Routers, Routes, Subnets, and Netmasks

A critical component of managing routes is understanding the role netmasks play in managing routing traffic. More commonly known as the netmask, the sub-network mask or network mask is only used internally by routers and firewalls to create subnets. Netmasks define sub-networks (ranges of consecutive IP addresses). This is probably the most confusing and least understood aspect of routing tables.

Routers and Routes

Network routers are devices that "route" or facilitate the transfer of data from one host device to another, or one network to another. Straight out-of-the-box, routers are dumb. They don't know anything about their network environment. This is where network routes come into play. It's the job of a network administrator to define a virtual network topography within each router describing a set of instructions (routes) that detail how that particular router should manage network packets.

Ultimately, it's all about transferring data between hosts. This usually means a one-to-one relationship of data exchange, but in some cases routers also transmit so-called "broadcast" messages which are sent out simultaneously to all devices attached to a particular network route. Routers are facilitators. They simply hand-off IP packets from one device to another: either another router, or a host if it is on the same subnet as the router. Some routers are capable of self-mapping or "learning" about their immediate surroundings in the network (hosts and other routers they are directly attached to), and can automatically handle setting up basic routes and possibly even exchanging information with neighboring routers. However, if you want more sophisticated routing and/or you have a router that can only be configured manually, then you will need to know how to create, delete, and manage routes.


A subnet is simply a network segment (a portion of a network that is also a network in its own right). This differs from a host, which is a single addressable device on a network. Every host resides on a network. The word addressable here means it's possible for one host on the network to address - or send a message (packet) to - another host on the same network. Networks and subnets are also addressable, but only by routers. When routers send messages to each other, they use the same communication paths and the same type of IP (Internet Packet) transmissions as well.

A subnetwork or subnet divides network traffic into smaller groups, improving routing efficiency through compartmentaliztion. For example, if you know a particular range of IP addresses belongs to a local network, why not simply carve out that group in a single route instead of creating an independent route for every possible local IP address on that LAN (Local Area Network)? This makes sense because a LAN address is directly connected to the host (the "local" in Local Area Network). Likewise, a Wide Area Network (WAN) is a network that is not the Internet, but which the host is connected to via an upstream router.

Divide and Conquer

There are over 4.2 billion IPv4 addresses. Each address is converted from the 10-base decimal number system humans are familiar with to a 32-bit binary number that computers understand. But did you know that to a router, an IPv4 network address is actually 64-bits in length? When you type an IPv4 network address into a web browser for example, you are either typing it in the format aaa.bbb.ccc.ddd (the host address on the network or Internet), or the host's fully qualified domain name (FQDN; e.g., which is then converted to a host address by a Domain Name Server (DNS). Either way, those IPv4 addresses get converted to a 32-bit number.

I mentioned above that routers use 64-bit addresses, so where does the other 32-bits come from? The 64-bit addresses used by routers to represent IPv4 addresses are a combination of two 32-bit numbers: the IPv4 host address (also known as the Routing Prefix), and another 32-bit value called the sub-network mask that describes the size of the sub-network.

Subnetworks and Netmasks

Dividing your routing table into subnets via netmasks makes your routing table more efficient, its management simpler, and your network more responsive. A router will choose the longest matching route to direct a packet, and in practice that is almost always also the most specific route. Hence, even if a packet could be captured by the first matching subnet route, if there is a more specific and clearly defined route that its destination matches then the packet will take the more granular route. For example, if a host address is singled out with its own routing rule, but is also addressable by another rule where it belongs to a subnet, the most specific route (to the individual host) will be the route chosen by the router.

Netmasks are used most frequently to carve out IP packets bound for a LAN or that need to be sent upstream to another router. As a packet moves through a series of routers, its path becomes more and more narrowly defined, until at last it reaches a router where the destination IP address is local. The packet keeps getting sent further and further upstream until it arrives at a router that begins to direct it toward the network segment most closely matching the destination address. If a packet needs to go "out to the Internet," the same process is applied; after all, the Internet is just a giant IP network.


Genmask is yet another term for netmask. Widely presumed to mean, "general [network] mask" or "generality [network] mask," the term is unique to the Linux iproute process. The exact origin of the word remains a mystery. Regardless, its functional meaning is the same as netmask.[1]

A deeper explanation of genmask may be found under a parallel discussion of the iptables route command.


[1] Brown, Martin A. 14 March 2007. Guide to IP Layer Network Administration with Linux. Version 0.4.5. Chapter 1. Basic IP Connectivity.