[NightlyDev]

The easy answer: Load balancing

Anycast is the most important piece of the puzzle, allowing you to route traffic to a bunch of different locations.

Let's say you can handle 10 Gbps at a single location. If the traffic is evenly split between 100 destinations then you can have a single IP that can handle 1 Tbps of traffic.

Of course, the setup behind these IPs might vary a lot, and one might even use DNS load balancing in front of the IPs.

[nkozyra]

Load balancing is in place for all but the most trivial sites, though, so what you're really saying is horizontal scaling. Which is fine but expensive compared to pattern based mitigation techniques.

[NightlyDev]

Actually very few services uses this kind of load balancing without relying on another service that does it for them.

If you're going to find patterns to decide what to block then you first need to make sure you receive all the traffic. If a single entry point can't handle it, well, then you need to load balance the incoming traffic.

[kpcyrd]

I don't think this is about regular load balancing. DDoS is coming from a large number of infected machines, but they can't control how their traffic is routed. By using anycast you're splitting the machines that are used to attack into small groups that your pattern based mitigation or even your regular reverse proxies can handle.

[penagwin]

CDN networks are well equipped for this because of their large geographical footprint. If they can terminate "bad" requests closer to their origin then they don't add up nearly as badly for the application server.