APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed


© November 1998 Tony Lawrence
See also Routing

Up till now, I've been talking about IP addresses and specifying the netmasks by spelling them out: network with a netmask of I've explained that the netmask indicates the bits that are the network part of the address, and that changing anything in those bits puts you on a different network or subnet.

Is there any real difference between a network and a subnet? Not really. Any network is a subnet of something larger, so in that sense, the terms are identical. However, you could look at this another way: your network is the addresses which you can subnet. Or, your network is the bits you cannot change because someone else assigned them to you. As it's always just the number of bits that is important, we can represent networks or subnets another way. The network 192.168.0 with that netmask can be expressed as The "24" is the number of bits set to "1" (remember, 8 bits in each section of a mask).

So, a netmask would be /8, a would be /16 and so on. Those are pretty easy. What about masks like If you aren't used to thinking in bits, this might give you a little headache. But don't panic, it's not that hard. One way to think of it is how many bits are not set in the third octet. We have 8 each set in the first two, so that's 16, and it would be 24 if all the bits were set in the third, but bits adding up to 15 (255 - 240) are missing. That's the 8-4-2-1 bits (8 + 4 + 2 + 1 = 15), so 4 bits are missing, so it is a 20 bit mask: /20.

Bit 7 6 5 4 3 2 1 0
Value 128 64 32 16 8 4 2 1

When you are working the other way, that is, when you've been told that this is network, I think it's even more useful to think about the "missing" bits. Let's take that one, for example. Obviously it is the "1" bit that is missing. What addresses does this network include?

First, remember that the bits that are masked are inviolate: you cannot change any of those or you are on a different network. So everything up through bit 23 is off limits. You can't change the 192, or the 168. The third octet can't be 18 or 192. That's obvious, right?

But you do have one bit in the third octet you can change, and that's the "1" bit. So the third octet could be 16 or 17 (use the Javascript Bit Twiddler if this is hard for you to see inside your head). Therefore, the possible addresses for include to And that is an example of super-netting, which we'll touch more on later. Normally you won't see this kind of mask; you probably will see /25 through /30 (2 - 126 useable addresses). More on that below.

There's something very interesting about this situation, though. You have this network. Obviously (I hope it's obvious), there are "unused" bits here that you aren't allowed to touch because of the mask.

Bit 7 6 5 4 3 2 1 0
Value 128 64 32 16 8 4 2 1

Bits 3, 2 and 1 of the third octet (values 8, 4 and 2) are "covered" by the 23 bit netmask, but they are not set. The same is true for the 7, 6 and 5 bits. Those bits are all masked off, both unset and unavailable for you to use. Only the "16" bit is set within the 23 bit mask (but remember that it is within the mask, so it is off limits: you can't change it), and only the 0 bit is available for you to set or not set. Again, that gives you a subnet that covers both 16 and 17 in the 3rd octet. That gives you more adresses than you'd get with an old-style class C mask, but doesn't waste a class B.

What if you wanted to give someone less adresses than a class C? Simply, the mask would be more than /24. If you were given the CIDR address, you'd have,, and only.

Here's another way to think of all this:

A mask of 0 is 256 bits available (256 -0). That gives you 254 addresses because the bottom is the network and the top is the broadcast as always.

A mask of 248 gives you 6 addresses: 256 - 248 is 8, minus the top and bottom equals 6.

When it comes to /30, I think of that as two bits less than /32. A /32 gives you no address at all (well, it's one address but it's useless). So /31 is 2 addresses (still useless) and /30 is 4 addresses (but still only two useable).

Another way: In all cases, the /xx is the number of bits you can't change- the number of bits that fix your network. /32 is completely fixed to one address so is useless- and so is /31 which gives you 1 bit or two addresses. You can't do anything useful with 2 addresses because all you have is the network and the broadcast. The /30 (or is the first useful mask. /30 gives you 2 bits to play with, so that's 4 addresses (but only two useable of course).


/30 2 bits for you, 4 addresses, 2 useable.
/29 3 bits for you, 8 addresses, 6 useable.
/28 4 bits for you, 16 addresses, 14 useable.
/27 5 bits for you, 32 addresses, 30 useable.
/26 6 bits for you, 64 addresses, 62 useable.
/25 7 bits for you, 128 addresses, 126 useable.
/24 8 bits for you, 256 addresses, 254 useable.

What this is all leading up to is the concepts of Classless Interdomain Routing (CIDR) and Variable Length Subnet Masks (VLSM) . You may also have heard the term supernetting or network block; all of this stems from the abandonment of the original network classes (A, B, C).

What was wrong with the class scheme?

Mostly it's just that it was wasteful. Assigning an entire Class C ( /24 mask in the new terminology) to someone who needs half a dozen addresses or less is a terrible waste, and for a while it was looking as though running out of addresses was going to happen very quickly. A couple of things slowed that down, one of which was NAT (Network Address Translation, which means that a small subset of "real" addresses are used to let machines with "inside" addresses talk to the outside world. NAT is very much the same concept as proxying, except that the only thing that happens is that the address is translated) and the other was the CIDR concept we're discussing here.

A related problem was that the bigger guys, who needed more than Class C addresses, were looking at a rapidly diminishing pool of available Class B's (/16 masks), and most of them probably didn't need a full B block anyway. Supernetting multiple C blocks lets those folks get pretty close to what they actually need.

If you'd like to read more about this, I can suggest Managing IP Networks by Scott Ballew.

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> Networking: Understanding CIDR


Inexpensive and informative Apple related e-books:

Take Control of Pages

Sierra: A Take Control Crash Course

Take Control of Apple Mail, Third Edition

Take Control of Numbers

Take Control of Upgrading to El Capitan

More Articles by © Tony Lawrence

---January 8, 2005

The line:

When it comes to /30, I think of that as two bits less than /32. A /32 gives you no address at all (well, it's one address but it's useless). So /31 is 2 addresses (still useless) and /32 is 4 addresses (but still only two useable).

Should read:

and /30 is 4 addresses (but still only two useable).

I think...?

---January 8, 2005

Yes, thank you - fixed.


---January 23, 2005

The line:

A mask of 248 gives you 6 addresses: 256 - 248 is 8, minus the top and bottom equals 8.

Should read:

is 8, minus the top and bottom equals 6.


---January 23, 2005

Thank you, corrected.


Sun Jun 22 07:03:31 2008: 4355   NickPowers

/32 is used with PPP in dial-up Internet. It assigns a single IP address to the machine with a netmask and the system uses that same IP address as it's default gateway. This causes the system to use the PPP link for it's default gateway (route of last resort). If you have ever worked at an Internet Service Provider (ISP) you would see many /32 subnets.

Nick Powers

Sun Jun 22 07:25:32 2008: 4356   NickPowers

Although /30 may seem silly since it only has two usable addresses but it is one of the most used subnets. It is used for creating point to point connections. For example, if I was an ISP and you bought a T1 circuit from me and I wanted to give you a /24 network (256 IP) I would first use a /30 to establish the 2 ends of the T1 circuit, one on your end and one on my end. Once I had done this then I would put a route in my router routing the /24 to the IP address I assigned to your end of the /30. This also is how DSL providers set up DSL circuits. I have often wondered why Cable modem providers don't use this method but they don't.

So say I have a /30 (which gives me as a network address, and as usable IP addresses and as my broadcast address). Also following the scenario above I want to route over to you then I could do this:

ISP Router( LINE-------YOU(

route add

So, you would have a router with 2 interfaces one is T1 and one is Ethernet. The T1 interface would be and your Ethernet interface (the one you would set the computers on your Ethernet segment as their default gateway) could be any of the but the most likely suspect would be and then you would assign for systems.

Your router would look like this:


Hope this helps

I agree though that /31 is useless, if anyone knows a practical use for this subnet please email me because I have never seen it used.

Nick Powers

Sun Jun 22 07:30:26 2008: 4357   NickPowers

oops this:

route add

should read:

route add

the previous is a /32 mask and the later is a /24.

Sorry for the mistake (it's late!)

Nick Powers

Tue Aug 23 22:30:12 2011: 9733   NickBarron


Just having a trawl through these old articles, interesting and still very useful.

Thanks for showing the usage of /32 Nick


Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

Printer Friendly Version

Technology is both a tool for helping humans and for destroying them. This is the paradox of our times which we're compelled to face. (Frank Herbert)

Linux posts

Troubleshooting posts

This post tagged:


Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode

SCO Unix Sales, Support, & Service

Phone:  707-SCO-UNIX (707-726-8649Toll Free: 833-SCO-UNIX (833-726-8649)