Modbus

Modbus is a common protocol in the field of automation, a protocol that allows you to quickly exchange data between devices that support this standard.

Materials on Schneider Electric courses are laid out at the bottom of the article

  This article will discuss the main characteristics of the Modbus protocol.
Let's consider some features from a wide range of differences between the Modbus RTU and Modbus TCP protocols implemented via serial interface and via Ethernet. We will also discuss different connection standards for serial data transmission.

Next, we will consider the passage of Modbus packets as a network Master and Slave via a serial interface and as a Client and Server via Ethernet. Let's delve into the features of data addressing in the Modbus protocol.We will also touch on the topic of how floating and double integer values are handled by the Modbus protocol.

To begin with, a little history.
Modbus is a serial communication protocol developed by Modicon in 1979 (Schneider Electric). It was created specifically for use in PLCs manufactured by this company for industrial applications.
To date, Modbus is a widespread open protocol used for a wide range of automation tools. Modbus can be used both for data transmission via Ethernet and via serial interface.
There are three main types of Modbus protocol: Modbus ASCII, Modbus RTU and Modbus TCP/IP. Modbus was originally designed using ASCII characters to encode messages and this version of the protocol is still in use.
Modbus RTU is the most common implementation of this protocol, using binary encoding and CRC error checking. These two modes – ASCII and RTU – are incompatible. Therefore, a device configured for ASCII mode cannot communicate with another device using Modbus RTU.
Devices that support Modbus RTU usually use one of three interfaces: RS232, RS485, and RS422. The point–to-point network topology is used to connect devices via the RS232 interface.
If you need to connect only two devices to each other, and the distance between them is less than 15 meters, then you should use RS232.
To connect up to 32 devices on the same line and/or over a distance of more than 100 meters, it is necessary to use RS485 or RS422.
For a Master communicating with several Slaves, by far the most popular interface is RS485.
This standard can support up to 32 knots in a range of up to 4000 feet or approximately 1200 meters without repeaters.
The unit of measurement for the transmission of messages via Modbus is the bit rate per second.
All devices in the RTU network must use the same data transfer rate.
Different devices support different bit rates, but the range between 9600 and 19200 bits is typical.
Through the Modbus protocol, I/O modules can have more than 10,000 signals.
In the Modbus serial network there is one device-the Master, which transmits commands to slave devices-Slaves.
The Slaves themselves do not transmit information, except when they receive such a command from the Master.
The permissible maximum number of Slave devices on one Modbus bus in a serial network is 247 units, each of which has its own unique ID address from 1 to 247.
However, the RS485 interface cannot control more than 32 nodes in one segment; therefore, if there are more than 32 nodes in the network, a repeater will be required.

The master can issue commands to Slave devices, as well as read data from them.
The SCADA system/human-machine interface are usually Masters interacting with several Slave devices. The devices must be connected by a serial connection; they cannot be connected by a star topology.
Modbus via Ethernet works as follows: to communicate with each other, Modbus devices use permanent Ethernet cables and network switches.
The main distinguishing feature of Modbus TCP/IP is that the Application Layer Protocol (MBAP) adds a message for each device connected over the network.
The ID of the Slave device at the beginning of the message is deleted in the same way as the cyclic control of the end of the message.
The application layer protocol contains all the information needed to route data to the default device address.
Modbus uses port 502 for communication via TCP/IP.
This is important if the data needs to pass through a network protection system.
A large number of users use this port to transfer data via the Application Layer Protocol (MBAP).
Serial Modbus messages can also be sent as regular RTU messages as part of the data transfer within and the Ethernet TCP/IP packet (encapsulation).
Such encapsulated messages can use any port, but the automation tools are configured to use port 2000 by default.
Please note that encapsulation of the Application Layer Protocol (MBAP) and RTU is not allowed; devices must be configured to use either one or the other protocol.
Application Layer Protocol (MBAP) messages are by far the most popular method of communication via Modbus TCP/IP.
In this article we will focus on the consideration of Modbus RTU and Modbus TCP/IP using the Application Layer Protocol (MBAP).
Modbus TCP/IP uses the concepts of "Client" and "Server" instead of "Master" and "Slave".
A TCP/IP network consists of a Client connected to a network switch(s) to which all Servers on the network are also connected.
Devices that support Modbus TCP/IP use the internetwork protocol for the Internet and require a subnet mask.
The IP address and subnet mask are represented by an ordered set of 8 bits or otherwise - an octet.
The IP addresses of the location of a particular device on the network and the subnet mask Servers simplify the task of routing traffic on the network.
If you do not know your IP address, the IT group or network administrator will allow you to find out the IP addresses and subnet mask that your devices will need.
The default gateway is optional and is not required for networks that do not use it.
You can also consult your IT team or network administrator on this issue.
And now let's talk about the non-centered Modbus addressing system and the difference between the rows in this table.
Here are 4 lines in which information is stored.
The two rows store simple discrete values called cells and digital 16-bit values known as registers.
For each data type, there is one read-only row and one read-write row.
There are no strings for 32-bit data types, because at the time when Modbus was defined and fixed, double integers and floating-point values were not available in the PLC.
There is a way to use these types of data, we will return to this issue a little later.
Each row has a maximum of 9999 addresses.
Addresses from 1 to 9999 are for reading and writing, addresses from 10001 to 19999 are for reading only for digital inputs.
Addresses from 30001 to 39,999 are intended for reading input registers only, addresses from 40,001 to 49,999 are used for reading and writing for temporary storage registers.
For now, this information will come in handy to explain the terms used for data types in Modbus.
The cells in the Modbus digital inputs are typically used to transmit 1-bit data or Boolean data. Bit status: either raised or lowered.A register denotes 1 word (word) or 16 bits or 2 bytes or an INTEGER variable.
There are no registers for floating and double integer values, although they can be sent by splitting into two registers (WORD).
The value of a floating variable is expressed in any number with a decimal point, which is represented by a 32-bit register.
Double integers, or DINTs, are simply two 16-bit values added together. Also represented by 32 bits.
This seems to be a small problem, since Modbus does not have floating and double integer value types.
The solution to this problem seems obvious: a 32+-bit value is split into 2 separate 16-bit registers, and then converted to a 32-bit real value.
This is achieved by copying two 16-bit registers into 1 variable of type REAL. Modbus function codes are simple digital codes that indicate to slave devices which data tables are used for access and which function needs to be performed in this table - read or write.
Each code function refers to a specific address range of the data table.
For example, function code 1 is a read code and an individual status bit.
Function code 16 is designed to write several temporary storage registers.
Here are some of the most commonly used function codes.
Modbus does not specify exactly how data should be stored in registers.
Different manufacturers of automation tools use different ways of storing and transmitting data.
Some devices will transmit the high byte first and then the low byte.
Other devices will do it exactly the opposite.
In addition, when registers are combined to represent 32+–real bit values, some devices will transmit higher in the first register and the lower 16-bits in the second register.
Other manufacturers do it exactly the opposite.
The sequence in which bytes or words are sent does not matter as long as the receiving device knows in which order they follow.
The data is displayed incorrectly if the byte or word is incorrect; in this case, the automation tools have the function of paging bytes and words, which will put them in the reverse order in which the data is stored and sent, thereby providing a quick solution to the issue.
And in conclusion, consider the Modbus RTU messages that are sent from the Master to the Slave devices.
The message contains the ID address of the Slave device to which the command is intended, the functional code for reading or writing data, and the message data itself.
After the Slave device receives the command, it returns the requested data to the Master in case the command was read, or writes the data to its own database, and then sends the original message back to the Master to confirm that the message has been received.
We hope this article will give a better understanding of Modbus and TCP/IP.

#Modbus, #protocol, #featuresmodbus, #protocolspecifics