How exactly do subnet masks work in terms of how packets are delivered?

263 viewsOtherTechnology

I’m studying for a certification at the moment so I know a medium amount about the structure of subletting. The one thing my courses don’t explain very well is the actual function/process of how this works.

Specifically one thing I learned really upended my understanding. The example was if you have a host with the address 10.1.16.42/24 and a host with the address 10.1.16.200/16 would they need a router to communicate?

From my understanding they would, the first host is on the network 10.1.16 and the host section is 42. The second one is on 10.1 and the host section is 16.200. Since their network sections are different why do they not need a router to communicate if their network id’s aren’t the same?

In: Technology

6 Answers

Anonymous 0 Comments

RFC 1519 “Classless Inter-Domain Routing: An Address Assignment and Aggregation Strategy” (Sept 1993) is what you are referring to. Before CIDR, the abbreviation, every network was assigned as a class A, B, or C. That was clumsy, so the engineers schemed a way to subdivide the 32 bit address space from 1 host to all hosts.

The simple way to think about this is to think of the IP address and the subnet mask as 2 32 bit data structures. The IP address is just a binary number like any other divided into 4 8 bit octets for 32 total bits. The subnet mask is simply a ruler, in essence, you line up the subnet mask under the IP address (in binary) and where the 1s stop is where the host address starts. That gives you the ability to describe two pieces of information with the IP address, the network address and the host address. Routers will only route to network addresses, the terminal router, so the router that owns the network you are routing too, is the one responsible for resolving the host address to a MAC address and delivering the packets to the appropriate physical interface.

In your example, the bigger network, 10.1.xxx.xx encompasses every IP address from [10.1.000.001](http://10.1.000.001) to 10.1.255.254. The smaller subnet, 10.1.16.xxx, is only 10.1.16.000 to 10.1.16.254. We would call this a supernet overlap, so the router for the bigger network doesn’t need to route to the smaller one since it can ARP that interface, but the smaller one is otherwise unaware of the fact that other hosts may have been configured with a supernet, so it will automatically look for its configured router since the network 10.1.whatever.whatever is outside of its network. This is a bad configuration and it should be done, but sometimes we do this between routers to do something called route summarization. If I know that my adjacent router owns several contiguous networks, I can route to the closest supernet and it will encompass all the adjacent router’s networks. That way I have 1 route instead of however many routes I would need without summarization.

Your scenario can play out when you need to expand a network, say I have a standard /24 bit mask network and I need to put 260 hosts on it. Can’t do it, right? Well, I can go into the router that owns that /24 and change it to /23, I can then add hosts and simply give them a /23 bit mask. The problem is that all the other hosts aren’t automatically notified of this change, even if I use a DHCP server depending on the lease duration there could be an amount of time where old hosts can’t talk to the new hosts because according to the configuration they have in their NIC, they shouldn’t be able to ARP any IP address above the configured /24.

Good luck on your CCNA or Network+ or both.

Anonymous 0 Comments

It’s a misconfiguration, but their LANs happen to overlap such that it works out and they happen to each think they’re on the same LAN segment.

The subnet mask describes what IP ranges the device will try to connect directly to and what ranges it will ask the defined gateway for help with. In this case let’s say host A is 10.1.16.42/24 and host B is 10.1.16.200/16.

If A wants to talk to B it looks at B’s address and sees that B’s address is within the LAN defined by the CIDR prefix – B has the same first 24 bits of A’s address or 10.1.16. So it can talk directly to B.

If B wants to talk to A it sees that A’s first 16 bits are the same 10.1 it has in its LAN definition. So it can talk to A directly.

This would break down if A were 10.1.1.42/24 because then A would recognize itself as being on a different LAN segment than B, but B would still think it was on the same LAN segment as A.

Anonymous 0 Comments

“Mask” is a binary bit term – the mask is combined bitwise with the address to determine if the destination is local or remote.

Let’s say you have a network address of [192.168.25.0/24](http://192.168.25.0/24), whose mask [255.255.255.0](http://255.255.255.0) when written out in dotted quad. In binary that’s:

`Network: 11000000.10101000.00011001.00000000`

`Mask: 11111111 11111111 11111111 00000000`

So if we have another address (say, 192.168.25.8), and we want to know if it’s within the network above. To do so, we write the address in binary, and do a binary AND with the network mask.

`Address: 11000000.10101000.00011001.00001000`
`Mask: 11111111.11111111.11111111.00000000`
`Result: 11000000.10101000.00011001.00000000`

You’ll notice that the result is the same as the original network address, which means that [192.168.25.8](http://192.168.25.8) is within the [192.168.25.0/24](http://192.168.25.0/24) network. This means that if your host has an address within the same subnet, the address is a local destination. If the result did *not* match, the host would then look up its routing table for an appropriate forwarding next-hop (usually a default gateway).

Anonymous 0 Comments

Host A has been told its address is 10.1.16.42 on a /24 subnet, so it thinks all 10.1.16.x addresses belong in its subnet and should be reachable “directly”. Host A thus thinks Host B (10.1.16.200) is in its subnet.

Host B has been told its address is 10.1.16.200 on a /16 subnet, so it thinks all 10.1.x.x addresses belong in its subnet and should be reachable “directly”. Host B thus thinks Host A (10.1.16.42) is in its subnet.

Each server has a different understanding of the subnet scope but they *do* agree that the other is a part of the same network, so they’re perfectly happy to send out packets to the local switch or wire.

Subnet masks are not part of the packet. The packet does not care; the packet just says “From: 10.1.16.42, To: 10.1.16.200, With Love.” The switch or wire does not care about subnets; higher-level subnet routing is not their problem* – the packet can either reach the exact destination machine or it can’t.

Remember that each host does not have a strong understanding of the larger network – they only know what they’ve been told about their own network config and routing table and they act accordingly, trusting that they haven’t been lied to. As long as they get good results from good-faith obedience to their own rules, they don’t tend to care what happens after that.

* We’re assuming for the sake of the example that the physical switch and network are very simple.

Anonymous 0 Comments

The problem with your example is that you’ve got two hosts in the same network, going by the smaller of the two, but with different network masks. This would be a configuration error in practice, and would definitely cause problems that having a router in between them wouldn’t be able to help with.

If both hosts had /24 as their network masks, then they would be in the same network, because the bitwise mask operation would return the same network number for both.

Anonymous 0 Comments

I wrote this 15 years ago, but it’s easy to understand.

[IP Subnetting Made Easy](https://www.techrepublic.com/article/ip-subnetting-made-easy-125343/)

Edit: Damn, they lost all my helpful pictures.