Subnets allow you divide up up an IP block into virtual netids to make your networking more neat and efficient.
So if your Class C IP block is
you will have 254 usable IP addresses. (18.104.22.168 is the broadcast address and 22.214.171.124 is broadcasts to all computers on the network.) But you may want to divide that up into more than one chunk. The netid for this block is 1.2.3. Let's now divide that into three virtual netids.
The subnet mask defines which part of a computer's IP address is the netuid and which part is the hostid
Masks are used with IP addresses in IP Access Control Lists (ACLs) to specify what should be permitted and denied.
Masks to configure IP addresses on interfaces start with 255 and have the large values on the left side (for example, IP address 126.96.36.199 with a 255.255.255.224 mask).
Masks are used with IP addresses in IP ACLs to specify what should be permitted and denied. Masks in order to configure IP addresses on interfaces start with 255 and have the large values on the left side, for example, IP address 188.8.131.52 with a 255.255.255.224 mask. Masks for IP ACLs are the reverse, for example, mask 0.0.0.255. This is sometimes called an inverse mask or a wildcard mask. When the value of the mask is broken down into binary (0s and 1s), the results determine which address bits are to be considered in processing the traffic. A 0 indicates that the address bits must be considered (exact match); a 1 in the mask is a "don't care". This table further explains the concept.
The ACL inverse mask is determined by subtracting the normal mask from 255.255.255.255.