Comment by Octoth0rpe

Amidst all the discussion of fpga vs asic vs flowspec, it's probably worth distinguishing two types of attacks: big, dumb volumetric ddos (flow specifications are great and cheap here, if you can match), and more sophisticated layer 5/6/7 attacks where FPGA/packet inspectors are likely necessary (unless you get lucky and the supposedly smart attack has an obvious signature such as a particular packet length combined with other components)