laboratori-cloud/labs/lab-02-network/reference/vpc-network-mapping.md

Reference: Mapping VPC Docker Network

Tabella di riferimento rapido per i parallelismi tra reti Docker e VPC cloud.

Tabella Parallelismi Principali

Concetto Docker	AWS VPC Equivalente	Descrizione
Bridge Network	VPC	Rete virtuale isolata
Subnet (10.0.x.0/24)	Subnet CIDR	Segmento IP all'interno VPC
Container	EC2 Instance	Entita di calcolo nella rete
--internal flag	Private Subnet (no IGW)	Isolamento da internet
--gateway	Subnet Gateway	Gateway predefinito subnet
DNS embedded	Route 53 Resolver	Risoluzione nomi
docker network connect	Attach Network Interface	Collegamento a rete
Port mapping (8080:80)	Security Group + NAT	Regole accesso + NAT

Comandi a Confronto

Creazione VPC/Subnet

Operazione Locale	Comando AWS
docker network create --driver bridge --subnet 10.0.1.0/24 vpc-main	aws ec2 create-vpc --cidr-block 10.0.0.0/16
--subnet 10.0.1.0/24 --gateway 10.0.1.1	aws ec2 create-subnet --vpc-id VPC_ID --cidr-block 10.0.1.0/24
--internal	No route to Internet Gateway

Gestione Reti

Operazione Locale	Comando AWS
docker network ls	aws ec2 describe-vpcs
docker network inspect vpc-main	aws ec2 describe-vpcs --vpc-ids VPC_ID
docker network rm vpc-main	aws ec2 delete-vpc --vpc-id VPC_ID

Container in Rete

Operazione Locale	Comando AWS
docker run --network vpc-main nginx	aws ec2 run-instances --subnet-id SUBNET_ID
docker network connect vpc-main container	aws ec2 attach-network-interface
docker network disconnect vpc-main container	aws ec2 detach-network-interface

CIDR Blocks Standard

Tipo Locale	Cloud CIDR	Uso
10.0.0.0/16	10.0.0.0/16	VPC principale
10.0.1.0/24	10.0.1.0/24	Public subnet (1a)
10.0.2.0/24	10.0.2.0/24	Private subnet (1a)
10.0.3.0/24	10.0.3.0/24	Private subnet (1b)
10.0.4.0/24	10.0.4.0/24	Public subnet (1b)

Nomenclatura Cloud (PARA-02)

Pattern di Naming

[Rolle]-[Ambiente]-[Tipo]-[Zona]

Esempi:
  lab02-vpc-public       (VPC pubblica lab)
  lab02-vpc-private      (VPC privata lab)
  prod-vpc-main          (VPC produzione)
  dev-app-public-1a       (Public subnet dev, AZ 1a)

Tag Docker Networks

# Aggiungi metadata alle reti
docker network create \
  --label env=development \
  --label tier=frontend \
  --label owner=lab02 \
  frontend-network

Security Groups ↔ Docker Isolation

Security Group AWS	Docker Equivalente
All traffic from SG	Containers in same network
No ingress rules	--internal network
Specific port allow	Port mapping 127.0.0.1:PORT:CONTAINER
SG reference type	Multi-network container

Routing AWS ↔ Docker Bridge

AWS Route	Docker Bridge
Internet Gateway	Container host routing
NAT Gateway	Container port mapping
VPC Peering	docker network connect (shared)
Transit Gateway	Multi-network container (router)

Limitazioni

Aspetto	Docker Locale	AWS Cloud
Host scope	Singolo host	Multi-AZ, multi-region
External access	NAT/Port mapping	Internet Gateway, NAT Gateway
DNS resolution	Embedded DNS	Route 53
Network ACL	Non disponibile	Network ACLs disponibili
Flow logs	Non disponibile	VPC Flow Logs disponibili

Comandi Utili

# Verifica subnet di una rete
docker network inspect vpc-public --format '{{range .IPAM.Config}}{{.Subnet}}{{end}}'

# Trova container per IP
docker ps -q | xargs docker inspect --format '{{range .NetworkSettings.Networks}}{{.IPAddress}} {{end}}{{.Name}}'

# Simula VPC topology multi-tier
docker network create --subnet 10.0.1.0/24 public
docker network create --subnet 10.0.2.0/24 private
docker network create --subnet 10.0.3.0/24 data

Vedi Anche

• Explanation: Docker VPC Parallels
• How-To: Create Custom Network