Understanding IP subnets and the message "Invalid network/netmask combination"
search cancel

Understanding IP subnets and the message "Invalid network/netmask combination"

book

Article ID: 417783

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

When creating a new route using the esxcli command 

esxcli network ip route ipv4 add

you may experience the following error: 

Invalid network/netmask combination.  The network specificed is not valid with the given netmask.

Similar messages related to an invalid network IP, invalid subnet, invalid IP range or invalid netmask can be seen in other parts of the user interface, for example, when creating a firewall rule.

Environment

VMware ESXi
VMware vSphere

Cause

VMware ESXi and VMware vSphere verify configuration inputs to ensure that subnets follow IP addressing standards in order to avoid routing problems and compatibility issues.

Resolution

Use subnets and IP addresses that follow IP networking standards.

Third party subnet calculator tools can be used to identify valid subnets and confirm if your configuration is valid.

1. A subnet is created by splitting an IP range into binary subdivisions starting at 0. A valid subnet must match one of these binary divisions exactly and cannot start in the middle of one.

For example: the subnet 10.123.0.0/16 with subnet mask 255.255.0.0 and IP range 10.123.0.0-10.123.255.255 can be divided into half, resulting in two valid subnets, 10.123.0.0/17 and 10.123.128.0/17, each with subnet mask 255.255.128.0. This range could also be divided into four /18 subnets: 10.123.0.0, 10.123.64.0, 10.123.128.0 and 10.123.192.0.

On the other hand, 10.123.20.0/17 and 10.123.20.0/18 are not a valid subnets under networking standards.

2. When entering an IP that specifies a network or IP range, the first IP address in that range (the network IP) should be specified. In this IP, all host bits are set to 0.

For example: when creating a firewall rule to permit traffic from 192.168.0.0 to 192.168.255.255, do not specify 192.168.10.5/8. Instead, use 192.168.0.0/8

3. When specifying an IP in a subnet, double check that the IP is valid for that range and keep in mind that the first and last IP are reserved.

The last IP in a subnet is reserved for the broadcast address. The first IP is used for the network definition and also should not be used. Use a subnet calculator to confirm that the IP address you are attempting to use is within the specified range.

While not officially reserved by any standard, the first usable IP (usually .1 in a /24) is often used for the switch, router or default gateway.

Powered by Wolken Software