What does a mask on an interface address actually mean?

[mariuszp]

I am very confused as to why an interface IP address needs a mask. For example, my IP address right now (internal of course) is 192.168.0.6/24. All devices on my network get addresses from the block 192.168.0.0/24.

But exactly why does my network configuration have to remember the network from which 192.168.0.6 was obtained?? I mean, it clearly only listens to packets from 192.168.0.6, not from 192.168.0.4 for example. So why does interface configuration include that mask?

I understand that the system needs to know the route 192.168.0.0/24, but I do not understand why it needs to know the mask of the network that it got its IP address from.

I hope my question is clear. Thank you.

[Nable]

Mask is used while sending packets to determine local subnet, i.e. range of addresses that can be reached directly because they are in the same subnet as you. Those who don't fit in the mask can only be reached via gateway.

[mariuszp]

So that mask is only used to determine routes?

My OS should still ignore packets directed to other address form that mask, right?

[Kazinsal]

You should be ignoring packets that aren't directed to IPs you're not attached to and that aren't relevant broadcast and multicast addresses. If you're running an OSPF router for example you'd be listening on your interface's IPs, their broadcasts, 224.0.0.5 (OSPF all routers), and possibly 224.0.0.6 (OSPF designated routers).

The mask determines the network address, the number of usable host addresses, and the broadcast address.

[jbemmel]

Logic when forwarding a packet with destination IP "x":

if ( "x" in locally attached subnet ) {
destIP = x
} else {
destIP = route_lookup( x )
}
destMAC = lookup dest MAC for destIP ( possibly send ARP )
forward packet to destMAC

"x" in locally attached subnet: for each interface with IP i and mask m, check (x&m) == (i&m ). If equal, return true

[SpyderTL]

Simply put, when sending IP packets, you can compare your IP address with the destination IP address (after ANDing the mask to both addresses) to see whether you can send packets directly to the destination Ethernet address, or whether you need to send it to the Gateway/Router's Ethernet address instead.

IP addresses by themselves don't give you enough information to get the packet to the destination. You have to know which Ethernet address to send the packet to, as well.

At least, this is my understanding.

In reality, you may be able to send ALL IP packets to the Gateway/Router, regardless of whether the destination is on the same network or not. However, I'm not entirely sure if this a) will work in all cases, b) is terribly inefficient, and/or c) is frowned upon. Feel free to chime in if you happen to know the answer...

[Kazinsal]

Any competent router will route within a subnet. Sending everything to a gateway regardless of whether or not the destination is in your subnet is however bad practice and inefficient. If you've got two computers and a router plugged into a switch, all in 192.168.0.0/24, you can just send packets between the computers by sending ethernet frames addressed to the other computer's MAC. That's what ARP caching is for. Layer 2 forwarding is incredibly quick -- frame enters switch, switch does a bit of checking in an ASIC, switch sends frame out correct port if it knows the port the MAC is assigned to (or floods it out all ports if it doesn't).

You should always maintain a cache of IP address to MAC address maps built using ARP. That way you don't clog up your network sending out layer 2 broadcasts when addressing systems on your layer 3 subnet.

[iansjack]

You should also note that a local area network network doesn't necessarily include a gateway.

[Combuster]

...or includes multiple for that matter, which is even more troublesome to try and autoconfigure.