from Wikipedia, the free encyclopedia

The network mask , network mask or subnet mask is a bit mask that specifies in the IPv4 network protocol when describing IP networks which bit position within the IP address is to be used for addressing the network or host section. The network portion extends seamlessly from left to right within the IP address; the host portion from right to left. The area used for addressing the network part within the IP address is also called the prefix. Instead of a subnet mask, this can also be specified for IPv4 and IPv6 by specifying a prefix length .

In connection with the IP address of a device, the network mask defines which IP addresses this device can reach in its own network without the aid of a router and for which target networks the device must deliver packets to a router for the purpose of further switching to other networks . The network part must be the same for all devices in the respective network and therefore all communication participants in this IP network usually use the same subnet mask (or prefix length). The device part of the IP address is assigned individually for each device within the network.

Regardless of the assigned IP addresses, network masks or prefix lengths are used for the representation of IP networks in routing tables and filter definitions both in routing protocols and in packet filters . However, some manufacturers of network components use the inverted form of the subnet mask here. The above device part is given in all binary digits with zero or omitted.

Analogy: In the case of a nationally valid telephone number, consisting of the area code and connection number, if all digits are written one after the other, there is no information about where the area code ends and the connection number begins. That is why the two parts are usually separated from each other by a separator (e.g. space) or the area code is put in brackets. This type of information is contained in the network mask or prefix length when specifying an IP network. In this analogy, the representation of an IP network corresponds to the specification of the mere area code.



A network mask is exactly as long as an IPv4 address, i.e. 32 bits . A 1 in the network mask indicates that the bit in the same position in the IP address is used for addressing networks. A 0 in the same position in the IP address indicates address information for the device part. The network part of an IPv4 address results from its bit-by-bit logical AND link with the network mask. After the bit-by-bit negation of the network mask, the device part is also disconnected.


IPv4-Adresse 11000000 10101000 00000001 10000001
UND Netzmaske     11111111 11111111 11111111 00000000
= Netzwerkteil 11000000 10101000 00000001 00000000
IPv4-Adresse 11000000 10101000 00000001 10000001
UND NOT Netzmaske 00000000 00000000 00000000 11111111
= Geräteteil 00000000 00000000 00000000 10000001

With such a 32-bit wide network mask with 24 set bits, 8 bits remain and thus 2 8  = 256 addresses for device parts. One speaks of a 24-bit network. Because the smallest address (all bits in the device part are zero) describes the network itself and the largest address (all bits in the device part are one) is reserved for the broadcast , they do not count among the addresses that are used by devices as host addresses . With a 24-bit mask, 254 addresses are available for addressing devices in this network.


The notation of network masks such as IPv4 addresses is usually not in the dual system , but in the decimal system . Then the IP address of the above example is and the netmask is or / 24 for short. Thus the network part is 192.168.1 and the device part 129. The IP network can also be described as

While the CIDR notation / 24 indicates the number of bits set in the network mask, in the dotted decimal notation the network mask is broken down into four octets , which are represented by decimal numbers. The decimal number 255 has the same value as the binary number 11111111, which corresponds to 8 bits set. In the example, 8 + 8 + 8 + 0 = 24 set bits result. An overview of all IPv4 network masks larger than / 8 in different notations can be found in the article CIDR .

Example 1: The IP address is to be examined, in another notation The network mask is a 27-bit mask. The first question to be answered is how many IP addresses belong to a 27-bit network. Answer: An IPv4 address consists of 32 bits. 32 minus 27 is 5. The 27-bit mask therefore leaves addresses freely available, ie 32. A 27-bit network therefore includes 32 addresses. Now the question should be clarified, what the name of the network to which the address belongs. Answer: The smallest address from the predetermined range gives the network its name. It can be found by starting from 188 and looking for the next smaller number that is divisible by 32. The result is 160. The network is called It includes the 32 addresses from up to and including The address designates the network itself, is the broadcast address. The 30 IP addresses from up to and including remain usable for devices.

Example 2: and differ in that the first network includes the IP addresses to, while the second only includes the range to


IPv6 uses a different network mask than IPv4 . The main differences are summarized in RFC 5942 (IPv6 Subnet Model).
With the prefix length for IPv6, the number of bits in the network part is simply written after the IPv6 address, separated by "/", as in the CIDR, for example 2001: 0db8: 85a3: 08d3: 1319: 8a2e: 0370: 7347/64. The prefix length in this case is / 64, the network 2001: 0db8: 85a3: 08d3: 0000: 0000: 0000: 0000/64 and the device part or interface identifier is 1319: 8a2e: 0370: 7347. This notation is also becoming more and more popular for IPv4.

A less plausible example is 2001: 0db8: 85a3: 08d3: 1319: 8a2e: 0370: 7347/57, the associated network is 2001: 0db8: 85a3: 0880: 0000: 0000: 0000: 0000/57 and contains the addresses 2001: 0db8: 85a3: 0880: 0000: 0000: 0000: 0000 to 2001: 0db8: 85a3: 08ff: ffff: ffff: ffff: ffff, some of which are also intended for special functions. The freely available tool sipcalc makes it easier to deal with poorly structured IPv6 networks :

$ sipcalc 2001:0db8:85a3:08d3:1319:8a2e:0370:7347/57
-[ipv6 : 2001:0db8:85a3:08d3:1319:8a2e:0370:7347/57] - 0
Expanded Address        - 2001:0db8:85a3:08d3:1319:8a2e:0370:7347
Compressed address      - 2001:db8:85a3:8d3:1319:8a2e:370:7347
Subnet prefix (masked)  - 2001:db8:85a3:880:0:0:0:0/57
Address ID (masked)     - 0:0:0:53:1319:8a2e:370:7347/57
Prefix address          - ffff:ffff:ffff:ff80:0:0:0:0
Prefix length           - 57
Address type            - Aggregatable Global Unicast Addresses
Network range           - 2001:0db8:85a3:0880:0000:0000:0000:0000 -

Prefix lengths as mesh sizes

The network mask (IPv4) or prefix length (IPv6) can also be understood as the size of an IP network, whereby larger prefix lengths mean smaller networks, since not as many bits are available for device parts.


Netmask Number of usable IPv4 addresses Mask as a bit pattern
/0 max. 4.294.967.294 (Nur ein großes Netz ohne Router) 0000’0000.0000’0000.0000’0000.0000’0000
/4 max. 268.435.454 1111’0000.0000’0000.0000’0000.0000’0000
/8 max. 16.777.214 1111’1111.0000’0000.0000’0000.0000’0000
/12 max. 1.048.574 1111’1111.1111’0000.0000’0000.0000’0000
/16 max. 65.534 1111’1111.1111’1111.0000’0000.0000’0000
/17 max. 32.766 1111’1111.1111’1111.1000’0000.0000’0000
/18 max. 16.382 1111’1111.1111’1111.1100’0000.0000’0000
/19 max. 8190 1111’1111.1111’1111.1110’0000.0000’0000
/20 max. 4094 1111’1111.1111’1111.1111’0000.0000’0000
/21 max. 2046 1111’1111.1111’1111.1111’1000.0000’0000
/22 max. 1022 1111’1111.1111’1111.1111’1100.0000’0000
/23 max. 510 1111’1111.1111’1111.1111’1110.0000’0000
/24 max. 254 1111’1111.1111’1111.1111’1111.0000’0000
/25 max. 126 1111’1111.1111’1111.1111’1111.1000’0000
/26 max. 62 1111’1111.1111’1111.1111’1111.1100’0000
/27 max. 30 1111’1111.1111’1111.1111’1111.1110’0000
/28 max. 14 1111’1111.1111’1111.1111’1111.1111’0000
/29 max. 6 1111’1111.1111’1111.1111’1111.1111’1000
/30 max. 2 1111’1111.1111’1111.1111’1111.1111’1100
/31 2 als Punkt-zu-Punkt-Verbindung 1111’1111.1111’1111.1111’1111.1111’1110
/32 genau 1 (nicht nutzbar) 1111’1111.1111’1111.1111’1111.1111’1111

More examples: All values .

See also


  • RFC 950 , Internet Standard Subnetting Procedure, 1985
  • RFC 3021 , Using 31-Bit Prefixes on IPv4 Point-to-Point Links
  • RFC 5942 , IPv6 Subnet Model

Web links

Individual evidence

  1. Created: 04 Jan 2011-Last updated: 14 Mar 2019 - ipv4, ipv6: Understanding IP Addressing and CIDR Charts. Retrieved July 18, 2019 .