Table of Contents
Why Subnets and Routing Matter
Every device on a network must know two things. First, which other devices are considered “local” so it can communicate with them directly. Second, where to send traffic that is not local. Subnets provide the way to define what is local. Routing provides the way to decide where to send everything else.
In Linux system administration you do not need to become a network engineer, but you do need to understand enough about subnets and routing to configure servers, diagnose connectivity problems, and read common network configuration files and command output.
Subnets in IP Networks
An IP address identifies an interface on a network. A subnet mask (or prefix length) divides that address space into a “network” part and a “host” part. All devices that share the same network part and mask are considered in the same subnet and can usually talk to each other directly, without passing through a router.
You will often see subnets written in CIDR notation. This combines the address and the mask length into a single string, for example 192.168.1.0/24 or 10.0.0.0/16. The number after the slash tells you how many bits belong to the network part.
For IPv4 an address is 32 bits long. If you have 192.168.1.0/24 then 24 bits are network bits and the remaining 8 bits are available for host addresses.
In binary you can write this as
$$
\text{network bits} = 24,\quad \text{host bits} = 32 - 24 = 8
$$
The subnet mask for /24 is 255.255.255.0, which corresponds to 24 ones followed by 8 zeros in binary.
Rule: For an IPv4 subnet with prefix length /n, the number of host bits is $32 - n$. The maximum number of usable host addresses is $2^{(32 - n)} - 2$.
Those 2 addresses are subtracted because one address is reserved as the network address and one as the broadcast address.
Interpreting Common Subnet Sizes
On Linux systems you will frequently see a few typical prefix lengths.
A /24 subnet, such as 192.168.1.0/24, has 8 host bits. The theoretical host addresses are
$$
2^8 = 256
$$
From those 256 addresses, 1 is the network address (192.168.1.0) and 1 is the broadcast address (192.168.1.255). This leaves
$$
2^8 - 2 = 254
$$
usable host addresses.
A /16 subnet, such as 10.0.0.0/16, has 16 host bits. The number of usable hosts is
$$
2^{16} - 2 = 65534
$$
A /30 subnet, such as 192.168.10.0/30, has 2 host bits. This gives
$$
2^2 - 2 = 2
$$
usable addresses. That is enough for point to point links, which is why /30 is often used between routers.
When you run ip addr on Linux you might see something like
inet 192.168.1.10/24 brd 192.168.1.255 scope global dynamic
Here /24 tells you the subnet size. The brd value shows the broadcast address. From this single line you can infer the following. The network is 192.168.1.0/24, hosts range from 192.168.1.1 to 192.168.1.254, and broadcasts use 192.168.1.255.
Subnet Masks and Prefix Lengths
Older tools and some documentation use dotted decimal subnet masks such as 255.255.255.0. Newer tools, including ip, prefer prefix lengths such as /24. They describe the same information in different ways.
If you see a mask of 255.255.255.0, its binary representation is
$$
11111111.11111111.11111111.00000000
$$
That means 24 ones, so the prefix length is /24.
You can convert between masks and prefix lengths by counting the 1 bits.
Rule: A valid subnet mask has all 1 bits on the left and all 0 bits on the right without interruption. Masks with 0 then 1 patterns are invalid.
Linux tools that apply IP configuration, such as ip addr add and network configuration files, rely on this property. If the mask is invalid, the configuration will fail or behave unpredictably.
Splitting a Network into Subnets
Subnets exist so that you can divide a larger address block into smaller groups. For example, imagine you are given the network 192.168.0.0/16. This has 16 host bits. You might want to split this into multiple /24 subnets, one for each department.
Each /24 uses 8 bits for hosts. Since the original network had 16 host bits, you are borrowing 8 of those bits for subnetting. The number of /24 subnets you obtain is
$$
2^8 = 256
$$
So you can have 192.168.0.0/24, 192.168.1.0/24, up to 192.168.255.0/24. On Linux, when you configure an interface with one of these /24 blocks, your system treats only that subnet as local. Traffic to any other /24 within 192.168.0.0/16 must go through a router.
In practice, Linux systems do not automatically understand that all of 192.168.0.0/16 is reachable just because your address appears within it. The prefix length you configure determines your exact local subnet boundaries.
Default Gateway and Routing Basics
On an individual Linux host, the simplest form of routing involves a default gateway. The gateway is the next hop address that your system uses when it does not have a more specific route for a given destination.
Most Linux systems have a routing table that can be viewed with the ip route command. A typical simple routing table might look like this.
default via 192.168.1.1 dev eth0
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.10
The second line tells you that the 192.168.1.0/24 subnet is directly connected through eth0. The system knows that hosts in 192.168.1.0/24 are local and can be reached by sending packets directly out of eth0.
The first line is the default route. It says that any destination that does not match a more specific route should be sent to 192.168.1.1 via the eth0 interface.
Rule: The default route is written as 0.0.0.0/0. It matches any address that does not match a more specific entry in the routing table.
In human friendly output ip route shows default instead of 0.0.0.0/0, but the meaning is the same.
How Linux Chooses a Route
When a Linux system sends a packet, it looks at the routing table and applies a specific rule. The most specific matching route wins. Specificity is measured by the prefix length. A larger prefix length value means a more specific route.
For example, with the following routing table:
default via 192.168.1.1 dev eth0
192.168.1.0/24 dev eth0 scope link
192.168.1.128/25 via 192.168.1.20 dev eth0
A packet destined for 192.168.1.50 matches both 192.168.1.0/24 and the default route. It also does not match the 192.168.1.128/25 route. The system chooses 192.168.1.0/24 because /24 is more specific than /0.
A packet destined for 192.168.1.130 matches both 192.168.1.0/24 and 192.168.1.128/25. In this case /25 is more specific, so that route is used instead.
You can summarize this decision process in a simple principle.
Rule: Linux always prefers the route with the longest matching prefix. If no match is found, it uses the default route if available.
Static Routes on a Linux Host
Sometimes you need to reach a remote subnet that is not reachable through the default gateway. In that case you can add a static route. A static route spells out that traffic for a given subnet should go to a specific next hop.
You might see a command like:
sudo ip route add 10.10.0.0/16 via 192.168.1.2 dev eth0
This tells your Linux host that any packets destined for the 10.10.0.0/16 network should be sent to the next hop at 192.168.1.2 via eth0. The system then knows not to use the default route for this traffic.
If you run ip route after adding this line you might see:
default via 192.168.1.1 dev eth0
10.10.0.0/16 via 192.168.1.2 dev eth0
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.10
Here the 10.10.0.0/16 entry is now more specific than the default route for any address in the 10.10.x.x range.
Directly Connected Routes
Whenever you assign an IP address with a prefix to an interface, Linux automatically adds a directly connected route for that subnet. You do not have to manually create it.
For example, if you run:
sudo ip addr add 10.0.5.10/24 dev eth1Linux will automatically create a route similar to:
10.0.5.0/24 dev eth1 proto kernel scope link src 10.0.5.10
This route tells the kernel that 10.0.5.0/24 is reachable directly on eth1. No additional gateway is needed for that subnet.
If you remove the address from the interface, the kernel also removes the route.
Routing Between Multiple Interfaces
On a multi homed Linux host or router, you can have several interfaces, each with their own subnet. For example:
ip addr show
...
2: eth0: inet 192.168.1.10/24
3: eth1: inet 10.0.5.1/24The routing table might show:
default via 192.168.1.1 dev eth0
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.10
10.0.5.0/24 dev eth1 proto kernel scope link src 10.0.5.1
This machine can reach hosts in 192.168.1.0/24 through eth0 and hosts in 10.0.5.0/24 through eth1. It can also act as a router between those two subnets if IP forwarding is enabled and if the endpoints use it as their gateway.
Linux itself does not automatically forward packets between interfaces for other devices. That behavior is controlled by kernel parameters. Those parameters and system level routing roles are covered elsewhere. For subnets and routing at the host level, it is sufficient to understand that the presence of multiple directly connected subnets in the routing table is the basis for routing between them.
Summary of Key Ideas
Subnets define which addresses are local and which are remote for a given IP interface. The prefix length or mask sets the boundary between network bits and host bits, and from this you can determine how many addresses are available in a subnet.
Routing on a Linux host uses a table of routes to decide where to send packets. Each route specifies a destination prefix, an interface, and optionally a next hop gateway. Linux always selects the route with the longest matching prefix and falls back to the default route if nothing more specific is available.
By understanding how subnets are expressed and how the routing table is evaluated, you can interpret the output of ip addr and ip route, add static routes when necessary, and reason about how your Linux system reaches different parts of the network.