which f5 product would be applicable to a telco/isp looking to mitigate ddos attacks?

i would say it depends on what you want in the area of dos protection

BIG-IP on itself (as you need one module call it LTM) already can handle a lot of data without getting into isues, syn cookie protection comes into mind here.

with LTM you can use irules to mitigate certain attacks like slow loris and such.

ASM has the posibility to protected specific application against dos attacks based on latency or traffic changes.

AFM offers a range of layer 2 - 4 dos protections for the whole box.

it also offers specific SIP and DNS dos protection.

a lot will depend on you exact wishes, my advise would be to engage your local F5 SE and discuss with them what is possible, they might also have reference customers / cases to show you.