Then there's the interesting: "How do you classify 'to be dropped' traffic?" Simon suggests nntp or BitTorrent could be put into a lower class queue, I'm curious as to how you'd classify traffic which is port-agile such as BitTorrent though. In theory that sounds like a grand plan, in practice it isn't simple...
Known "high priority" traffic could just be QoSed++ and everything else left to best-effort (or, more aptly, no effort). As Chris mentions, if you know the endpoints, or side, or protocol, or ports, that is pretty easy to decide. Your "everything else" bucket can be anything you haven't specifically decided is elevated priority. Port agile, but otherwise low-priority traffic, may or may not be adjusted, but my guess is that *enough* of the v. large number of strange port:strange port pairings will drop into the "everything else" bucket for the duration of your degraded service event. And in normal operation, with ample capacity, nothing really changes. Deepak Jain AiNET