Go with a provider that has REAL ddos mitigation. They will stop the bad traffic before it even gets to your website if they have in-line protection. They would typically use some inline device like Corero or use a 3rd party scrubbing service with GRE tunnels to their edge routers to filter...
We run various software like exabgp to inject routes into our network, IPAM (ip address mgmt), sflow ddos mitigation, software routers, etc.
Also run VM's like everyone else on some servers ;-)