Netmasks
Netmasks (or subnet masks) are a shorthand for referring to ranges of consecutive IP addresses in the Internet Protocol. They used for defining networking rules in e.g. routers and firewalls.
Every entity (server or client) communicating on the internet will have a unique Internet Protocol
(IP) address. Most commonly, these addresses are written human-readable notation as follows:
192.168.0.1. This describes and IP version 4 addess. (The
internet is moving towards the IP version 6 standard to allow
for more resources to be addressed).
An IP address is actually just a unique binary number - IPv4 allows for around 4.3 billion addresses and one time, IPv6 expands the address space to 3.4×10 addresses.
In networking, it is convenient to talk about groups of addresses to help with networking. For instance, different internet providers will be awarded 'chunks' of consecutive addresses, so internet routers need only read the start of each IP address before deciding to pass TCP packets off to known network node.
A netmask is a shorthand for describing a range of IP addresses. A netmask may describe just a single IP address:
192.168.0.1/32: just the address192.168.0.1
Or all possible IP addresses:
192.168.0.1/0: all 4.3 billion addresses from0.0.0.0to255.255.255.255
More usefully, it does something in between:
192.168.0.1/31: the IP addresses192.168.0.0and192.168.0.1
How to read a netmask
The left hand side of a netmask (e.g. 192.168.0.1) specifies a the host IP address. The right hand
side specifies (e.g. /32) how many digits of the host address are significant, when considered as
a binary number. Non-significant bits in the binary form are treated as a wild-card.
For instance, in the netmask 192.168.0.1/32, the host address is 192.168.0.1. This can be
written in binary as 11000000.10101000.11111111.00000001. To match this netmask, an address must
have match exactly 32 digits - i.e. have the same binary digit in each position. This means only
one address will be matched by this pattern.
The netmask 192.168.0.1/31 states that the last binary digit is not significant, so will match
two addresses: 11000000.10101000.11111111.00000000 and 11000000.10101000.11111111.00000001
(written more readably as 192.168.0.0 and 192.168.0.1).
Similarly 192.168.0.1/30 states that the last two binary digits are not significant, so will
match four different addresses.