Why subnet prefix is required when setting up a static address with nmcli in Linux?

Solution 1:

First of all, NetworkManager's requirements are exactly the same as just about every other OS, ever. Windows requires you to enter a subnet mask; macOS requires you to enter a subnet mask; and likewise NetworkManager requires you to enter a subnet mask.

The only difference is that NM prefers the netmask to be in CIDR "prefix length" shorthand format, whereas many other operating systems ask for it to be in dotted-decimal format. But entering "/24" in NM is the same as entering "255.255.255.0" in Windows.

(Also, it's not called a "schema". It's the prefix length.)


So given that "/24" has the exact same meaning as "netmask 255.255.255.0", it should now be clear why NetworkManager needs to know this value: that's how it knows which addresses belong to its subnet, i.e. which addresses are "local" (accessible at layer2) and which ones are "remote" (need a gateway).

To clarify: The netmask isn't about checking your own address – of course your own address is local by definition. Instead, the netmask is for checking other hosts' addresses that you communicate with. For example, when you send a packet to 8.8.8.8 or to 10.10.10.9, your IP stack needs to know what destination MAC address to use in the Ethernet header.

So in your example, you're specifying that your address is 10.10.10.10 and that it belongs to a /24-sized network (specifically, 10.10.10.0/24). If you run ip route, you'll notice that the /24 causes Linux to create an automatic routing-table entry declaring that the entire 10.10.10.0/24 address range is accessible directly on the 'ens9' interface, without needing a gateway.

$ ip route show
10.10.10.0/24 dev ens9 proto kernel scope link

This means that for example 10.10.10.9 is "local" (same subnet) and if you send any packets to it, your host will directly ARP-query its MAC address through 'ens9' without the need to use a gateway.


Could NM auto-detect the netmask? If you were using DHCP for address assignment, then the router would provide the correct netmask as part of its DHCP offer.

Could NM auto-detect the netmask for a static address? No. There is no other "built in" co­or­di­na­tion protocol between IP hosts. The network only exists in the sense that all of its devices happen to be configured the same way.

(This is true even for IPv6 networks. They do have ICMPv6 Router Advertisements as an alternative to DHCP, but that's still something that a router has to be set up for. A network consisting entirely of non-routing hosts will still have no way to discover the "correct" netmask.)

Indeed it is even possible for a network to continue 'working' if some hosts aren't configured in the same way. For example, if you accidentally make one device use a shorter prefix length (/20 or /16 instead of /24), years can pass until someone notices.

Could you use a "/32" or "255.255.255.255" netmask? Technically it's possible (and sometimes done in datacenters), but your routes will have to be slightly different. Not all operating systems allow this for ethernets (Linux does but Windows doesn't). You should open a separate thread for more information about using /32 on LANs.