IP subnetting: The subnet mask
The subnet mask is a topic which seems to cause considerable confusion when it comes to configuring a TCP/IP stack. The subnet mask is used to divide the 32 bits into two parts. The left portion is the network address. The remaining part is the host address. The subnet mask simply tells the computer how many bits (from left to right) are in the network address. The remaining bits comprise the host address. This can be seen in Figure 2.2.

Figure 2.2: Network and Host Portions of the IP Address

In the olden days there were three types of networks: class A, class B, and class C, each with its ownfixed subnet mask. Period. This meant that there were three ways to divide the 32 bits in an IP address into a network and a host address. Because this resulted in extremely restrictive groupings of IP addresses, CIDR (Classless Inter-Domain Routing) was born. With CIDR, you can divide the IP address almost anywhere within its 32 bits. You can think of it as drawing a line in the sand and proclaiming: "All bits to the left of this line comprise the network address, and all bits to the right of this line comprise the host address."

The delineation between the two fields of the IP address is presented with the subnet mask. The idea is similar to cutting a hole in a piece of paper and then placing it over a page of this book. The larger the hole, the more of the book you can see through it. In the case of a subnet mask, the part you see through the hole is controlled by the number of "1"s, and corresponds to the network address of the subnet. The remainder is the host address. To "look through the mask," the computer performs a binary-AND operation of the IP address and the subnet mask. Here is a quick example:

As you can see, where there is a "1" in the subnet mask, the bit in the IP address is copied into the network address. "0"s in the subnet mask remain "0"s. That's masking, and it is something that can be performed very quickly by computer hardware. Although the subnet mask is always a string of bits inside the computer, people get tired of writing out all of those ones and zeros, so there are three different representations for human use.

• The first is just like a dotted IP address. For example, /255.255.252.0. This is easy for humans, and it is the most common format used when specifying the subnet mask in commands and configuration files.
• The second is the format used in the example--i.e., all bits written out as four groups of eight bits (/11111111.11111111.11111100.00000000). It is rarely written out except when you need to calculate network addresses by hand.
• The third representation counts the number of "1"s before the "0"s start, which we can call maskbits notation. The subnet mask in our example has 22 "1"s, and would be simply written as /22.

Table 2.1: Subnet Mask Lookup Table

Note that there cannot be a "0" followed by a "1" in a subnet mask. Recall that the subnet mask is telling us how many bits (from left to right) are in the network address. Because the network and host fields are contiguous, and all bits must be used, there are no gaps. For all three representation it makes no sense to specify a network address without a subnet mask, or vice versa, so a slash (/) is used to separate the two.

Converting Between Subnet Mask Representations
Table 2.1 contains a list of subnet mask numbers that can help you perform conversions between the different subnet mask formats. Use this for each octet in your mask separately. If you encounter 255.255.224.0 as a subnet mask, you can use the table above to quickly calculate that it is equivalent to 8 + 8 + 3 = 19, or /19, or if you need the binary, 11111111.11111111.11100000.00000000.

Parameters Related to the Subnet Mask
Given an IP address and its associated subnet mask, we can determine anything we need about the properties of the IP subnet. In addition to the network address, which we calculated in the prior example, the following parameters can be calculated:

• Host Address -- This is the portion of the IP address that does not correspond to the network address. If you were to invert the subnet mask (exchange "0"s with "1"s and "1"s with "0"s--this is known as the 1's complement), and calculate the bitwise-AND of this with the IP address, the result would be the host portion. There is no point in calculating this parameter, because people never use it.
• Broadcast Address -- The broadcast address is a reserved address in each IP subnet which can be used to speak to all of the IP hosts via a single packet (called a broadcast). For a given subnet, it is the network address together with the bits in the host portion of the address all set to "1". Put another way, it is the highest (or last) host address in the subnet. It is easiest calculated by performing a bitwise-OR of the IP address and the 1's complement of the subnet mask.
• Number of Host Addresses in this IP Subnet -- This quantity is used for planning deployment of address space. (We will use it later, on page 25, for this purpose.) The value is calculated by raising two to the power of the number of "0"s in the subnet mask. But because the first address in the subnet is always reserved for the network address, and the last address for the broadcast address, you should subtract two from this value to find the maximum number of hosts. You can use these formulae:

of host addrs = 2 (32 -maskbits) (2.1)

max # of hosts = 2 (32 -maskbits) -2 (2.2)