It’s possible to do per-app network isolation with custom network IDs, but Machines within the same app can still communicate with each other. If the machines run images provided by mutually untrusted tenants, this wouldn’t be good for security.
Can we have something like an isolated property on a machine to remove its ability to communicate with fdaa::/16? (maybe incoming TCP connections can be an exception)