The Internet Engineering Task Force (IETF) Request for Comments (RFC) 3775 describes a route optimization (RO) between a mobile host (MH) and a correspondent node (CN) using a return routability procedure, where the correspondent node can verify that a care-of address and a home address are owned by the same mobile host. The mobile host sends to the correspondent node a Home Test Init (HoTI) message, via a tunnel to its home agent, that specifies in the source address field the home address of the mobile host; the mobile host also sends a Care-of Test Init (CoTI) Message directly to the correspondent node, i.e., via a path that bypasses the home agent, and specifies in the source address field the care-of address of the mobile host. The correspondent node responds to the HoTi message by sending to the home address a Home Test (HoT) message that includes a first unique token (“home keygen token”) generated from the mobile host's home address: assuming the mobile host has properly registered with the home agent by sending a binding update to the home agent, the HoT message is forwarded by the home agent to the mobile host via the corresponding home agent-mobile host tunnel. If the home address is not registered with the home agent (e.g., the home address is “spoofed” by a rogue node), the home agent will drop the HoT message. The correspondent node responds to the CoTI message by sending to the care-of address a Care-of Test (CoT) message that includes a second unique token (“care-of keygen token”) generated from the care-of address: the CoT message is sent to the MH via its care-of address, bypassing the home agent.
If the mobile host receives both the HoT message and the CoT message, the first and second unique tokens are combined by the mobile host into a binding management key (Kbm): the binding management key is included in a binding update message sent to the correspondent node that specifies that the home address of the MH is reachable via the care-of address of the MH. The correspondent node, upon receiving the binding update message, is able to decode the first and second unique tokens from the binding management key to verify that the mobile host owns both the home address and the care-of address.
RFC 3963 describes a Network Mobility (NEMO) Basic Support protocol as an extension of Mobile IPv6 as described in RFC 3775. However, RFC 3963 specifies in Section 1 that route optimization is not described therein, rather all traffic between the nodes in the mobile network and the correspondent nodes passes through the home agent.