'Modbus' and how it works and function
By Adetunji Samuel
3 months ago
- Top Stories
Modbus is a communication protocol for transmitting information between electronic devices over serial lines (original version) or via the Ethernet, and is commonly used in process and factory automation. While it’s an open protocol and anybody can use it, “Modbus” is a registered trademark of Schneider Electric USA, Inc. (current owner of the Modicon brand). The Modbus.org organization was created to further the use of Modbus and Schneider Electric has been a partner in it. This article is an introduction to Modbus and its basic functions—Modbus.org has extensive coverage on Modbus, the specifications for the various types of Modbus, software, testing, interface code and more. The Internet also has available tutorials and specific information on individual device Modbus implementations.
Modbus serial protocol (the original version) is a master/slave protocol, e.g. one master that controls the Modbus data transactions with multiple slaves that respond to the master’s requests to read from or write data to the slaves. Modbus TCP, also known as Modbus TCP/IP, uses a client/server architecture. These network architectures are shown Figures 1 and 2.
Modbus serial architecture
Figure 1: In a standard Modbus serial network, there is one master and up to 247 slaves, each with a unique slave address.
In a standard Modbus serial network, there is one master and as many as 247 slaves, each with a unique slave address. Modbus TCP is typically implemented on an Ethernet network, and data transactions from a Modbus client are directed toward a Modbus server via an IP address.
Modbus comes in several varieties including Serial RTU, Serial ASCII, TCP/IP and UDP/IP. Modbus dialects, such as Enron, Daniel and Pemex Modbus, have arisen due to people modifying standard Modbus to handle floating-point data, long-integer data, and other data requirements. Reading the Modbus interface and slave documentation is key to understanding and implementing these types of Modbus networks and to mixing different manufacturer’s devices in the same Modbus network, which should be carefully done.
The original fieldbus
The Modbus protocol is the grandfather of modern fieldbuses. Modbus’s popularity is due to its simplicity, its openness and ubiquitous nature—it’s used everywhere. It has withstood the test of time and is still kicking after almost four decades. Modbus was originally published by Modicon in 1979, primarily for use with its own PLCs. When industrial Ethernet appeared, Modbus TCP was developed, retaining much of Modbus’ simplicity in a TCP/IP wrapper.
Modbus TCP architecture
Figure 2: Modbus TCP is typically implemented on an Ethernet network, and data transactions from a client are directed toward a server via an IP address.
Modbus is an application-layer protocol, independent of the data transmission medium. Data transactions are based on the master/client requesting data from or writing data to the slave/server. The data transactions are controlled by the master/client and there is no data-by-exception transmitted in standard Modbus. Data is based on 16-bit registers that can contain discrete on/off or 16-bit integer values. Some implementations use two or more integer registers to represent floating data or long integer values. Diagnostic data can be requested by a Modbus serial master from the slave, and the slave/server can send error codes to the master/client if they perceive there is something wrong with the request they received. Modbus data transactions only contain a function code, register addresses and data, and it is up to the master/client and the slave/server to make sense of the data.
There are two types of serial Modbus, RTU and ASCII. RTU and ASCII transmission modes determine the way in which the Modbus messages are encoded. In Modbus RTU, bytes are sent consecutively with no space in between them, with a 3-1/2-character space between messages as a delimiter. This allows the Modbus interface software to know when a new message is starting. For each eight–bit byte, one start bit, eight data bits, one bit for parity, and one stop bit are sent, for a total of 11 bits per byte. Each Modbus RTU message is terminated with an error checksum called a cyclic redundancy check (CRC).
Modbus ASCII marks the start of each message with an ASCII colon character " : " and the end of each message is terminated with ASCII carriage return/line feed (CR/LF) characters. This allows the spacing between bytes in the message to be variable, which makes it suitable for transmission through some modems.The data in a Modbus ASCII message uses ASCII characters. For each eight–bit byte, one start bit, seven data bits, one bit for parity, and one stop bit are sent, for a total of 10 bits. Modbus ASCII messages are terminated with an error checksum called a longitudinal redundancy check (LRC).
The trade-off between the two types is that Modbus ASCII is easier to read if you look at the message, but the RTU messages are smaller-sized, which allows for more data exchange in an identical time period. All devices on a Modbus serial link must be of the same type, either RTU or ASCII. Modbus RTU is by far the more common.
Modbus TCP or TCP/IP is basically Modbus RTU wrapped in an Ethernet (IEEE 802.3) package with the destination address as an IP address using the TCP/IP transaction protocol. The TCP port 502 is reserved for Modbus, while the new Modbus/TCP Security uses Port 802. For more information, see “MODBUS Messaging on TCP/IP Implementation Guide” V1.0b at Modbus.org.
Addressing and messaging
Modbus memory addressing is generally organized around 16-bit registers that contain 16 coils or on/off (0/1) states or integer values in 16-bit registers (input/output or holding registers). While some devices will use their own Modbus addressing, typical Modbus addressing can be seen in Figure 3.
Modbus messaging is based on what is called an application data unit (ADU) and a Protocol Data Unit (PDU). The Modbus message includes the slave/server address for the slave/server involved, a function code, data start addresses, and the data being sent to (written) or to be send back (read) to the master/client, with an error checksum at the end (CRC/LRC/Checksum).
The size of the serial Modbus PDU is limited by the size constraint that was inherited from the first Modbus serial network implementation of 256 bytes. Modbus slave addresses are limited to 1-255. Addresses 1-247 are available to the user and addresses 248-255 are reserved.
A typical Modbus serial data transaction is shown in Figure 3. The Modbus TCP data transactions are essentially the same except the server address is an IP address, there is some Ethernet overhead, and the error checksum is different. Modbus data can include starting data addresses, data quantity or count, and actual data that is read or is to be written. If the Modbus slave/server has a problem with the master/client request, the slave/server will issue an error response back to the master/client.
Typical serial transaction
Figure 3: The Modbus TCP data transactions are essentially the same except the server address is an IP address, there is some Ethernet overhead, and the error checksum is different.
In the Modbus TCP/IP message format, the Modbus PDU is typically wrapped into the Ethernet package and consists of the Modbus function code and the Modbus data request. The slave address and error code (CRC) are typically not needed as the Modbus TCP/IP packet is routed by the network to the desired IP address (unless there is to be a connection into a serial network), and the error check is done as part of the Ethernet packet. See the “Modbus Messaging on TCP/IP Implementation Guide, V1.0b” on Modbus.org for further details.
Modbus data transactions are function code-based, which tells the Modbus slave/server what type data transaction is taking place. Function codes can be divided into public codes, user codes and reserved codes. Public function codes are well-defined and guaranteed to be unique and validated by the Modbus.org community. User function codes can be implemented and are not supported by the Modbus specification. There is no assurance that the user function code will be unique. Reserved function codes are function codes currently used by some companies for legacy products, and are not available for public use. Refer to the “Modbus Application Protocol Specification V1.1b3” at Modbus.org for more information on function codes.[NewsNaira]
Share this article!
Others are also reading
Opera Mini gets major update and fully revamped design with the launch of Opera Mini 50 Read More1 week ago
What is News₦aira Income Program(News₦IP)
News₦aira Income Program (News₦IP) is a system aimed at raising revenue for registered users that browse the NewsNaira Website. An online program driven by a goal of solving the financial problems among the youths, students, middle class and whoever wishes to take advantage of earning opportunity and making money online legitimately in Nigeria as it creates the channel for participants to earn residual income on weekly basis.
How News₦IP Works
News₦aira has 2 means of generating income for our members.
News₦AP: NewsNaira Affiliate Program - With News₦AP, participants earns ₦1,000 whenever they refer anyone to join NewsNaira Income Program. There is no limit to how many people you can refer.
News₦ARS: NewsNaira Ad Revenue Sharing - With News₦ARS, participants earns residual income bonus by reading news, commentting on articles, publishing forum posts, daily login to their NewsNaira account, and even sharing assigned sponsored post on social media.
We share our ads revenue with you weekly when you make NewsNaira community your news and information household.