I had to explain the purpose of netmasks to my field tech yesterday and recalled the great difficulty I had with the concept when I started taking an interest in networking. In this article I will attempt to put the matter in terms I wish I had heard first.
The Internet is a network composed of networks which may be composed of smaller networks ad infinitum. These networks are called sub-networks or "subnets." Hosts on the same subnet can generally communicate directly with one another. Hosts on different subnets communicate with one another by sending the traffic via one or more gateways or "routers" which have a presence on each subnet. Some say proper protocol is to only call a router a gateway when it connects two or more different layer 2 technologies, however in OS network configuration common parlance is usually just gateway.
Hosts on a network need to know what traffic they can send directly over the layer 2 (or otherwise transparently local) network to other hosts and what packets need to be passed to the gateway. The value of the configured netmask is laid over the host's own IP address in such a way that is difficult to visualize in dotted-decimal notation, so let's take the IP address 192.168.0.1 and netmask 255.255.255.0 and look at them in binary:
A netmask of 255.255.255.0 when applied to 192.168.0.1 means "anything that doesn't match the first 24 digits of your IP is NOT local traffic and must be sent to the gateway." The bits in the local address which are in the same position as the 1 bits of the netmask determine if an address is local or not, so it could be said that the "1 bits" are masked out. The "0 bits" are called the rest field and by ignoring them the host can quickly tell 192.168.0.22 is on the local subnet but 192.168.1.22 is not, and neither is 126.96.36.199:
11111111111111111111111100000000 255.255.255.0 netmask
There are 8 rest bits in this example so we can tell that the address space of this subnet is 256 addresses deep and they range from 192.168.0.0 to 192.168.0.255 (00000000 - 11111111).
Before Classless Inter-Domain Routing or CIDR, the subnets of the Internet were divided into fixed-width blocks called classes. Class names were given to subnets of various sizes and specializations, starting with large Class A subnets at the beginning of Internet address space and advancing to smaller and even experimental subnets as it descends. CIDR did away with the concept of classes and opened the netmask to single-bit-level control; subnets could now be created at sizes of any power of two, in any position of the global address space. CIDR also brought with it a new notation for routing prefixes, a slash after an IP followed by the number of "1 bits" in the netmask. In this way the IP 192.168.0.1 netmask 255.255.255.0 can be written 192.168.0.1/24. Whle CIDR notation can be used to determine the netmask of a subnet and vice versa it is typically used only to describe whole subnets or convey that a given IP is part of a certain sized subnet.
|255.255.255.255||11111111.11111111.11111111.11111111||/32||Host (single address)|
|255.255.255.0||11111111.11111111.11111111.00000000||/24||"Class C" 254 usable|
|255.255.254.0||11111111.11111111.11111110.00000000||/23||2 Class C's|
|255.255.252.0||11111111.11111111.11111100.00000000||/22||4 Class C's|
|255.255.248.0||11111111.11111111.11111000.00000000||/21||8 Class C's|
|255.255.240.0||11111111.11111111.11110000.00000000||/20||16 Class C's|
|255.255.224.0||11111111.11111111.11100000.00000000||/19||32 Class C's|
|255.255.192.0||11111111.11111111.11000000.00000000||/18||64 Class C's|
|255.255.128.0||11111111.11111111.10000000.00000000||/17||128 Class C's|
|255.254.0.0||11111111.11111110.00000000.00000000||/15||2 Class B's|
|255.252.0.0||11111111.11111100.00000000.00000000||/14||4 Class B's|
|255.248.0.0||11111111.11111000.00000000.00000000||/13||8 Class B's|
|255.240.0.0||11111111.11110000.00000000.00000000||/12||16 Class B's|
|255.224.0.0||11111111.11100000.00000000.00000000||/11||32 Class B's|
|255.192.0.0||11111111.11000000.00000000.00000000||/10||64 Class B's|
|255.128.0.0||11111111.10000000.00000000.00000000||/9||128 Class B's|
It should be noted here that in any size subnet you create you will be shy two usable IP addresses from the full number of slots. This is because subnets have a broadcast address that reaches every host at the last IP and their routes are represented by their lowest, therefore 192.168.0.0 represents the subnet, 192.168.0.255 is the broadcast address and 192.168.0.1 - 192.168.0.254 can be used for real hosts, a total of 254 usable addresses.