What Is a Subnet Mask? A Beginner’s Guide to Subnetting

7 min read
1 October 2021
Ignas Anfalovas

What's the difference between a subnet and a subnet mask? What is subnetting and how can it help you? Discover answers to these and many other questions in this article.

what is subnet mask

A subnet mask is a number that distinguishes the network address and the host address within an IP address. A subnet is a smaller network within a network that requires a subnet mask.

Subnetting is the process of dividing a network into two or more subnets. Its primary function is to make the routing of data within a network more efficient and secure. Subnetting also helps make better use of IPv4 addresses. 

When you connect a device to a network, the network assigns an IP address to the device. That IP address consists of two parts: the network portion and the host portion. The network portion of the IP address identifies the overall network while the host portion identifies the device. 

The network address and host address contained in an IP address are indistinguishable from each other without a subnet mask. The subnet mask allows network traffic to understand IP addresses by splitting them into the network and host addresses.  

You can quickly see which subnet mask would apply to which subnet and IP address pairing using a subnet cheat sheet

Are subnets and subnet masks the same thing?

No, while subnet masks are an essential part of subnets, they are not the same thing. 

A subnet (short of subnetwork) describes the specific part of a network that shares the network’s IP address but has a unique subnet address. 

A subnet mask, however, differentiates between the portion of an IP address that refers to the subnet and the portion which refers to the host.

The network and host portions of an IP address
The network and host portions of an IP address

Why use subnetting?

Subnetting serves a number of purposes. From giving administrators more control over their networks and improving their networks’ performance. To boosting security and making more efficient use of IP addresses. Here are some of the key benefits. 

More efficient routing of data

Broadcast traffic creates a big inefficiency in networks. This traffic involves data packets traversing the network to every node. By dividing broadcast domains, subnetting reduces the number of nodes that broadcast traffic interacts with and makes the routing of data packets more direct and efficient.

You can think of a subnet as allowing different devices to communicate with different smaller networks, rather than all trying to communicate with the same network at the same time. 

Let’s take 100 people trying to talk at the same time in a Zoom call as an example. There’d be too much information and noise to take anything in. However, if those 100 people split into 20 breakout rooms, they could have much more peaceful and productive conversations.

Subnet masks are key here. That’s because a subnet mask is what makes sure that traffic stays contained within its designated subnet. This reduces major congestion and the load imparted on the network. 

Subnetting effectively decreases the distance that data packets need to travel in the network. This also allows the network to route data more efficiently. 

All of this increases the speed and overall performance of the network.  

How subnetting works

Better network security

If you’re operating a large local network, with many connected devices and a high volume of network traffic, there are a number of security advantages of running multiple subnets rather than one larger network. 

Most notably, if a subnet is compromised by an attack, only that network segment will be affected. Using subnets, instead of all devices on the same network being visible to attackers, they would only have access to other devices on the same subnet. 

A network manager who breaks a local area network into smaller networks can also control the flow of traffic through Route-maps, QoS, or ACLs, which helps identify and address threats more effectively. 

You may want to create subnets to keep legitimate local network traffic siloed, too. Subnets make it possible to prevent all devices from accessing the entire network. This is a great solution if you want to keep certain files or processes secure or limit remote network access. 

Increased lifespan of IPv4

When the internet was first coming into use, it was easy to get an IP address. Since there is a limited number of possible IPv4 addresses, the available IP address stock quickly began to diminish

Looking for an IP address solution, creative minds came up with the idea of using subnetting to increase the utility of a single public IP address. 

Instead of each device having a unique IP address, a network can have a number of private IP addresses on a single IP network. This means that each device on an IP network has an IP address with a part that refers to the overall network IP address, and a part that refers to its subnet. 

This is why IPv4 remained the internet standard for much longer than if subnetting was not an option. 

How does subnetting really work?

Networks use Internet Protocol addresses to identify specific pieces of hardware, like servers or computers. Subnetting allows a network that has one public IP address to split into a number of smaller networks. Each with a unique internal IP address. 

Networks are capable of connecting hundreds and even thousands of devices. As a result, traffic may have to travel a complex route to the associated IP address for a specific device. 

Subnetting creates sub-networks within a single physical network, limiting IP address usage to just a few devices. Due to this, data can travel more directly to its destination IP address. It doesn’t need to interact with all parts of the network. 

To identify the specific device that a data packet is going to, it is important to arrange the IP address in a logical way. The purpose is to ensure that it is easy to identify the network address and the host address. 

To make subnetting possible, and to make sure traffic gets to the correct destination address, each IP address needs to be matched to a subnet mask. 

How do IP addresses and subnet masks relate?

Devices on an IPv4 network can each be uniquely identified by a 32-bit IP address. These 32 binary bits contain the host address and the network address, which are identified by the subnet mask.  

The bits are broken into 4 groups of 8 numbers, called octets. Binary tends to be inefficient to display and understand. Therefore, IP addresses tend to be presented in a dotted-decimal format with numbers ranging from 0 to 255. Or from 00000000 to 11111111 in binary range.

A subnet mask may look like this: 11111111.01100110.11111111.00000000
However, in most cases, the subnet address looks like this:

A subnet mask has a similar format to an IP address. An IP address has 32 bits usually presented with a series of number octets separated by dots. 

An IP address may look like this: 01011100.11111111.11111111.00000000
However, in most cases, it looks like this:

As you can see, they have a similar function and structure. However, a subnet mask is only used within an internal network and is not a public network address. 

The role of a public IP address is to direct traffic to the correct network. The role of a subnet mask in subnetting is to direct data on a specific route within the network according to its intended destination. 

How do IP classes and subnet masks relate?

Networks come in different sizes. Some require access for just a few hosts. Others need to offer access to many thousands of hosts. Because of this, there are different classes of IP addresses. They make space for class A networks, class B networks, and class C networks. 

There are also class D and class E networks. Class D facilitates multicasting and class E – research, so they’re not relevant here. 

Class A, Class B, and Class C ranges
Class A, Class B, and Class C ranges

The IP address class dictates the possible size of the network as well as how many of the octets are dedicated to the subnet mask. Different IP address classes are suitable for different needs. 

Class A network supports over 65,536 hosts. It makes all that access by only having the subnet mask reflect the network address in the first octet, with the second, third, and fourth left free for the administrator to assign as required to hosts and subnets. 

Class B network has an IP address where the subnet mask reflects the network address in the first and second octets. Leaving only the third and fourth for assignment with the network. Class B network, therefore, has availability for connections to only between 256 to 65,534 hosts. 

Class C network supports the fewest hosts. In a class C network, the first, second, and third octets are all used to reflect the network number. Leaving only the final octet to facilitate up to 254 host addresses. 

Both class B address and class C address look the same. Therefore, they require a subnet mask to identify the network address and host address. 

How do network addresses and subnet masks relate?

For IPv4 addresses, each of the different classes of the network has a different default mask:

  • The class A default subnet mask is
  • The class B default subnet mask is
  • The class C default subnet mask is

You can see how the default subnet masks reflect how many of the octets are used by the network address. 

Looking at the default subnet mask tells you the number and type of IP addresses of any given network. Each subnet contains connected devices with a fixed range of IP addresses. 

If you take as an example IP address and pair it with the subnet mask, you can determine that the network address is contained in the portion 10.45.21 while the associated subnet for host addresses is in the range


Understanding what a subnet mask is may be impossible until you begin to understand how IP addresses work and why networks use subnetting. That’s why the answer to what a subnet mask is isn’t completely straightforward. 

With this said, you should now have basic knowledge of how IPv4 addresses communicate data between and within networks. The administrators of those networks may choose to use subnetting out of concern for security, routing efficiency, network speed or to preserve more public IPv4 addresses. Usually, it’s a combination of multiple reasons. 

If you choose to utilize subnetting in your network, you’ll need to use subnet masks to ensure that inbound traffic is routed to and from the correct host devices. Even if you run a relatively small system, subnet masks can play an integral part in its reliable and smooth operation.

About the author

Ignas Anfalovas

Platform Engineering Manager

Ignas is a Platform Engineering Manager at IPXO with more than 7 years of experience in the IT sector. His expertise includes network design solutions and infrastructure maintenance. After working hours, you will find Ignas in Lithuanian folk-dance classes.
Table of contents

Related reading

Various domain extensions, like, .net, .org, .com, and others.
6 September 2023   •   Network Engineering

DNS and rDNS: the Hidden Heroes That Keep the Internet Running

Discover the web's overlooked helpers - DNS & rDNS. Learn their importance, benefits, and automation's role in powering the online world.

Read more
A laptop with an envelope on the screen representing email.
19 July 2022   •   Network Engineering

Email Service Provider: What You Should Know About ESPs in 2022

Discover the differences between email service providers and webmail clients. Learn the importance of ESPs for successful email marketing campaigns.

Read more
Two computers exchanging files with FTP sign above them.
12 July 2022   •   Network Engineering, Networking Protocols

File Transfer Protocol Explained

What does FTP stand for? What is the importance of this protocol? How does it work? Read this post to learn all about the File Transfer Protocol.

Read more

Subscribe to the IPXO email and don’t miss any news!