When you AND with 0, the result is always 0. Everything in the last octet becomes 0, confirming this host belongs to the 192.168.1.0/24 network.

Calculating Subnets from a Larger Network

Suppose you manage a Class B network 172.16.0.0/16 and need to create four subnets for different departments. You'd borrow bits from the host portion.

To create 4 subnets, you need 2 bits (2² = 4). Your new subnet mask becomes /18 (16 + 2):

Original:  172.16.0.0/16
New mask:  255.255.192.0 (/18)

Subnet 1:  172.16.0.0/18    (172.16.0.0 to 172.16.63.255)
Subnet 2:  172.16.64.0/18   (172.16.64.0 to 172.16.127.255)
Subnet 3:  172.16.128.0/18  (172.16.128.0 to 172.16.191.255)
Subnet 4:  172.16.192.0/18  (172.16.192.0 to 172.16.255.255)

Each subnet supports 16,382 usable host addresses (2¹⁴ - 2). The formula is always: number of usable hosts = 2^(host bits) - 2. You subtract 2 because the first address is reserved for the network and the last for broadcast.

Common Subnet Masks and Their Uses

Understanding standard subnet masks helps with quick mental math on networks:

Practical Example: Subnetting a Network

You're a network administrator with 192.168.0.0/24 and need three subnets: Marketing (50 hosts), Engineering (100 hosts), and HR (25 hosts). Here's how you'd approach it:

Step 1: Determine required bits

Engineering needs 100 hosts, requiring at least 7 bits (2⁷ = 128 addresses, 126 usable). So you need at least a /25 for the largest subnet.

Step 2: Allocate subnets

Engineering: 192.168.0.0/25   (0-127, 126 usable)
Marketing:   192.168.0.128/26  (128-191, 62 usable)
HR:          192.168.0.192/26  (192-255, 62 usable)

Step 3: Assign addresses

Engineering: 192.168.0.1 to 192.168.0.126
Marketing:   192.168.0.129 to 192.168.0.190
HR:          192.168.0.193 to 192.168.0.254

Notice we exclude network addresses (x.x.x.0 and x.x.x.128, etc.) and broadcast addresses (the last address in each subnet) from host assignment.

Why Subnetting Matters

Efficient IP Usage: You allocate only what you need. A department with 10 computers gets /28 (14 usable addresses), not a /24 with 254 wasted addresses.

Network Performance: Smaller subnets reduce broadcast traffic. Broadcast frames only flood devices on the same subnet, improving overall performance.

Enhanced Security: You can apply different security policies to different subnets. Guest WiFi traffic stays isolated from internal servers.

Simplified Management: A clear subnet hierarchy makes it easier to understand network topology and troubleshoot connectivity issues.

For deeper networking knowledge, explore our guides on IP addressing fundamentals and network design principles.

Tools for Subnet Calculations

While manual calculation is valuable for understanding, professionals use tools daily:

python3
>>> from ipaddress import IPv4Network
>>> net = IPv4Network('192.168.1.0/24')
>>> print(net.network_address)
192.168.1.0
>>> print(net.broadcast_address)
192.168.1.255
>>> print(net.num_addresses)
256

Variable Length Subnet Masking (VLSM)

Modern networks rarely use fixed subnet sizes. Variable Length Subnet Masking lets you create subnets of different sizes within the same larger network. This maximizes efficiency.

Using our earlier example with different department sizes, we allocated /25, /26, and /26—three different mask lengths. This is VLSM in action, and it's essential for real-world deployments.

VLSM requires routing protocols that support it, like OSPF or BGP. Older protocols like RIPv1 don't support VLSM.

Frequently Asked Questions

What's the difference between subnet mask and CIDR notation?

They represent the same information differently. Subnet mask 255.255.255.0 equals CIDR /24—both specify 24 network bits and 8 host bits. CIDR is more compact and easier to write. CIDR is now the standard in modern networks.

How do I calculate usable hosts in a subnet?

Count the host bits (32 minus the network bits), then use the formula: 2^(host bits) - 2. For /24: 32 - 24 = 8 bits, so 2⁸ - 2 = 256 - 2 = 254 usable hosts. The subtraction accounts for the network and broadcast addresses.

Can you subnet a /32 address?

No. A /32 means all 32 bits define the network with zero host bits. It represents a single IP address, not a network. This notation is used for host routes and loopback addresses. You can't subdivide it further.

What happens if I use the wrong subnet mask?

Devices won't communicate properly. If two devices have different subnet masks, they may think they're on different networks and route traffic through a gateway unnecessarily, increasing latency. In severe cases