Internet Protocol Tutorial - Subnets

Subnet Masks and Subnetting

Example Configurations for Network Subnets
Example Configurations for Network Subnets. Bradley Mitchell

A subnet allows the flow of network traffic between hosts to be segregated based on a network configuration. By organizing hosts into logical groups, subnetting can improve network security and performance.

Subnet Mask

Perhaps the most recognizable aspect of subnetting is the subnet mask. Like IP addresses, a subnet mask contains four bytes (32 bits) and is often written using the same "dotted-decimal" notation.

For example, a very common subnet mask in its binary representation

  • 11111111 11111111 11111111 00000000

is typically shown in the equivalent, more readable form


Applying a Subnet Mask

A subnet mask neither works like an IP address, nor does it exist independently from them. Instead, subnet masks accompany an IP address and the two values work together. Applying the subnet mask to an IP address splits the address into two parts, an "extended network address" and a host address.

For a subnet mask to be valid, its leftmost bits must be set to '1'. For example,

  • 00000000 00000000 00000000 00000000

is an invalid subnet mask because the leftmost bit is set to '0'.

Conversely, the rightmost bits in a valid subnet mask must be set to '0', not '1'. Therefore,

  • 11111111 11111111 11111111 11111111

is invalid.

All valid subnet masks contain two parts: the left side with all mask bits set to '1' (the extended network portion) and the right side with all bits set to '0' (the host portion), such as the first example above.

Subnetting in Practice

Subnetting works by applying the concept of extended network addresses to individual computer (and other network device) addresses. An extended network address includes both a <b>network address</b> and additional bits that represent the <b>subnet number</b>. Together, these two data elements support a two-level addressing scheme recognized by standard implementations of IP.

The network address and subnet number, when combined with the <b>host address</b>, therefore support a three-level scheme.

Consider the following real-world example. A small business plans to use the network for its internal (intranet) hosts. The human resources department wants their computers to be on a restricted part of this network because they store payroll information and other sensitive employee data. But because this is a Class C network, the default subnet mask of allows all computers on the network to be peers (to send messages directly to each other) by default.

The first four bits of -


place this network in the Class C range and also fix the length of the network address at 24 bits. To subnet this network, more than 24 bits must be set to '1' on the left side of the subnet mask. For instance, the 25-bit mask creates a two-subnet network as shown in Table 1.

For every additional bit set to '1' in the mask, another bit becomes available in the subnet number to index additional subnets. A two-bit subnet number can support up to four subnets, a three-bit number supports up to eight subnets, and so on.

Private Networks and Subnets

As mentioned earlier in this tutorial, the governing bodies that administer Internet Protocol have reserved certain networks for internal uses.

In general, intranets utilizing these networks gain more control over managing their IP configuration and Internet access. The default subnet masks associated with these private networks are shown in Table 2. Consult RFC 1918 for more details about these special networks.


Subnetting allows network administrators some flexibility in defining relationships among network hosts. Hosts on different subnets can only "talk" to each other through specialized network gateway devices like routers. The ability to filter traffic between subnets can make more bandwidth available to applications and can limit access in desirable ways.

More From Us