Back to top

What is a Subnet Mask?

What is a subnet mask?

A subnet mask is a bit mask used to define a subnet of an Ethernet network.  It acts like a filter to only allow devices with certain IP addresses to communicate.

Subnets are used to specify which devices can communicate with which other devices on an Ethernet network.

You could have 5 devices on a local network, but restrict one of those devices to only communicate with one other device.  So it can’t communication with the other 3 devices.

Subnet masks can be used for security, for access privilege restriction, or to simplify configuration by limiting each device’s “view” of the network.

 

Network Example

image

 

In this example, there is an Ethernet switch and several devices.  Without different subnets, all of these devices could communicate with all of the other devices.

 

Network Example with Subnet

image

 

With subnet masks, some devices are limited as to which other devices they can communicate with.  In cases where the IP addresses are not compatible based on the subnet masks, those devices are not allowed to communicate with each other.

 

IP Address Construction

A standard 32bit IP address contains 4 groups of 8 bits.  Each of these is called an Octet since they have a size of 8 bits.

image

The IP address 192.168.0.5 in binary looks like,

image

 

Subnet Mask Definition

The subnet mask specifies which parts (octets or bits) of the IP address must match the IP addresses of the other devices on that network.

image

A subnet mask of 255.255.255.0 means that the device can connect with any other device on the network with an IP address containing identical values in the first three octets. 

  • 255 means that the value of that octet must be identical
  • 0 means that the value can be anything

The AKD drive always uses 255.255.255.0 for the static IP subnet mask (for IP.MODE=0).

For a subnet mask of 255.255.0.0:

  • First two octets must be identical
  • Last two can be different 

Obviously, something must be different for the addresses to be unique.

It is less common, but a mask can have values other than 255 and 0.  In this case, the mask is defining which bits of the octet must be identical and which bits can be different.

 

Subnet Mask Example 1

Device 1: IP address 192.168.0.1 and subnet mask 255.255.255.0

Device 2: IP address 192.168.0.54 and subnet mask 255.255.255.0

Device 3: IP address 192.168.5.27 and subnet mask 255.255.255.0

Device 4: IP address 192.10.0.2 and subnet mask 255.255.255.0

  • Only Device 1 and Device 2 can communicate.
  • Device 3 has “5” in the third octet instead of 0.
  • Device 4 has “10” in the second octet instead of 168.

 

Subnet Mask Example 2

Same IP addresses as example 1, but each device has a subnet mask of 255.255.0.0.

  • Devices 1, 2, and 3 can communicate, because the 1st and 2nd octets are all 192.168.
  • Device 4 can't communicate with the others, because the 2nd octet is different.

 

Simple Subnet Mask - 255.255.255.0

Same subnet = communication allowed:

image

The IP addresses differ by bits 0, 1, 2, 3, and 5 of the 4th octet.  Those bits in the subnet masks are 0, allowing for the IP address differences.

 

Different subnet = communication not allowed:

image

One difference between the IP addresses is bit 0 of the 3rd octet.  That bit in both subnet masks is 1, meaning that bit in the IP addresses must be the same.  They aren't the same, and is therefore preventing those two devices from communicating.

 

Complex Subnet Mask

Same subnet = communication allowed:

image

The subnet masks have bit values of 0 for each of the IP address bits that differ.  So these devices can communicate.  (The subnet for Device 1 overlaps the subnet for Device 2.)

 

Different subnet = communication not allowed:

image

One difference between the IP addresses is bit 1 of the 3rd octet.  That bit in Device 2's subnet masks is 1, meaning that bit in the IP addresses must be the same.  They aren't the same, and is therefore preventing those two devices from communicating.  Device 1 is technically allowed to communicate with Device 2, but Device 2 is prohibiting the communication.