| Lesson 8 | Netmask Structure and Usage |
| Objective | What is the Structure and use of a netmask? |
Netmask Structure and Usage
The netmask, also known as a subnet mask, is one of the fundamental elements of IP networking. It defines how an IP address is divided into two parts: the network identifier and the host identifier. Understanding the netmask is essential for configuring networks, designing subnets, and managing routing in both IPv4 and IPv6 environments.
From Classful to Classless Addressing
In early TCP/IP implementations, networks followed a classful addressing scheme:
| Class | Default Netmask |
|---|---|
| Class A | 255.0.0.0 |
| Class B | 255.255.0.0 |
| Class C | 255.255.255.0 |
Each class reserved a fixed number of bits for the network portion. However, this approach led to address waste and limited scalability. Modern networks use CIDR (Classless Inter-Domain Routing), which replaces rigid class boundaries with prefix lengths (e.g., /24, /20). CIDR allows variable subnet sizes and more efficient use of IP space.
Structure of a Netmask
A netmask is a 32-bit binary number that separates the network and host portions of an IP address. The bits set to 1 mark the network portion, and those set to 0 mark the host portion. For example:
IP Address: 192.168.1.25
Netmask: 255.255.255.0
Binary form: 11111111.11111111.11111111.00000000
Network part: 192.168.1
Host part: .25
The count of 1 bits in the mask determines the prefix length. Thus, 255.255.255.0 corresponds to /24 since 24 bits are reserved for the network portion.
Using a Netmask: Subnetting and Supernetting
- Identifying Network and Host Portions:
Every device uses its netmask to determine which addresses are part of its local network and which must be reached via a router.
Example: a host with
192.168.10.14/24recognizes that192.168.10.0 – 192.168.10.255are local addresses. - Subnetting:
Network administrators divide a large network into smaller, more manageable subnets by extending the netmask.
For instance, splitting
192.168.1.0/24into four subnets uses/26masks:
Subnetting improves performance and security by isolating traffic.192.168.1.0/26 → hosts 1–62 192.168.1.64/26 → hosts 65–126 192.168.1.128/26 → hosts 129–190 192.168.1.192/26 → hosts 193–254 - Supernetting (Route Aggregation):
The opposite of subnetting, supernetting merges smaller networks into a larger one by reducing the prefix length.
Example: combining four
/24networks (192.168.0.0–192.168.3.255) into one192.168.0.0/22aggregate simplifies routing tables and reduces overhead. - Efficient IP Management: Modern Linux systems, routers, and firewalls use CIDR-based netmasks for flexible assignment and routing efficiency. This approach supports complex topologies without relying on outdated classful rules.
Common Netmask and Prefix Length Reference
| Prefix | Netmask | Usable Hosts | Typical Use |
|---|---|---|---|
| /30 | 255.255.255.252 | 2 | Point-to-point links |
| /29 | 255.255.255.248 | 6 | Small subnets (firewall segments) |
| /24 | 255.255.255.0 | 254 | Standard LAN |
| /16 | 255.255.0.0 | 65,534 | Enterprise campus networks |
IPv6 Prefix Lengths
In IPv6, the concept of a netmask still exists but is expressed exclusively with prefix lengths. IPv6 addresses typically use a /64 prefix for LANs, reserving 64 bits for network routing and 64 bits for interface identifiers (derived from MAC addresses or randomly generated for privacy).
Example:
IPv6 Address: 2001:db8:abcd:12::1/64
Network ID: 2001:db8:abcd:12::
IPv6 eliminates broadcast traffic entirely, replacing it with multicast mechanisms for efficiency and scalability.
Linux Commands for Netmask and Routing Verification
# Display all network interfaces and prefixes
ip addr show
# View routing tables with netmask or CIDR notation
ip route show
# Add an address with a specific netmask
sudo ip addr add 10.42.1.10/24 dev eth0
# Add a static route
sudo ip route add 10.42.0.0/16 via 10.42.1.1
Security and Legacy Considerations
- Deprecated Encryption: Avoid DES-based authentication methods in PPP or legacy VPNs; use AES and SHA-256 or higher.
- CIDR-Only Networks: Always define subnets with CIDR notation rather than class A/B/C conventions to ensure compatibility with modern APIs and routing software.
- Firewall Awareness: Firewalls and IDS tools interpret CIDR prefixes directly. Defining rules using CIDR ensures accuracy and consistency across both IPv4 and IPv6 policies.
Summary
A netmask identifies the boundary between the network and host portions of an IP address. Modern networks use CIDR prefixes instead of rigid class-based masks, enabling flexible subnetting and efficient routing. Whether you’re designing a small LAN or configuring routes for a hybrid cloud, understanding how netmasks define network scope is essential for stable, scalable connectivity.