old news, but good news?
https://en.wikipedia.org/wiki/Slowloris_%28computer_security%29
(just what I could remember off the top of my head)
anyway the good news is that there should be significantly less collateral damage caused by application layer attacks since you don't have to flood all of the pipes to kill the service.
I was at one place that I would consider "high traffic" (several years ago anyway), they processed a few billion requests per day. They were ad tracking pixels so the performance was high, when I was there the dual socket servers could sustain 3,000 requests per second in tomcat. Anyway before I started AOL had added their pixel to AIM, and AIM wasn't good about closing connections for some reason, so they got millions of requests which was exhausting the capacity of their systems just on open connections. They later tuned their load balancers to force terminate connections after something like 2 seconds(average request was maybe under 100ms), which fixed that issue.
At another company I was at their app was so bad sometimes even 1 request per second would tip it over(certain kind of requests I don't remember what kind). The executives would freak out and claim DDOS and want to manually block each inbound IP (and the IPs kept changing, at a low rate of speed). I just laughed, I mean come on that is just pathetic. They expressed no real interest in fixing the app just blocking the bad requests. That company died off several years ago. I don't even think that situation was even an attack, because if your app can't handle more than a few requests per second you have bigger problems.
I've never personally been on the receiving end of what I would call a DDoS, though have been collateral damage(including the Dyn incident a couple of years ago).