What is a netmask? How does it work?



I kinda but not really get the super technical explanation of what it is

In: Technology

It’s easy to say “this is a subnet” (a section of a network) when the computers in the subnet are all connected to a single router, and that router handles all the traffic to the “outside”. A lot of businesses are set up like that, the entire building has one internet access point and one subnet/network.

But sometimes it’s necessary to have two separate subnets, with still only one router controlling everything. Like if you have different departments and you want to keep them from talking to each other, for security.

So a mask allows that. You can say “all even-numbered addresses belong to subnet A, and all odd-numbered addresses belong to subnet B.” And you can do “divisible by 3, 5, etc.” however many subnets you want.

So because the addresses are binary, the mask hides all the digits except the few (to the right) that are relevant to check for “odds”, “evens”, etc. Does the binary number 11010101 end in 1 (odd) or does it end in 0 (even)? The mask defines that as “cover/mask all the digits, and only consider the last couple digits for odds/evens”.

A netmask defines the range of addresses that are able to see each other on a network without using a router. Ok, but why ?
Internet is a (very very) large network, and you don’t want to get packets of everyone everywhere, because it’s expensive, and it’s not secure etc.
To avoid that, you have to find a way to learn your computers and routers a way to keep packets locally or send them away (by the good path !). It’s all the purpose of IP (like in TCP/IP).

IP creates a segmentation of internet with networks where addresses can talk to each others, and when networks have to exchange packets then come routers. Routers are no more than computers that have an address on two or more networks, are able to pass packet from on to another and are identified by other computers of the network to do this job.

Now, IP network is a rather simple concept, it is defined by the start of the ip address. For instance, at home you probably have a 192.168.0.x address with a []( (or 24 bits) netmask, all addresses beginning by 192.168.0. is in this network. It tells every computers that if you want to talk to an ip that starts by this pattern you just have to send data locally (on wifi or ethernet for instance), but most importantly if you look for an ip starting by everything else, you have to talk to the internet box (a router) !
The netmask is no more than the length of digits you have to keep in an ip address to know which network we are talking about. I said earlier that []( and 24 bits was equivalent, and that’s because in binary you can write 255 as 11111111, consequently, []( can be written 11111111.11111111.11111111.0 that makes 24 ones digits…
if you write ip addresses in binary and compare only digits that are at the place of a one digit in the netmask, then you are doing the job to determine if these addresses are in the same network.