We already have DDoS protection for our IP addresses. However people often seem to believe that DDoS protection is just something you can enable to solve all problems. Which is not at all how it works. If you think it’s that easy, do you really think that DDoS attacks would be as big of a problem as they are?
Traffic filtering is not free. It can be very costly, with the cost scaling depending on the volume of traffic it should handle. I went into more detail about this in this post:
Another thing to consider is that it’s not like DDoS traffic just comes with a big red flag assigned to every network packet identifying it as DDoS traffic. Being able to reliably filter attack traffic and regular traffic is very difficult, with a lot of manual fine tuning, and you either risk blocking legitimate traffic or letting attack traffic through, overloading the backend infrastructure.