which f5 product would be applicable to a telco/isp looking to mitigate ddos attacks?

Hi Nick07, I have deployed bigip directly on the internet without traditional firewalls for many years even before F5 gained ICSA certification. I've seen the basic LTM module outperform a traditional firewall running comparable hardware. F5 now has the AFM module which has additional DDOS functionality, and the new hardware platforms have purpose built chips designed to mitigate a number of DOS attack types.