The question is what is the typical "working set" of Internet prefixes for Internet routers at any time? Is it 100% of the Internet? Is it 50%? Is it 10%? I suspect it is something like 10% (but don't have any numbers).
When an unmatched prefix is seen by the router, it sends the packet to the SDN controller for inspection, the SDN controller sets up the flows for that prefix on the router TCAM. It is like a cache, and only needs to happen once per flow. SDN flow setups take on the order of 1ms.
BTW, tell me that BGP doesn't have problems?
There already is an SDN-enabled Internet Exchange Point.
SDN-based routing systems would be even easier to defend against DDoS because of the ability for SDN controllers to rapidly set up firewall rules on the Internet router (which might actually be a switch, or a fabric of switches, or a set of distributed switches).