It was a good addition to the platform’s core capabilities, but there’s a broad consensus that the current incarnation is a bit low-level and inconvenient for many users, indeed. Last I heard there was interest in providing a higher-level alternative (which would essentially do the proxying mentioned above behind the scenes, for you):
I seem to remember that there was also a more recent reference to work actually currently being in progress on this (as opposed to just being a good idea), but I haven’t been able to find that post again yet, 
…
Unless you’re using the blue-green mode, this part is often fine. Each Machine retains its identity during a rolling deploy.
The release_command causes problems, though, since that’s a new, ephemeral Machine each round…
Edit: Ah, the passage I was recalling earlier was really a recent commit to the docs themselves.
App-scoped egress IPs are in development. These will simplify routing and avoid per-machine binding.
They will inherently also eliminate the present blue-green and release_command caveats, of course, since those both stem from per-Machine binding.