Freebsd – Migrate FreeBSD jail

For what you're describing, "jail migration" is almost certainly the Wrong Solution -- you really want to apply DDoS protection across your whole network, not just a specific host/set of IPs.

More generally, as I said in my comment, Jails don't "migrate" in the way you're describing. Some folks have done creative things with geom_mirror and ggated, but this is more failover than at-will migration, and I would describe the process as "cumbersome" at best.
Live migrations of running virtual machines (either at-will or automatic for resource balancing) is really better left to true hypervisor systems like VMWare and Hyper-V (Linux KVM may be getting there, and one day it might be a project that the FreeBSD Jail folks take on, but Jails are really designed to be process/system isolation -- a chroot on steroids -- rather than a VM you can pick up and move from host to host. Migration is one of those things that takes a lot of programming effort).

Some things I know you can't do are use a "wildcard IP" -- IP addresses are assigned to both the underlying host system and the jail, so migrating requires you to move the IP addresses around. You could use DNS to make the switchover (running both a protected and unprotected copy of the jail and using techniques similar to those in the link I described), but that's guaranteed to have some crossover time (at least the TTL of the record), and is basically asking you to double your hardware & IP space commitment -- probably not feasible unless you charge a lot more for the privilege of having this service (and if you're going to do that and can only give DDoS protection to a portion of your infrastructure you may as well just charge people a lot more to be on the DDoS-protected systems full-time -- it's a much smaller administrative headache).