Modbus

From Wikipedia, the free encyclopedia - View original article

 
Jump to: navigation, search

Modbus is a serial communications protocol originally published by Modicon (now Schneider Electric) in 1979 for use with its programmable logic controllers (PLCs). Simple and robust, it has since become a de facto standard communication protocol, and it is now a commonly available means of connecting industrial electronic devices.[1] The main reasons for the use of Modbus in the industrial environment are:

Modbus enables communication among many (approximately 240) devices connected to the same network, for example a system that measures temperature and humidity and communicates the results to a computer. Modbus is often used to connect a supervisory computer with a remote terminal unit (RTU) in supervisory control and data acquisition (SCADA) systems. Many of the data types are named from its use in driving relays: a single-bit physical output is called a coil, and a single-bit physical input is called a discrete input or a contact.

The development and update of Modbus protocols has been managed by the Modbus Organization[2] since April 2004, when Schneider Electric transferred rights to that organization, signaling a clear commitment to openness.[3]

The Modbus Organization is an association formed of independent users and suppliers of Modbus compliant devices that seeks to drive the adoption of the Modbus communication protocol suite, and its evolution to address architectures for distributed automation systems across multiple market segments.[4]

Communication and devices[edit]

Each device intended to communicate using Modbus is given a unique address. In serial and MB+ networks, only the node assigned as the Master may initiate a command. On Ethernet, any device can send out a Modbus command, although usually only one master device does so. A Modbus command contains the Modbus address of the device it is intended for. Only the intended device will act on the command, even though other devices might receive it (an exception is specific broadcastable commands sent to node 0 which are acted on but not acknowledged). All Modbus commands contain checksum information, to ensure a command arrives undamaged. The basic Modbus commands can instruct an RTU to change a value in one of its registers, control or read an I/O port, as well as command the device to send back one or more values contained in its registers.

There are many modems and gateways that support Modbus, as it is a very simple protocol and often copied. Some of them were specifically designed for this protocol. Different implementations use wireline, wireless communication, such as in the ISM band, and even short message service (SMS) or General Packet Radio Service (GPRS). One of the more common designs of wireless networks makes use of Mesh networking. Typical problems that designers have to overcome include high latency and timing issues.

Frame format[edit]

All Modbus variants choose different frame formats.[1]

Modbus RTU Frame Format
NameLength
(bits)
Function
Start28at least 3 12 character times of silence (mark condition)
Address8Station Address
Function8Indicates the function code, e.g. read coils / inputs
Datan * 8Data + length will be filled depending on the message type
CRC16 bitsChecksum
End28at least 3 12 character times of silence between frames
Modbus ASCII Frame Format
NameLength
(char.)
Function
Start1starts with colon ( : ) (ASCII hex value is 0x3A)
Address2Station Address
Function2Indicates the function codes like read coils / inputs
DatanData + length will be filled depending on the message type
LRC2Checksum
End2carriage return – line feed(CR/LF) pair (ASCII values of 0x0D & 0x0A)
Modbus TCP Frame Format
NameLength
(bytes)
Function
Transaction Identifier2For synchronization between messages of server & client
Protocol Identifier2Zero for Modbus/TCP
Length Field2Number of remaining bytes in this frame
Unit Identifier1Slave Address (255 if not used)
Function code1Function codes as in other variants
Data bytesnData as response or commands

Unit identifier is used with Modbus/TCP devices that are composites of several Modbus devices, e.g. on Modbus/TCP to Modbus RTU gateways. In such case, the unit identifier tells the Slave Address of the device behind the gateway. Natively Modbus/TCP-capable devices usually ignore the Unit Identifier.

The byte order is Big-Endian (first byte contains MSB).

Supported function codes[edit]

The various reading, writing and other operations are categorised as follows.[5] The most primitive reads and writes are shown in bold. A number of sources use alternative terminology, for example Force Single Coil where the standard uses Write Single Coil.[6]

Modbus function codes
Function typeFunction nameFunction code
Data AccessBit accessPhysical Discrete InputsRead Discrete Inputs2
Internal Bits or Physical CoilsRead Coils1
Write Single Coil5
Write Multiple Coils15
16-bit accessPhysical Input RegistersRead Input Registers4
Internal Registers or Physical Output RegistersRead Holding Registers3
Write Single Register6
Write Multiple Registers16
Read/Write Multiple Registers23
Mask Write Register22
Read FIFO Queue24
File Record AccessRead File Record20
Write File Record21
DiagnosticsRead Exception Status7
Diagnostic8
Get Com Event Counter11
Get Com Event Log12
Report Slave ID17
Read Device Identification43
OtherEncapsulated Interface Transport43

Implementations[edit]

Almost all implementations have variations from the official standard. Different varieties might not communicate correctly between equipment of different suppliers. Some of the most common variations are:

Limitations[edit]

Trade group[edit]

Modbus Organization, Inc. is a trade association for the promotion and development of Modbus protocol.[2]

Modbus Plus[edit]

Despite the name, Modbus Plus[8] is not a variant of Modbus. It is a different protocol, involving token passing.

It is a proprietary specification of Schneider Electric, though it is unpublished rather than patented. It is normally implemented using a custom chipset available only to partners of Schneider.


References[edit]

  1. ^ a b Drury, Bill (2009). Control Techniques Drives and Controls Handbook (PDF) (2nd ed.). Institution of Engineering and Technology. pp. 508–. (subscription required (help)). 
  2. ^ a b "Modbus home page". Modbus. Modbus Organization, Inc. Retrieved 2 August 2013. 
  3. ^ "Modbus FAQ". Modbus. Modbus Organization, Inc. Retrieved 1 November 2012. 
  4. ^ "About Modbus Organization". Modbus. Modbus Organization, Inc. Retrieved 8 November 2012. 
  5. ^ "Modbus Application Protocol V1.1b3" (PDF). Modbus. Modbus Organization, Inc. Retrieved 2 August 2013. 
  6. ^ Clarke, Gordon; Reynders, Deon (2004). Practical Modern Scada Protocols: Dnp3, 60870.5 and Related Systems. Newnes. pp. 47–51. ISBN 0-7506-5799-5. 
  7. ^ Palmer; Shenoi, Sujeet, eds. (23–25 March 2009). "Critical Infrastructure Protection III". Third IFIP WG 11. 10 International Conference. Hanover, New Hampshire: Springer. p. 87. ISBN 3-642-04797-1. 
  8. ^ "Modbus Plus - Modbus Plus Network - Products overview - Schneider Electric United States". Schneider-electric.com. Retrieved 2014-01-03. 

External links[edit]