Without going into much technical/math detail:

Basically, it is used to determine which part of the IP address represents the network, and which part represents the host (often a computer). This makes it easier for computers and network hardware to know who is talking to who. Similar to going into a numbered room or building (the network) and then finding a specific person (the host), or sending a letter to an apartment complex (network address) at a specific unit number (host address).

Numbers in computers are (ultimately) represented as binary digits. One of the operations you can do on binary digits is called ‘AND’ (the term ‘bitwise’ is often appended to distinguish between the operation we’re talking about and slightly different implementations).

If you’ve got two 1’s, that’s a 1 as output. Otherwise, it’s a 0 as output. So: 10110110 AND 01001010 = 00000010

One common way of using this operation is to ‘mask’ a number to expose only certain bits. I put a ‘1’ in every digit place where I want to keep the original bit and a ‘0’ in every digit place where I want to eliminate the original bit. When I perform the AND, this gives me an answer where the digit is zero in every location I ‘masked off’ and the original value in every location I didn’t.

When you encode different fields of information in a number, this allows you to isolate fields of interest. For example, standard floating point numbers are represented as scientific notion with three fields – a sign bit, an exponent and the number you’re multiplying by (the ‘mantissa’). If I only want to check the sign bit, I would use a mask to isolate the sign bit so I don’t have to worry about the rest of the bits messing up what I’m trying to do.

In Internet addressing, an IPv4 address is 4 8-bit numbers. These numbers identify where the traffic is going. These four numbers are akin to listing a country, a city, a street and then a house number on the street (IP addresses do not literally correspond to physical addresses) – each is giving more information about where the traffic is going.

With a ‘subnet mask’, you’re normally focusing on the grand scale numbers – the ones we’re analogizing as countries, cities and streets – while not concerning yourself much with the actual street addresses. It’s the equivalent of sorting mail into a bin where the same bin contains all the addresses on a street – and you just hand the bin to the mailman who works that street and let him sort it out there.

Imagine you have a store and your inventory is sorted away into various bins in different rooms. Each bin can be identified by a combination of the room number and the bin number, for example Room 10 Bin 182.

Now, lets assume you want to avoid having to write “Room” and “Bin” every time you want to identify a location so you come up with a simple standard where the first 2 digits of a number represent the room and the last 4 digits represent the bin, so the above example would just be: 100182. This system gives you up to 99 rooms with up to 9999 bins in each room, that should be plenty right?

Now let’s imagine you open another store that uses the same 6-digit identifier system but you need more than 99 rooms. You can shift the point where the number gets split into 3-digits for the room and 3-digits for the bin instead to account for this alternative arrangement. You get many more rooms, but each room has many fewer bins in it.

Each system works fine for each store individually, but say you need to comunicate between stores without getting confused. You need a way to include not only the location of the item but also how many digits make up the room portion of the number. One way to do that would be to include that after the number, for example 100182/2. That tells the reader the location is 100182 where the first 2 digits are the room number giving room 10 bin 0182.

This dynamic grouping is what the subnet mask in a computer network does. It tells the computer how many digits (bits) in the number (IP address) represent the room (network-address) and how many represent the bin (a specific device within the network).

All of these answers are great in different ways, but they’re missing the *why.*

So I’m going to assume you know a little bit of what I’m saying for convenience sake, but if you have any questions please ask so I can clarify.

So, u/ViskerRatio explained masking as a concept wonderfully. That’s why it’s called a *mask.* But they left out a little bit of pre-requisite knowledge required to understand why we might want to mask a subnet.

IP addresses are normally divided into Classes, Class A-E. Class D is for multicast addressing and Class E is for experimental uses, so instead we’ll just focus on A-C as D and E aren’t relevant to understanding how networks are divided. Class A addresses allocate the first 8 bits to the *network* and leaves the remaining 24 bits for *hosts.* Class B gives 16 bits to the network and the remaining 16 to the hosts. Class C gives 24 bits to the net and 8 to the host.

**What does that mean?**

Because we defined IP addresses as a 32 bit binary number, we only have a certain amount of addresses available. Your home router IP address might be 192.168.0.1. But in binary that’s **1100000.10101000.00000000.00000001.** That’s only relevant because the most amount of bits you can turn on, or make 1s, is *all of them.*

So that leaves us in a bit of a pickle. The total number available if we turn on all bits in an 8 bit segment is 256. Basically, 2^8=256. (Remember, we start counting at 0 in binary so you’ll see the highest number as 255. This can trip you up if you’re new.)

**That means that in a Class A network, where the first 8 bits are reserved for the** ***network,*** **the most amount of** ***networks*** **we can have is 256.** (It’s a little more complicated than that, but let’s just ignore that part too for just a little bit.) Conversely, that leaves 2^24, or 16,777,216 available hosts!

The opposite is true for Class C networks. Class C only has 256 available hosts, but allows for almost 17 million unique networks!

So a massive organization like Google or the US Military might buy a Class A address block to allow their organization to have a massive amount of hosts, or users. Conversely, most ISPs hand out Class C networks to general users because a Class C was the smallest division available and no standard home user is going to need more than 256 devices.

**Okay nerd, so what does this have to do with subnet masks?**

Well, if you wanted a fantastic ELI5, u/aoeex has you covered. What’s happening is you are **sub**dividing your **net**work so that you can have a varied number of hosts. You could call a Class C network a 192.168.0.1/24 because 24 bits are reserved for the network. Well I can decide to divide my 256 hosts into two networks of 128, or 8 networks of 32, etc etc. You’d call those 192.168.0.1/25 or /27 respectively.

Additionally, if you need *more* networks you can go the other way.

[I really suggest reading about CIDR notation.](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#:~:text=CIDR%20notation%20is%20a%20compact%20representation%20of%20an,the%20routing%20mask%2C%20traditionally%20called%20the%20network%20mask.)

Another way to put it, not so technically, is they are a logical way of sub-diving a computer network into meaningful parts. Think of an office building, with two floors of cubicals and offices, and a server room. You plan out how many network ports are needed on each of the two floors.

The first floor is mostly cubicals, and the second floor is mostly offices. So you _allocate_ the 200+ network ports on the first floor to one subnet, and the 20+ network ports on the second to another; the first allocation (again, the subnet) is “larger” than the second, simply based on the requirements. The server room is going to get more servers over time, so you can start with a small subnet to start, and then increase it in six months with a simple redefinition. The “you” in this case is the network tech planning and maintaining the network — and critically, none of the employees need to worry about any of these allocations.