Why is ip address listed as 172.18.0.150/24?

Why is IP Address listed with this notation 172.18.0.150/24? I mean the ip is 172.18.0.150 only why it haves /24?, and then whatever what subnet that is on should be someone else's worries, no?

3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether f8:b1:56:ba:ae:ee brd ff:ff:ff:ff:ff:ff
inet 172.18.0.150/24 brd 172.18.0.255 scope global eth0

If I want to reach 172.18.0.150 on some interface (ethX) on another computer I could add in the routing table of that computer:

ip route add 172.18.0.150/25 dev ethX
or
ip route add 172.18.0.150/24 dev ethX
or
ip route add 172.18.0.150/23 dev ethX
or
ip route add 172.18.0.150/8 dev ethX

right? So what does /24 really have to do with my address on my NIC? It seems it only has to do with routing, no? So why list it in ip addr?

Is 172.18.0.150/24 on the same "net" as 172.18.0.150/8 or are these two completely different IP addresses?


Some IP address basics

IP addresses are internally represented as a 32 bit value. The topmost N bits identify the network, the rest of the number identifies the host in the network.

Let's look at two examples IPs, let's first look at the 32 bits:

10101100000100100000000010010110
10101100000100100000000110010110

You can rewrite the IP in an easier readable way by splitting it into 8 bit groups (bytes) and writing each binary in decimal format:

grouped:
10101100 00010010 00000000 10010110
10101100 00010010 00000001 10010110
grouped and decimal:
172.18.0.150
172.18.1.150

The question now is "are these IP addresses on the same network"? That depends on the network configuration. Let's take for example the network mask

11111111 11111111 11111111 00000000

(The ones are for the network, the zeroes are for the host.)

Laying that over the two IPs you see that both IP addresses are on different networks. If the mask where 255.255.0.0, they would be on the same network.

Different network:
11111111 11111111 11111111 00000000
10101100 00010010 00000000 10010110
10101100 00010010 00000001 10010110
Same network:
11111111 11111111 00000000 00000000
10101100 00010010 00000000 10010110
10101100 00010010 00000001 10010110

As with the IP addresses the network masks can also be written in decimal dotted format: 255.255.255.0 or 255.255.0.0. If you now need to write the full IP and network mask like 172.18.0.150/255.255.255.0 or 172.18.0.150/255.255.240.0 this is a lot of stuff to write. A shorter writing is not giving the network mask but the number of 1s in the network mask: 172.18.0.150/24 or 172.18.0.150/20. As you know, the 1s are always the topmost bits, so it is clear what "/24" or "/20" means.

Some routing basics

If you have not yet read my answer for the use of MAC addresses you might want to do so now.

In short: if the computer sends an IP packet, he is first checking if the destination IP address is on the same network as the computer itself (the source IP). If so, the computer can send the packet directly to the network and the destination computer can receive it. If the destination IP is not on the same network, then the computer cannot reach the target directly but needs to send the packet to the next router. Routing tables tell the router for which networks he shall connect which router (e.g. "if network 172.18.0.0/24, then router 1.1.1.1"). That router again will check if it can directly reach the destination IP or if it needs to forward the packet to the next router.

If you want to take a look at the routing table of your computer, you can use ip route.

Keep in mind that on the receiver side the network mask is not relevant. 172.18.0.150/24 or 172.18.0.150/8 are both 172.18.0.150 and if the computer receives a packet for 172.18.0.150 he will consume it. The network mask is only used on sender's side. If computer A sends a packet from address a.a.a.a/n to computer B with address b.b.b.b/m then the sender A will compare the topmost n bits of the source address a.a.a.a and the topmost n bits of b.b.b.b. If both are equal, then a.a.a.a and b.b.b.b are on the same network (and n must equal m) and the packet can be sent directly. If they are not, then the networks are not equal (it does not mind that n might not equal m) and the packet must be sent a router who will forward the packet.

Understanding "ip route" output

Let's take for example a computer with two NICs:

default via 192.168.178.3 dev eth1 proto static metric 1024
10.0.0.0/8 via 172.16.1.1 dev eth0
169.254.0.0/16 dev eth1 scope link metric 1000
172.16.0.0/16 dev eth0 proto kernel scope link src 172.16.126.31
192.168.178.0/24 dev eth1 proto kernel scope link src 192.168.178.21

The lines 3 to 5 are derived from the IP addresses configured on the NICs (ip addr). They tell the computer that if a packet to send matches for example network 172.16.0.0/16 it shall be sent on eth0 (which is configured to IP address 172.16.126.31 in my case). The second line is a specific route that I added. It says that packets to 10.0.0.0/8 shall be sent to 172.16.1.1 on eth0. The first line is giving the default gateway/router to use for packets that do not match any other given network.

Who decides how what a network is?

On top level RFC3330 defines that not all IP addresses are for broad use but that some ranges are reserved for special purposes. One example is the network 127.0.0.0/8. The most prominent address in that range is 127.0.0.1 (name: localhost) which identifies your own computer. This IP of course is only useful on your own computer because every packet sent to that network never leaves your computer. Taking all possible IP addresses and removing the reserved ranges you still have a pool of networks that are available. That big pool is managed by the ICANN. The next hierarchy level are five regional internet registries (like RIPE NCC). They get IP address ranges from the ICANN and sell them to their own customers - the local internet registries. These sell them to end customers (e.g. companies).

The decision how to split the complete IP address range is up to each manager of the pool. Let's say you are ICANN and manage the range 50.0.0.0/8-100.0.0.0/8. If now RIPE NCC asks for some IP addresses you can give them 50.0.0.0/16 or 50.0.0.0/8 or 50.0.0.0/8 up to 60.0.0.0/8. The same is true for RIPE NCC and the local internet registries. They can provide big or small networks. In the good old times the registries where quite reluctant and so there still exists big universities or companies with broad address ranges that they never needed completely. Some universities got /8 networks, so they have 24 bits for the host. That means they can address more than 16 million computers. If they only have some thousands of computers than it means that millions of IP addresses are reserved for that customer but never used - what a waste. So lately you are not getting big ranges anymore, you must argue if you really need the big range.

Anyway how you decide to sell the IP address ranges (networks) you must keep in mind that the big routers in the internet need to know how to reach almost any of the existing networks. If you sell very small networks you might end up with 10.0.0.0/24 and 10.1.0.0/24 being in Europe, 10.0.1.0/24 and 10.1.1.0/24 being in Asia and 10.0.2.0/24 and 10.1.2.0/24 being in Africa. That means that the router will end up with a lot of small network entries in the routing table. If you were giving 10.0.0.0/16 to Europe, 10.1.0.0/16 to Asia and 10.2.0.0/16 to Africa you would only have three entries for bigger networks in the routing table.

But that all is not our problem, it's the business of the internet registries. Not quite, because...

When and how do I need to setup a network?

In case you run a company's router you might get a range 40.41.0.0/16 and give these IP addresses to your computers as you like. But in this case all computers should be on the same physical network (no routers between). This might give bad performance for big networks, so you might want to split the networks. If you have for example two buildings, then you could allocate 40.41.0.0/17 to building one and 40.41.128.0/17 to building two.

Private IP addresses

In case you are running a broadband router or you run a company's router you might have seen private network IP addresses like 172.16.0.0/12. The IP address you gave (172.18.0.150) is such a private IP address (you can easily check with your new knowledge about network masks). These are used if you got N public IP addresses (in case of a normal ISP N=1) from your local internet registry but have M>N devices which need an IP address. In this case the router has one public IP address (used for all traffic to and from the internet) and also a private network with private IP addresses. In your case the router just took the private network 172.18.0.0/24 and gives IP addresses from that network to each of your PCs.

But what if someone else's router also takes 172.18.0.0/24? Surprisingly that is not a problem. This is because 172.16.0.0/12 is a private address range. You will never see IP addresses of that range in the public internet. If you send a packet to the internet, giving 172.18.0.150 as source address, then the router will replace the 172.18.0.150 with the public IP address that the ISP gave you. If the router receives a packet sent to the public IP address it determines to which of your computers it shall send the packet and changes the destination IP address to the private network IP address of your computer.


Certainly, you could make every host have a point-to-point connection with the router. That way, however, all traffic would have to pass through the router. Obviously, this is terribly inefficient.

If you tell your computer that “all IP addresses from 192.168.0.1 to 192.168.0.254 are directly reachable on this link” (192.168.0.X/24), it can use more efficient local network transports to communicate directly with destinations on the same network.


it's never someone else's worries.

It's a good thing to know the subnet an IP address belongs to.

Imagine that you are subnetting using /25. In that case 172.18.0.127 and 172.18.0.128 seems to be on the same subnet because they are consecutive but they are on different subnets.

It makes neccesary to state the addresses as 172.18.0.127/25 and 172.18.0.128/25. So you know where are each one of them.

This is a simple example but it could get worse if the range 172.18.0.128 to 172.18.0.255 is again subnetted, for example using /26.


CIDR notation is a syntax for specifying IP addresses and their associated routing prefix. It appends a slash character to the address and the decimal number of leading bits of the routing prefix, e.g., 192.168.2.0/24 for IPv4, and 2001:db8::/32 for IPv6.

IP/CIDR     Δ to last IP addr       Mask              Hosts (*)     Size    
a.b.c.0/24    +0.0.0.255         255.255.255.000        256          1 C    

Source/Reference Here


Part after the slash is how many subnet mask bits to use. Example:

192.168.1.1/24 is 192.168.1.1 255.255.255.0

255.255.255.0 is using 24 of the 32 bits to create the subnet.

in binary it looks like this:

11111111.11111111.11111111.00000000

So, if you want to know who you are, you are some one under 172.180.0.150 but wich one, and how to get to you.. etc..