TTF/laboratori-cloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
df85525eb75ce0bb2435cf8f3514c6b7bbfffb81
laboratori-cloud/labs/lab-02-network/reference/vpc-network-mapping.md
T
Luca Sacchi Ricciardi 5b2c8c37aa feat(lab-02): complete Phase 3 - Network & VPC lab 
Implement Lab 02 with Docker bridge networks simulating VPC/Subnets.

Test Infrastructure (RED phase):
- 6 bash test scripts for network creation, isolation, INF-02 compliance
- Fail-fast orchestration with run-all-tests.sh
- Quick validation script for development

Documentation (Diátaxis framework):
- 3 tutorials: VPC creation, container deployment, isolation verification
- 4 how-to guides: create network, inspect config, test isolation, cleanup
- 3 reference docs: Docker network commands, Compose syntax, VPC mapping
- 1 explanation: Docker ↔ VPC parallels (PARA-01/02/03/04)

Infrastructure (GREEN phase):
- docker-compose.yml with VPC networks (10.0.1.0/24, 10.0.2.0/24)
- 5 services: web, app, db, test-public, test-private
- INF-02 compliant: 127.0.0.1 bindings only, no 0.0.0.0
- Private network with --internal flag
- Multi-homed app container (public + private networks)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-25 17:26:35 +01:00

4.3 KiB
Raw Blame History

Reference: Mapping VPC Docker Network

Tabella di riferimento rapido per i parallelismi tra reti Docker e VPC cloud.

Tabella Parallelismi Principali

Concetto Docker AWS VPC Equivalente Descrizione
Bridge Network VPC Rete virtuale isolata
Subnet (10.0.x.0/24) Subnet CIDR Segmento IP all'interno VPC
Container EC2 Instance Entita di calcolo nella rete
--internal flag Private Subnet (no IGW) Isolamento da internet
--gateway Subnet Gateway Gateway predefinito subnet
DNS embedded Route 53 Resolver Risoluzione nomi
docker network connect Attach Network Interface Collegamento a rete
Port mapping (8080:80) Security Group + NAT Regole accesso + NAT

Comandi a Confronto

Creazione VPC/Subnet

Operazione Locale Comando AWS
docker network create --driver bridge --subnet 10.0.1.0/24 vpc-main aws ec2 create-vpc --cidr-block 10.0.0.0/16
--subnet 10.0.1.0/24 --gateway 10.0.1.1 aws ec2 create-subnet --vpc-id VPC_ID --cidr-block 10.0.1.0/24
--internal No route to Internet Gateway

Gestione Reti

Operazione Locale Comando AWS
docker network ls aws ec2 describe-vpcs
docker network inspect vpc-main aws ec2 describe-vpcs --vpc-ids VPC_ID
docker network rm vpc-main aws ec2 delete-vpc --vpc-id VPC_ID

Container in Rete

Operazione Locale Comando AWS
docker run --network vpc-main nginx aws ec2 run-instances --subnet-id SUBNET_ID
docker network connect vpc-main container aws ec2 attach-network-interface
docker network disconnect vpc-main container aws ec2 detach-network-interface

CIDR Blocks Standard

Tipo Locale Cloud CIDR Uso
10.0.0.0/16 10.0.0.0/16 VPC principale
10.0.1.0/24 10.0.1.0/24 Public subnet (1a)
10.0.2.0/24 10.0.2.0/24 Private subnet (1a)
10.0.3.0/24 10.0.3.0/24 Private subnet (1b)
10.0.4.0/24 10.0.4.0/24 Public subnet (1b)

Nomenclatura Cloud (PARA-02)

Pattern di Naming

[Rolle]-[Ambiente]-[Tipo]-[Zona]

Esempi:
  lab02-vpc-public       (VPC pubblica lab)
  lab02-vpc-private      (VPC privata lab)
  prod-vpc-main          (VPC produzione)
  dev-app-public-1a       (Public subnet dev, AZ 1a)

Tag Docker Networks

# Aggiungi metadata alle reti
docker network create \
  --label env=development \
  --label tier=frontend \
  --label owner=lab02 \
  frontend-network

Security Groups ↔ Docker Isolation

Security Group AWS Docker Equivalente
All traffic from SG Containers in same network
No ingress rules --internal network
Specific port allow Port mapping 127.0.0.1:PORT:CONTAINER
SG reference type Multi-network container

Routing AWS ↔ Docker Bridge

AWS Route Docker Bridge
Internet Gateway Container host routing
NAT Gateway Container port mapping
VPC Peering docker network connect (shared)
Transit Gateway Multi-network container (router)

Limitazioni

Aspetto Docker Locale AWS Cloud
Host scope Singolo host Multi-AZ, multi-region
External access NAT/Port mapping Internet Gateway, NAT Gateway
DNS resolution Embedded DNS Route 53
Network ACL Non disponibile Network ACLs disponibili
Flow logs Non disponibile VPC Flow Logs disponibili

Comandi Utili

# Verifica subnet di una rete
docker network inspect vpc-public --format '{{range .IPAM.Config}}{{.Subnet}}{{end}}'

# Trova container per IP
docker ps -q | xargs docker inspect --format '{{range .NetworkSettings.Networks}}{{.IPAddress}} {{end}}{{.Name}}'

# Simula VPC topology multi-tier
docker network create --subnet 10.0.1.0/24 public
docker network create --subnet 10.0.2.0/24 private
docker network create --subnet 10.0.3.0/24 data

Vedi Anche

Reference in New Issue View Git Blame Copy Permalink