Understanding netmask and CIDR notation

Sun, 08/26/2012 - 20:00 -- jamie

The Internet is made up of many smaller networks, also known as local area networks (LANs) or subnets, that are connected to each other by routers.

When your computer tries to communicate with another computer, it has to make many decisions about where to send the information. One of the first decisions is whether to try to communicate with a computer on the local network, or whether to rely on the router (aka gateway) to forward the information to a computer on a different network.

When configuring your computer's IP address, you have to provide either the netmask (e.g. 255.255.255.0) or the CIDR notation (e.g. /24) for the network.

In both cases, the information tells your computer what range of IP addresses are local to the network, and what range of IP addresses are only accessible via the router.

IP addresses are numbers that, from left to right, specify greater detail. For example, 192.168.0.5 and 192.168.0.10 both share the first three sets of numbers (192.168.0) and have a more specific final set of numbers to differentiate the address.

Most local area networks use a /24 (netmask of 255.255.255.0), which means that if the first three sets of numbers in the IP address are the same, then it's an address on the local network. For example, if your computer's IP address is 192.168.0.4 and you are communicating with 192.168.0.12, it's on the same network, and your computer will attempt to send information directly to that computer. But, if you are communicating with the IP address 209.51.172.13, then your computer has to relay the data through the router.

However, just because most networks use a /24 (255.255.255.0) setup, doesn't mean that it's a rule. Your computer has to be told explicitly how the network is segmented. The netmask and the CIDR notation are two ways to specify this information.

With a netmask, it's easier to calculate because the numbers are in a more familiar decimal format.

Like an IP address, every decimal separated part of a netmask (also known as an octet) can only be a number between 0 and 255. If an octet is 255, it means it always stays the same. Otherwise, subtract the number from 255 to find out the possible number of addresses available.

For example, 255 - 0 = 255, so if the subnet mask is 255.255.255.0 then there are 256 possible addresses (including both 0 and 255).

If the subnet mask is 255.255.255.224, then 255 - 224 gives you 32 numbers (including both 224 and 255).

If the subnet mask is 255.255.255.192, then 255 - 192 gives you 64 numbers (including both 192 and 255).

With every network, the first and last IP address are reserved, so the "usable" IP addresses is typically the total number of addresses minus 2.

Following are the most common networks (along with the CIDR notation):

  • /30 = 255.255.255.252, 4 addresses, 2 available for use
  • /29 = 255.255.255.248, 8 addresses, 6 available for use
  • /28 = 255.255.255.224, 16 addresses, 14 available for use
  • /27 = 255.255.255.192, 32 addresses, 30 available for use
  • /26 = 255.255.255.128, 64 addresses, 62 available for use
  • /25 = 255.255.255.128, 128 addresses, 126 available for use
  • /24 = 255.255.255.0, 256 addresses, 254 available for use.