diff --git a/internal/ir/xds.go b/internal/ir/xds.go
index 7afee1b39d5a..ff39d4ff6749 100644
--- a/internal/ir/xds.go
+++ b/internal/ir/xds.go
@@ -205,6 +205,9 @@ type HTTPRoute struct {
 	Redirect *Redirect
 	// Destinations associated with this matched route.
 	Destinations []*RouteDestination
+	// RateLimit defines the more specific match conditions as well as limits for ratelimiting
+	// the requests on this route.
+	RateLimit *RateLimit
 }
 
 // Validate the fields within the HTTPRoute structure
@@ -527,3 +530,46 @@ func (h UDPListener) Validate() error {
 	}
 	return errs
 }
+
+// RateLimit holds the rate limiting configuration.
+// +k8s:deepcopy-gen=true
+type RateLimit struct {
+	// Global rate limit settings.
+	Global *GlobalRateLimit
+}
+
+// GlobalRateLimit holds the global rate limiting configuration.
+// +k8s:deepcopy-gen=true
+type GlobalRateLimit struct {
+	// Rules for rate limiting.
+	Rules []*RateLimitRule
+}
+
+// RateLimitRule holds the match and limit configuration for ratelimiting.
+// +k8s:deepcopy-gen=true
+type RateLimitRule struct {
+	// HeaderMatches define the match conditions on the request headers for this route.
+	HeaderMatches []*StringMatch
+	// ClientAddressCIDRMatches define the match conditions on the client IP address.
+	ClientAddressCIDRMatches []*StringMatch
+	// Limit holds the rate limit values.
+	Limit *RateLimitValue
+}
+
+type RateLimitUnit string
+
+const (
+	Second RateLimitUnit = "second"
+	Minute               = "minute"
+	Hour                 = "hour"
+	Day                  = "day"
+)
+
+// RateLimitValue holds the
+// +k8s:deepcopy-gen=true
+type RateLimitValue struct {
+	// Requests are the number of requests that need to be rate limited.
+	Requests uint32
+	// Unit of rate limiting.
+	Unit RateLimitUnit
+}
diff --git a/internal/ir/zz_generated.deepcopy.go b/internal/ir/zz_generated.deepcopy.go
index 6458241fdc0f..d01abb66e8bd 100644
--- a/internal/ir/zz_generated.deepcopy.go
+++ b/internal/ir/zz_generated.deepcopy.go
@@ -49,6 +49,32 @@ func (in *DirectResponse) DeepCopy() *DirectResponse {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *GlobalRateLimit) DeepCopyInto(out *GlobalRateLimit) {
+	*out = *in
+	if in.Rules != nil {
+		in, out := &in.Rules, &out.Rules
+		*out = make([]*RateLimitRule, len(*in))
+		for i := range *in {
+			if (*in)[i] != nil {
+				in, out := &(*in)[i], &(*out)[i]
+				*out = new(RateLimitRule)
+				(*in).DeepCopyInto(*out)
+			}
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalRateLimit.
+func (in *GlobalRateLimit) DeepCopy() *GlobalRateLimit {
+	if in == nil {
+		return nil
+	}
+	out := new(GlobalRateLimit)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *HTTPListener) DeepCopyInto(out *HTTPListener) {
 	*out = *in
@@ -172,6 +198,11 @@ func (in *HTTPRoute) DeepCopyInto(out *HTTPRoute) {
 			}
 		}
 	}
+	if in.RateLimit != nil {
+		in, out := &in.RateLimit, &out.RateLimit
+		*out = new(RateLimit)
+		(*in).DeepCopyInto(*out)
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRoute.
@@ -293,6 +324,83 @@ func (in *ProxyListener) DeepCopy() *ProxyListener {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RateLimit) DeepCopyInto(out *RateLimit) {
+	*out = *in
+	if in.Global != nil {
+		in, out := &in.Global, &out.Global
+		*out = new(GlobalRateLimit)
+		(*in).DeepCopyInto(*out)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimit.
+func (in *RateLimit) DeepCopy() *RateLimit {
+	if in == nil {
+		return nil
+	}
+	out := new(RateLimit)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RateLimitRule) DeepCopyInto(out *RateLimitRule) {
+	*out = *in
+	if in.HeaderMatches != nil {
+		in, out := &in.HeaderMatches, &out.HeaderMatches
+		*out = make([]*StringMatch, len(*in))
+		for i := range *in {
+			if (*in)[i] != nil {
+				in, out := &(*in)[i], &(*out)[i]
+				*out = new(StringMatch)
+				(*in).DeepCopyInto(*out)
+			}
+		}
+	}
+	if in.ClientAddressCIDRMatches != nil {
+		in, out := &in.ClientAddressCIDRMatches, &out.ClientAddressCIDRMatches
+		*out = make([]*StringMatch, len(*in))
+		for i := range *in {
+			if (*in)[i] != nil {
+				in, out := &(*in)[i], &(*out)[i]
+				*out = new(StringMatch)
+				(*in).DeepCopyInto(*out)
+			}
+		}
+	}
+	if in.Limit != nil {
+		in, out := &in.Limit, &out.Limit
+		*out = new(RateLimitValue)
+		**out = **in
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitRule.
+func (in *RateLimitRule) DeepCopy() *RateLimitRule {
+	if in == nil {
+		return nil
+	}
+	out := new(RateLimitRule)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RateLimitValue) DeepCopyInto(out *RateLimitValue) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitValue.
+func (in *RateLimitValue) DeepCopy() *RateLimitValue {
+	if in == nil {
+		return nil
+	}
+	out := new(RateLimitValue)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Redirect) DeepCopyInto(out *Redirect) {
 	*out = *in