Netmasks: the truth is out there?

Tue Apr 29 13:16:33 PDT 2003

> On Tue, 29 Apr 2003, Steve Warwick wrote:

>> I know someone out there knows the truth about netmasks. All the
>> documentation I can find on the net talks about "masking off" part of
>> the IP address and how you can tell network from subnet and host ids.

True.

>> However, I have knowledgeable friend who is telling me that the netmask
>> is also dependant on how the hosting company has set up their routing
>> tables and incorrect netmasking on my part can reduce or halt my
>> connection.

Also true, though I'd define the dependency the other way.  In any case
the two need to agree about what IP addresses are where.

>> So the question is, who is right? Is it as simple as just masking off
>> the first three octets

No.  There are 32 possible choices of netmask.  Some are more common than
others, but the correct choice needs to be made.

>> or does the netmask interact with the router?

The netmask interacts with the IP address.  The conjunction of the two
defines what IP addresses are "local" to the device, meaning which it will
attempt to communicate with directly.  Communication to any non-local IP
address will be forwarded to the next hop device according to the routing
rules defined for the speaking device.  If there are no available routes,
an error message will be produced, saying "unreachable host" or "no route
available" or something similar.

>>I am not sure what questions to ask my hosting company.

You need to know:

What is your assigned IP address range?
What is your assigned IP network mask?
What is the IP address of your default gateway?

That's for network connectivity, you probably also want to know where DNS,
mail, and news servers are.

>> My current rc.conf entry looks like this (these ips are bogus) - no
>> broadcast and FreeBSD seems happy with this.
>>
>> defaultrouter="123.456.789.1"
>
>> ifconfig_rl0="inet 123.456.789.111 netmask 255.255.240.0"

Your IP address range is invalid, making it impossible to determine the
exact range and internal consistency.  However, the network mask indicates
that you are claiming a range of 4096 contiguous IP addresses as being
local to your BSD box.  I find that extremely unlikely given your level of
experience (such ranges would be characteristic of extremely large
companies or NSPs).

More common for an individual or small business would be an assigned
netmask of 255.255.255.240, which would represent a range of 16 contiguous
IP addresses.  However, if that were the case, there are other problems
with your example.

a)  The default router address of .1 would not be valid.  The router must
be (with some exotic exceptions) on the same subnet as the source device.
For a .111 address with a 255.255.255.240 mask, that would mean the range
from .96 - .111.

b)  The IP address .111 is itself not valid.  The address RANGE would be
.96 - .111; however, .96 would be the network address, and .111 the
broadcast address.  Neither is supposed to be used as a device address.

>> ifconfig_rl0_alias0="inet 123.456.789.112 netmask 255.255.255.0"

If these aliases are on the same subnet as the primary address the netmask
needs to be 255.255.255.255.  This is a FreeBSD requirement, not anything
to do with IP subnetting in general.  Note that if your actual mask is
255.255.255.240, this is again broken because .111 and .112 would not be
on the same subnet.

Making up IP addresses when you are asking questions about them is a bad
idea.  I think you need to restate your example, using addresses that are
correct for at least the bits that are under question, and identifying
where you are talking about public or private address space.

KeS