Organizations have only two options for handling DDoS attacks: black-holing or scrubbing. As we have already discussed, black-holing does not scale well and could shut down the designated target to protect everyone else. The other solution is scrubbing, which uses separate DDoS cleaning engines. The tricky part is the BGP announcement, which diverts all network layer packets from the targeted IP address to your mitigation provider's scrubbing servers. The malicious packets are filtered out and clean traffic or non-DDoS is forwarded to actual services.
Cloud service providers, or internet service providers, often provision these scrubbers to a local data center. Industry has seen that DDoS attacks have scaled to > 1 Tbps traffic and having that much network capacity is a major task. Deploying that amount of bandwidth for DDoS mitigation is expensive and complicated to manage. Scrubbers are dumb pieces of equipment that have to be configured by experts. This means that you also have to build competency at all levels for all protocols. Scrubbing centers operate in an offline mode and are only activated when DDoS occurs. This simply means that an internet application will succumb to DDoS before traffic is redirected to a scrubbing center.