I don’t know if I’d put it that way, but UDP is routed differently from TCP here — you can simply proxy TCP, and that’s what we do, we scale out a fleet of proxies. But you can’t do that easily with UDP, because UDP doesn’t have sessions or headers to stuff the original source address in. So we route UDP in the kernel.
UDP should work the same way for machines as it does for apps! If you’ve found something where it doesn’t, please let us know.
There’s nothing about using UDP that would change the way we orchestrate a machine vs. an app instance; the network plumbing is the same (and it’s not especially intrusive in our orchestration code; there isn’t some special handling we do for apps that happen to use UDP).