Home > Resources > Networking Glossary > TCP/IP Protocols >

print

Subnet Masking

Subnet Masking
...Also Called "Address Masking"

The IP Address Mask is a configuration parameter used by a TCP/IP end-node and IP router to differentiate between that part of the IP address that represents the network and the part that represents the host.

A router uses the mask value to create a key value that is looked up in the router table to determine where to forward a frame. An end-node uses the mask value to create the same key value but the value is used to compare the destination address with the end-node address to determine whether the destination is directly reachable (on the same network) or remote (in which case the frame must be sent to a router and can not be sent directly to the destination).

The mask value can be assigned by default or it can be specified by the installer of the end-node or router software. The destination IP address and the mask value are combined with a Boolean AND operation to produce the resultant key value. Consider the following example:

An end-node is assigned the IP address 140.6.15.3 and a mask value of 255.255.0.0. This end-node wants to send a frame to 140.7.9.2. If 140.7.9.2 is on the same network as 140.6.15.3 then the end-node will broadcast an ARP (Address Resolution Protocol) frame to determine the data link address of the destination and it will then send the frame directly to the destination. If 140.7.9.2 is on a different network then the workstation must send the frame to a router for forwarding to the ultimate destination network.

All the dotted-decimal notation must be converted to the underlying 32-bit binary numbers to understand what is taking place.

End-Node 140.6.15.3	=  10001100	00000110	00001111	00000011
Mask 255.255.0.0	=  11111111	11111111	00000000	00000000
Destination 140.7.9.2	=  10001100	00000111	00001001	00000010

When the End-Node IP address is AND'ed with the mask the result is:

End-Node 140.6.15.3	=  10001100	00000110	00001111	00000011
Mask 255.255.0.0	=  11111111	11111111	00000000	00000000
--------------------------------------------------------------------
RESULT OF "AND"	=  10001100	00000110	00000000	00000000
(In dotted-decimal)	=  140.	6.	0.	0

When the destination IP address is AND'ed with the mask the result is:

Destination 140.7.9.2	=  10001100	00000111	00001001	00000010
Mask 255.255.0.0	=  11111111	11111111	00000000	00000000
--------------------------------------------------------------------
RESULT OF "AND"	=  10001100	00000111	00000000	00000000
(In dotted-decimal)	=  140.	7.	0.	0

Since the results (140.6.0.0 and 140.7.0.0) are not equal the end-node concludes that the destination must be on a different network and the frame is sent to a router. This is the way an end-node uses the mask value. A router, on the other hand, masks the destination address in an incoming frame and the result is used as a lookup key in the routing table.