A subnet mask is a 32-bit number that divides an IP address into two parts: the network portion and the host portion. Think of it like a street address where the street name identifies the neighborhood (network) and the house number identifies the specific house (host). Every device on a TCP/IP network needs a subnet mask to determine which other devices are on the same local network and which ones require routing through a gateway. When your computer wants to communicate with another device, it uses the subnet mask to determine if the destination is local (same subnet) or remote (different subnet). Local traffic is sent directly, while remote traffic is forwarded to the default gateway (router). For IT professionals, subnetting is a fundamental skill used in network design, troubleshooting, access control, and IP address management. Whether you are setting up a small office network or managing a large enterprise infrastructure, understanding subnet masks is essential.

A subnet mask consists of a continuous sequence of 1-bits followed by a continuous sequence of 0-bits. The 1-bits mark the network portion of the IP address, and the 0-bits mark the host portion. For example, the common subnet mask 255.255.255.0 in binary is: 11111111.11111111.11111111.00000000 This means the first 24 bits of the IP address identify the network, and the last 8 bits identify the host. For the IP address 192.168.1.100 with this mask: • Network portion: 192.168.1 (the first 24 bits) • Host portion: 100 (the last 8 bits) • Network address: 192.168.1.0 (all host bits set to 0) • Broadcast address: 192.168.1.255 (all host bits set to 1) • Usable host range: 192.168.1.1 to 192.168.1.254 (254 hosts) The network address and broadcast address are reserved and cannot be assigned to devices, which is why a /24 network has 254 usable addresses, not 256.

Classless Inter-Domain Routing (CIDR) notation expresses the subnet mask as a suffix indicating the number of network bits. Instead of writing "255.255.255.0," you write "/24" — meaning 24 bits are used for the network portion. Common CIDR notations and their subnet masks: • /8 = 255.0.0.0 → 16,777,214 hosts (Class A equivalent) • /16 = 255.255.0.0 → 65,534 hosts (Class B equivalent) • /24 = 255.255.255.0 → 254 hosts (Class C equivalent) • /25 = 255.255.255.128 → 126 hosts • /26 = 255.255.255.192 → 62 hosts • /27 = 255.255.255.224 → 30 hosts • /28 = 255.255.255.240 → 14 hosts • /29 = 255.255.255.248 → 6 hosts • /30 = 255.255.255.252 → 2 hosts (point-to-point links) • /32 = 255.255.255.255 → 1 host (host route) CIDR replaced the old classful addressing system (Class A, B, C) because it allows more flexible allocation of IP address space. Instead of being limited to /8, /16, or /24 boundaries, network administrators can create subnets of any size that fits their needs.

Suppose you are given the network 10.0.0.0/24 and need to create four separate subnets for different departments. You need to borrow 2 bits from the host portion (because 2² = 4 subnets), changing the prefix from /24 to /26. The four resulting subnets would be: • Subnet 1: 10.0.0.0/26 (hosts: 10.0.0.1 to 10.0.0.62, broadcast: 10.0.0.63) • Subnet 2: 10.0.0.64/26 (hosts: 10.0.0.65 to 10.0.0.126, broadcast: 10.0.0.127) • Subnet 3: 10.0.0.128/26 (hosts: 10.0.0.129 to 10.0.0.190, broadcast: 10.0.0.191) • Subnet 4: 10.0.0.192/26 (hosts: 10.0.0.193 to 10.0.0.254, broadcast: 10.0.0.255) Each subnet has 62 usable host addresses (64 total minus 2 for network and broadcast). This is a common scenario in office networks where you want to separate departments for security or traffic management purposes. The formula for calculating the number of usable hosts in a subnet is: 2^(32 - prefix length) - 2. For a /26 network: 2^(32-26) - 2 = 2^6 - 2 = 64 - 2 = 62 usable hosts.

In real-world networks, not every subnet needs the same number of hosts. Variable Length Subnet Masking (VLSM) allows you to use different subnet sizes within the same network, optimizing IP address usage. Consider this scenario: you have the network 172.16.0.0/24 and need to create subnets for: • Engineering department: 50 hosts • Sales department: 25 hosts • Management: 10 hosts • Server room: 5 hosts • Two point-to-point router links: 2 hosts each Using VLSM, you would allocate: • Engineering: 172.16.0.0/26 (62 usable hosts — fits 50) • Sales: 172.16.0.64/27 (30 usable hosts — fits 25) • Management: 172.16.0.96/28 (14 usable hosts — fits 10) • Server room: 172.16.0.112/29 (6 usable hosts — fits 5) • Router link 1: 172.16.0.120/30 (2 usable hosts) • Router link 2: 172.16.0.124/30 (2 usable hosts) This uses only 116 of the 256 available addresses, leaving room for future growth. Without VLSM, you would need to use /26 for every subnet, wasting addresses in smaller departments.

Guest Wi-Fi isolation: Many organizations create a separate subnet for guest Wi-Fi (e.g., 10.0.100.0/24) isolated from the corporate network (10.0.1.0/24). Firewall rules between subnets prevent guests from accessing internal resources while still providing internet access. VLAN and subnet pairing: In enterprise networks, VLANs (Virtual LANs) are typically paired with subnets. VLAN 10 might use 10.0.10.0/24, VLAN 20 uses 10.0.20.0/24, and so on. This makes network management and troubleshooting more intuitive. DMZ configuration: Servers that need to be accessible from the internet (web servers, email servers) are placed in a DMZ subnet (e.g., 172.16.1.0/28) with strict firewall rules controlling traffic between the DMZ, internal network, and internet. IP address management: For large organizations, proper subnetting is essential for IP address management (IPAM). A well-designed subnet scheme makes it easy to identify which department, floor, or building a device belongs to based on its IP address.