It should be noted in the godocs that the global field is only applicable for type Global. I understand that Global is the only type currently supported but this will prevent confusion when other types, e.g. Local, are supported in the future. @arkodg please note this in the follow-on issue or @kflynn please resolve this in your PR.

wording suggestion/assumption on what youre trying to convey here:

Multiple rules may match a request. The effective rate limit applied to a request is the computed aggregate of the rate limits configured in these matching rules.

Once there are docs etc. might be good to point to something giving an example, e.g. if you have two rules with header value matches that overlap, the stricter rate limit will win

@sunjayBhatia this understanding is incorrect, if there are multiple rules e.g.

rules:
- matches:
  - headers
       name: :method
       value: GET
  limit:
    requests: 2
    unit: SECOND
- matches:
  - headers
       name: :authority
       value: example.com
  limit:
    requests: 2
    unit: HOUR          

lets assume match holds true, both will get applied simultaneously in a mutually exclusive way

the difference between a HTTPRoute rule is, the request must go to some/one backend, so the top level is ORed(or some precedence is added here), here the RateLimit rule and its limit can apply to any/all

if one of those was 2/hour and the other 4/hour, which one would be applied to the 3rd GET within an hour to example.com? would the request be rate limited or not? If i remember right from experience with Contour etc. that it would be due to the 2/hour limit (assuming different descriptors were generated)

both would i.e. the 4 requests would get matched to each of the rules, outcome is same, 2nd and 4th request gets rate limited, but the count is incremented for each rule

similar to how more specific matches or longer path prefixes etc. are documented to "win" in route matching, some documentation on what happens when you have multiple limits that apply to a request would be good to include

this case captures what I'm saying: #706 (comment)

users should be notified that e.g. Alice and Bob will still be rate limited at 10RPS because that limit is more strict than what they think they may have configured for those specific users, the buckets are counted separately yes but when evaluating if a request has gone over any limits they are aggregated

Even before there are end-user docs, if the design goal is that the strictest match wins, the design doc should say that.

but the goal is not strictest match wins, its any & all match win

yes, but effectively that means that if requests match multiple limiting rules, the buckets will fill up for the stricter limit first so users will see their requests rate limited according to that limit first

in practice I have seen users get very confused as to how things work when such overlapping rate limits are in place, thinking they shouldnt get rate limited on certain requests when their config says they should

@kflynn it would be appreciated if you can improve the godocs for this field.

Should we provide additional context to Name as Gateway API does, e.g. multiple rules with the same header name?

xref: https://github.com/kubernetes-sigs/gateway-api/blob/v0.6.0/apis/v1alpha2/grpcroute_types.go#L385-L389

@kflynn ^ comment is another candidate to resolve in a follow-on PR.

This comment can be removed if we drop the Distinct type. See https://github.com/envoyproxy/gateway/pull/706/files#r1054657720 for additional details.

Two of the three header matching types proposed in this PR are the same as upstream Gateway API. Do you know why Gateway API doesn't support the Distinct type? If not, it could be valuable to share our use case and get feedback.

its naming as well as use case has already been upvoted by reviewers, so I feel strongly to keep it, and proactively present it to the users, and get feedback for this v1alpha1 version.

Do you know why Gateway API doesn't support the Distinct type?

"Distinct" isn't really a matching mechanism per se, but rather denotes that each unique value for a header the RLS sees will get its own rate limiting bucket, which doesn't really fit into the idea of matching request attributes to funnel to a backend

It took me some time to understand the Distinct type. I have a feeling others will feel the same. What if we only supported Exact and RegularExpression? If Value is unspecified for Exact, then all values of name are selected.

same as #706 (comment)

@arkodg constants should be defined for the ^ enums. For example:

const (
	// SecondRateLimitUnit defines the "Second" rate limit unit.
	SecondRateLimitUnit RateLimitUnit = "Second"

	...
)

cc: @kflynn