A netmask (also called a subnet mask) is a value used alongside an IP address to define which bits of the address identify the network and which bits identify the individual host on that network. The netmask is what allows routers and hosts to determine whether a destination address is on the local network (and should be reached directly) or on a remote network (and should be sent to a router for forwarding).

In short: A typical netmask in dotted-decimal form is 255.255.255.0, which means the first 24 bits identify the network and the remaining 8 bits identify the host. The same netmask in CIDR notation is /24, which is the shorter modern form. A subnet of 192.168.1.0/24 contains 254 usable host addresses (192.168.1.1 through 192.168.1.254), with .0 reserved as the network address and .255 reserved as the broadcast address. Other common netmasks include /16 (a 65,000-host network), /25 (126 hosts), and /30 (a two-host point-to-point link).

For IoT and industrial deployments, choosing the right subnet size matters for two reasons. Subnets that are too small force frequent re-addressing as the deployment grows. Subnets that are too large waste address space (significant on private APN networks where addresses cost money) and create larger broadcast domains, which can affect performance. For most IoT deployments behind a single router, a /24 subnet is the standard choice. Larger deployments split across multiple sites or VLANs typically use multiple smaller subnets, often allocated from a planned IP scheme like 10.x.y.0/24 where x identifies the site and y identifies the VLAN.

Netmask confusion is a common source of connectivity problems. Two devices with IP addresses in the same subnet by their netmask can communicate directly; two devices in different subnets need a router between them, even if they sit on the same physical Ethernet segment. When troubleshooting connectivity, confirming that both devices share the same network address (calculated from IP AND netmask) is one of the first checks.