One of the most prevalent problems with IP networks occurs when IP subnet masks are incorrect. This seems to happen frequently because the concept of the subnet mask is not understood accurately. In this Byte-Sized lesson, we’ll consider a single example where the mask is incorrect and we will analyze the problem that it creates.

In Figure 1, we see a group of cameras in the subnet 192.168.2.0 and a recorder in the subnet 192.168.4.0. Notice that the third camera has a different subnet mask than the other cameras. Now if the first camera with address 192.168.2.10 tries to deliver a video file to the recorder at 192.168.2.100, everything should work just fine. But, if the third camera tries to deliver its video to the recorder, it won’t be able to do it. Let’s analyze why.

When TCP/IP software in that camera is ready to deliver the packets containing the video, it will first see it is configured to deliver it to address 192.168.4.100, the recorder. Now the mask plays a role. Since the camera is configured to use the mask 255.255.255.0, it knows that it is on a network where the first three bytes make up the network address. So, it is on network 192.168.2.0. Since the recorder is on a different subnetwork, 192.168.4.0, the camera knows it must send the packets to the local router. To start sending packets, it must know the mac address of the router. To obtain it, it will broadcast an ARP (Address Resolution Protocol) request asking, “What is the mac address of router?” The router will reply with its mac address and the packet flow can start. The router will relay the packets onto the 192.168.4.0 network and to the recorder.

On the other hand, when the camera with address 192.168.2.30 tries to do the same thing, there will be a problem. This will also be configured to use 192.168.4.100 as the recorder’s address. However, when the camera’s TCP/IP software inspects the mask and the camera’s own address it will determine that the first two bytes define its own network, 192.168.0.0. Therefore it will conclude that it is on the same network as the recorder at address 192.168.4.100. Because it believes it does not need the router to make the delivery of the video, it will send an ARP broadcast asking for the mask address of 192.168.4.100. Broadcast packets do not pass through routers. They are restricted to their own subnet. As a result, there will be no reply to the broadcast request and the video flow will not be possible. To summarize, the third camera thought it was on a network that was much larger than the one it was really on and that larger network contained the recorder it wanted to use.

The fundamental principle of subnet mask use is this:
(1) The subnet mask determines the size of the subnet by determining the address range that can be used.
(2) All devices on a subnet must use the same mask.

Phil Hippensteel, PhD, is a regular contributor to AV Technology magazine. He teaches information systems technology at Penn State Harrisburg.