One of the challenges for software defined networking or, more generally, automation is that you can create network failures that are faster and more comprehensive than ever before.
Flowspec accepted the rule and relayed it to our edge network. What should have happened is that no packet should have matched that rule because no packet was actually that large. What happened instead is that the routers encountered the rule and then proceeded to consume all their RAM until they crashed.
Cloudflare use FlowSpec to configure Juniper routers. When mitigating a DDOS attack, you need to be able to define rules about packet types, packet headers or simple IP Address (or whatever) as part of a strategy to mitigate the attack. One small change took down the entire network.
The real story is that CloudFlare would not be in business without the automation they are using. Companies like Prolexic have massive infrastructures that can handle DDOS attacks but the capital investment is huge.
SDN will have problems. But you will also problems without SDN>