What You Need to Know About Modbus in Industrial Automation

The Modbus protocol is the most common automation protocol used in the field of processing, automation, and SCADA. It was first designed and introduced by Modicon in 1979 to be used in Modicon PLCs. Nowadays, Modicon is integrated with and owned by Schneider Electric. Modicon designed the Modbus interface for multidrop networks based on master-slave architecture. It is more commonly used in industry as compared to BACnet and Profibus. Another reason for its widespread use in industry is that it is an open protocol which means that automation industries can integrate it into their devices and controllers without paying royalties and there are no copyright issues. Hence, it has become the most common protocol for establishing the connection between the electronic devices used in industrial automation. Modbus is also used for establishing a connection between the supervisory computer and Remote Terminal Unit in SCADA systems. The Modicon’s Modbus is compatible with PLCs and SCADA systems of all the top manufacturers including Siemens, Allen-Bradley, and ABB. Another reason for the widespread use of the Modbus Protocol is that it ensures error-free transmission accurately using the Cyclic Redundancy Check (CRC)and the Longitudinal Redundancy Check (LRC). Modbus protocol uses little memory.

The sections below cover some necessary details that must be known to use this protocol for industrial automation.

General Description

This section covers some of the necessary details for the data unit and message/request structure.

Server ID:

In any Modbus protocol master-slave or client-server network, the master or client is always one, and slaves or servers can be up to 256. Each server within a network is assigned a unit address from 1-256. The client sends the message or request or the ADU with the server ID as the first byte. This way, only that specific server or slave will perform an action whose unit address is the same as the one in the ADU sent by the client or master.

Protocol Description:

The Modbus protocol has a product data unit or a PDU. As a result of mapping buses with Modbus protocol, there are some additional data fields on ADU. This ADU is built by the client/user.

The size of Modbus PDU for serial communication is determined as 256 – 1 byte for server address – 2 bytes for CRC = 253. Hence, the size is 256 bytes.

So, the size of ADU can be determined as:

• For RS-232, RS-485: 256 + 1 byte for server address +2 bytes for CRC = 256
  • Hence, the size is 256 bytes.
• For TCP Modbus ADU: 256 +7 bytes for MBAP = 260
  • Hence, the size is 260 bytes.

There are three Modbus protocol PDUs:

• mb_req_pdu = {function-code, request-data} 
• mb_rsp_pdu = {function-code, response-data} 
• mb_excep_rsp_pdu = {exception-function-code, request-data} 

Function Code:

The server gets the information about which operation to perform by referring to the function code. The function code of the Modbus protocol is encoded in one byte. The allowable code range (decimal) is between 1 and 255, whereas the decimal range between 128 and 255 is reserved for exception responses. So, whenever the client sends a message to the server device, the function code in the message tells which operation or action has to be performed. However, function code ‘0’ is not valid and cannot be performed. If the client wants to define multiple actions, it can be done by adding sub-function code to the function code field. The table below shows Modbus protocol function codes along with their table name and corresponding action:

Data Field:

The data field in the message sent by a client to the server device contains some additional information that assists the server to perform the action defined in the function code. This may contain the number of items to be handled, the count of data bytes in the field, and discrete or registered addresses. There is a possibility that the data field would be empty. In this case, the server would not require any additional information and the function code will be enough to specify the operation.

Error:

During transmission and reception, if the data field of a response from the server device to the client contains the requested data, there is no error. On the contrary, if the error exists, the requested data field will contain an exception code.

CRC:

A cyclic redundancy check, or CRC, is done for checking the error. Two bits are added to the message sent from the client to the server and these help in detecting errors. The client and the server calculate the CRC of the message. When the server sends the message back, the client compares both and if any single bit is found different, it means that the message is not received correctly and the CRCs of both will be different. Consequently, it will result in an error.

Data Encoding

Modbus protocol uses specific representation for address and data items. When a value bigger than a byte is transmitted, the MSB will be sent first. This data representation is known as ‘big-Endian.’ For example, if there is a register size of 16 bits and a value of 0x1234, the byte 0x12 will be sent first and then, 0x34 will be sent. This varies as an opposite mechanism known as ‘little-Endian’ is also being used in which the LSB is sent first. It is up to the industry which mechanism to use for data transmission and reception for automation.

Modbus Data Types

There are two data types:

• Coils
• Registers

Coils are just single bits that can be either 0 or 1. Coils can represent either an input or an output. The coil can be read or written. Registers have a value between 0 and 65535 or 0 and FFFF (hexadecimal). The representation for the values below is not possible:

• Negative values
• Values greater than 65535
• Value irrational values or the values like 233.5 and 200.3 etc.

Registers can be either analog input registers or analog holding output registers. The analog input registers respond to the external input and give a value between 0-65535. The analog input registers can only be read. The analog output holding registers are used for output and storing data temporarily. The analog output holding register can be read and written.

Modbus Data Model

The Modbus data model is based on four primary tables that have different characteristics. The primary tables and their details are given in the table below:

The allowable selection of a maximum of 65536 data items for each primary table is possible.

Modbus Addressing Model

The Modbus protocol has precise rules for PDU addressing. In any Modbus PDU, data is addressed between 0 to 65535. The element within the data block of any Modbus data model is numbered from 0 to n.

Modbus Transaction

Another important aspect to be aware of is the Modbus transaction. The mechanism of the message/request sent from the master/client to the slave/server and transmission of the request/message from the slave/server to the master/client is referred to as a Modbus transaction. Whenever the server receives the request, it is processed and a Modbus response using the adequate Modbus server transaction is built. Two types of response are possible:

• A positive response when “response function code = request function code.”
• An exception response where the response function code is not equal to the request function code. The response function will be composed of the function code and an exception or an error code.
• The exception function code will be “request function code + 0x80”.
• The response message from the server must be reviewed before sending the next request.

Baud Rate:

The rate at which data is transmitted is known as the ‘baud rate.’ The Modbus protocol is compatible with baud rates of 4800, 9600, and 19200 kbps (kilobits per sec). Since modern-day computers support a baud rate of 115,200 kbps for serial communication, manufacturers are introducing new Modbus protocols for high-speed serial communication and transmission. Before integrating this protocol, the baud rate must be the same for the master device, slave device, and Modbus protocol.

Sample Data Transmission

The data is transmitted in the form of bits. The transmitted and received data, both have ones and zeroes in them. The zeros represent positive signals and are transmitted/received as positive voltages whereas the ones represent negative signals and are transmitted/received as negative voltages.

The common transmission rate or the baud rate is 9600 bps. Data is transmitted from master to slave.

Communication Type and Interface

Modbus protocol allows serial communication. It is half duplex. Modbus remote monitoring and control uses RS-232 and RS-485 protocols to collect data from Modbus slaves. Both are easily available. In any Modbus-based network, either RS-232 or RS-485 is used. RS-232 protocol has a smaller transmission length which is 50 ft and a transmission rate which is about 20 kbit/s. On the other hand, the RS-485 protocol has a maximum transmission rate of 10 Mbps and a transmission length of 4000 ft. RS-232 cannot support a multidrop network and more slaves cannot be connected at a time. On the other hand, RS-485 can support a multidrop Modbus network with multiple slaves connected at the same instant and hence it is more commonly used with Modbus. Hence, RS-232 and RS-485 must be selected based on the number of servers or slave devices.

Variants of Modbus

There are some other versions of the Modbus protocol for serial and Ethernet communication. These include:

• Modbus RTU
• Modbus TCP/IP
• Modbus ASCII
• Modbus Plus
• Enron, Pemux, and Modbus over ADU

These variants are used in different conditions and applications. Below are some necessary details regarding the variants that must be considered before use in industrial automation.

Modbus RTU:

This variant of the Modbus protocol is used for asynchronous serial communication. It is compact and uses binary communication. In Modbus RTU, the cyclic redundancy check checksum is done to detect errors and ensure that there is no transmission problem. Each 8-bit byte in a message has two 4-bit hexadecimal characters. Modbus RTU packets can only send data.

Modbus TCP/IP:

Modbus TCP/IP is the same as the Modbus RTU with the only difference being that it has a TCP interface that uses Ethernet to operate. It is also known as Modbus TCP. TCP/IP stands for Transmission Control Protocol and Internet Protocol. Through TCP/IP, the binary data is exchanged between computers and this process serves as a standard on which the world wide web is based. In any transmission, the TCP ensures that all the data is received correctly and accurately while the IP ensures that the data is addressed and routed. So, the Modbus TCP/IP uses TCP/IP and Ethernet to transfer Modbus message data within compatible devices. The Modbus checksum for detecting an error is not used. However, the standard Ethernet TCP/IP link layer checksum is used to ensure data safety.

Modbus ASCII:

The American Standard Code for Information Exchange is abbreviated as ASCII. The ASCII characters are all hexadecimal. This variant of Modbus protocol uses ASCII characters that can be understood and read by humans. When the ASCII data is transmitted, another type of check, known as longitudinal redundancy check checksum or LRC, is done to detect errors and ensure that there is no transmission problem. Each 8-bit byte in a message is transmitted as two ASCII characters.

 The general frame format for Modbus ASCII has:

• A start bit is the first byte.
• 2 bytes are reserved for the server/slave address.
• 2 bytes are reserved for the function code.
• ‘n’ bytes for data.
• 2 bytes are reserved for longitudinal redundancy check (LRC).
• 2 bytes are reserved for the stop bit.

Modbus Plus:

The Modbus Plus is a peer-to-peer network that operates at the rate of 1 Mbps. It uses Token Bus (IEEE 802.4) to sequentially provide access to a network to each node. On a single Modbus Plus network, up to 64 nodes can interconnect and each node on the network has a unique node address. The size of the data packet for Modbus Plus is 253 bytes but the devices can transfer only about 240 bytes.

This entry was posted on March 20th, 2023 and is filed under Uncategorized. Both comments and pings are currently closed.