On 11 Oct 2023, at 01:50, Adam Thompson <athompson@merlin.mb.ca> wrote:

you need to buy a moderately-expensive hardware server (they don’t let you virtualize it) 

To clarify, Sightline has supported virtualization for many years, FYI.

 I’m not aware of any anti-DDoS products at ISP scale that aren’t SFlow + Flowspec, possibly including “scrubbing” (diverter box);

 I don’t know if it’s an in-band appliance, or a “scrubber”-on-a-stick

In addition to flow telemetry, D/RTBH, S/RTBH, and flowspec, Sightline/TMS supports intelligent DDoS mitigation directly in-line or via diversion/reinjection.

[Full disclosure:  I am an employee of NETSCOUT.]