Agree with above comments, network router hardware has a way to assign quality of service for network traffic. You can configure rate limit to any traffic including tcp.
While not directly related to tcp, on application level protocol, such http, many web application frameworks provides rate limiting request mechanism to control access to an API. For example paid user can have bigger quota than free user. Implementation is different but idea is roughly same.
For example you want to limit a user to access an API max 1000 requests/sec
- identify request (e.g, generate id based on session id)
- read storage for this request
-- if no data for this request, write request id, last accesed time and number of access to storage. Allow request.
-- if data available, compare current time with last accessed time.
---- if it is bigger then 1 second, reset number of access, set last accesed time to current time. Allow request.
---- if it is inside 1 second window, compare number of access with maximum allowable number, if less, inc number of access and allow request. If bigger, block request and send appropriate http header (e.g, 429 Too Many Requests)