The first company I founded was running a network of dozens of Minecraft servers that supported around 15k concurrent players. Our servers were being constantly attacked with DDoS attacks, causing widespread disruption of services. I designed a solution where we had a "swarm" of hundreds of IP addresses across dozens of proxy servers spread across different data centers across the country. We set up our DNS service (Route53 on AWS) to resolve game domains as a random IP for a proxy server from a datacenter that's geographically close to the player. We configured the proxy servers to "blackhole" any IP address that a DDoS attack was detected on.

This configuration protected us in two ways. If a DDoS attack was targeted at one IP address, players connected to that IP (<1% of players) would be booted, and players connected to that proxy server (3-4% of players) would suffer a minute or two of decreased network performance (lag). So, still some disruption was possible, but it was minimized to acceptable levels. Additionally, if a DDoS attack was targeted at a domain name, each attacking client would be assigned a different random IP address, spreading the attack across many servers in several different data centers, nullifying the attack entirely.