What’s A Netmask?

And Why Do I Need One?

When you set up a small network that interconnects to another network, the assignment of IP addresses and the “netmask” are very important. A lot of people get confused about this part, so here’s a short explanation of what’s going on.

IP Addresses
On a TCP/IP network, which is what you are building, every machine has a unique IP address, consisting of a total of 32-bits. The address is usually expressed as four decimal numbers separated by dots, where each number represents 8 bits of address. Each number therefore ranges from 0 to 255. (Note: the world is running out of IP addresses, so a new address scheme called IPng is being developed that uses six numbers instead of four. It is not yet actually in use.)


Now, in theory, all the computers in the world could be connected to one really really long wire, and they could all talk to each other because each one has a unique IP address. There are several reasons why this won’t work, one of them being that there would be too many machines trying to talk at the same time and they’d interfere with each other. The wire doesn’t have enough “bandwidth” – information capacity – to handle all the traffic.

So instead, the networks are broken up into a number of smaller networks, that can be interconnected. That way, traffic among the computers on the smaller network never has to leave the local network. Only traffic for machines on other networks has to go out over the network connection system. The smaller network is called a “subnet” of the larger one. The thing that does the interconnecting is called a Router. Its job is to filter traffic between the networks.

The 32 bits in IP addresses are assigned to networks and subnets in a hierarchy, so routers don’t have to know where every machine in the world is. They only have to know how to get to a router for the appropriate network. The drawing below shows a simple example.

At the top is a backbone, that connects all the computers and routers in the universe. There is a router connected to it with an IP address of This router has a netmask of, which means that the subnet below the router has all traffic for 205.158.3.anything. The 0 in the netmask means ignore the last 8 bits. So this router will keep any traffic on the net below it destined for 205.158.3.anything from getting out onto the backbone. Conversely, it will pass to the backbone traffic destined for any other IP address.

One level down is another router, with a mask of This is a 16-address subnet and is typical of a small ISDN network. It means only the last 4 bits of the IP address are ignored.

This tells the machine that the first 28 bits of its own IP address defines the network it is on, and the last 4 bits describe the machines on the network. The network can only have 13 machines on it. (0 is used to name the network, all 1’s is used for broadcast, and the router needs an address of its own, so there are 13 left for computers.) The router’s address is, and it handles traffic for everything from .17 (itself) to .31. The next router over has the next 16 addresses, and so on.

IP addresses are assigned by registration organizations world-wide. In the U.S., it is an organization called “Internic”. They assign IP addresses to various networks of different sizes, generally called class A, class B, or class C networks, depending on the size of the network. Some of the numbers are reserved for special purposes. A range of numbers in the first quad is reserved for class A networks; another range for class B; another for class C. What they are isn’t important here, but you should be aware that there is some built-in significance to what the IP numbers actually are. In practice, Internic usually assigns IP addresses only to Service Providers (ISPs). The ISPs divide up their IP addresses among their customers, using the strategy described above.

When you get a “work-group ISDN” (or whatever your provider calls it) account from your ISP, they will assign you a range of IP addresses and the corresponding netmask. They will also tell you the IP address of your router, which is one of the addresses in the range defined by your netmask. And they tell you the IP address of their router.

When you set up each client machine, you:

  • assign it one of the IP addresses your provider gave you;
  • assign it the netmask your provider gave you;
  • assign it a gateway, which is the IP address of your ISDN router

When you set up your ISDN router, you:

  • assign it the IP address (in your range) your provider gave you;
  • assign it the netmask your provider gave you;
  • tell it the IP address of your ISP’s router, which is the machine it needs to talk to;
  • tell it how to dial to get to your ISP’s router.

Given this information, each machine knows that it can talk to other machines whose IP address is within the netmask range by addressing them directly on the local network, and for all other IP addresses, it must send the packet to the gateway – the ISDN router – instead. The ISDN router knows that if it sees traffic on the local net directed to a machine within the netmask range, it can ignore it, but if it sees traffic directed to a machine outside the netmask range, it must open a connection to the ISP’s router and send the traffic there. Your ISP’s router could care less what machines have what IP addresses on your local network. It only needs to know that traffic destined for the network defined by your netmask has to go to your ISDN router.