With our VPN thing we're doing "nearest hop to destination outroute" for traffic (essentially the opposite of most network providers who try to get shit off their net as fast as possible); doing the same thing for incoming for services is essentially what CDNs do. A CDN you could trust (for policy + technical reasons) to handle this kind of thing for all kinds of traffic, combined with DoS protection like CF or Prolexic, would be kind of baller.