Curious why there's a functional requirement that "the rate limit should be considered across different servers." So we're assuming that the rate limiter lives close to application servers. Why not have a rate limiter in a reverse proxy layer that then directs to application servers? Then, we wouldn't need to have application servers concurrently access Redis, but perhaps multiple reverse proxy servers may need to instead? Or because application logic like user and API shouldn't be used at the reverse proxy layer?