Modbus

The first Modbus protocol – Modbus RTU (Remote Terminal Unit) – was originally published by Modicon (now Schneider Electric) systems in 1979 as a programming protocol for use with its PLCs.

Modbus is an open protocol but the word “Modbus” is a registered trademark of Schneider Electric.

Modbus RTU is a basic serial communication protocol. As technology advanced, there emerged a demand for a standard accommodating more intricate setups utilizing prevalent transport protocols such as Transmission Control Protocol/Internet Protocol (TCP/IP) and User Datagram Protocol (UDP). In response, the Modbus variant was introduced in 1999 to meet this requirement.

The type of device that Modbus supports

Modbus devices encompass a range of hardware such as HMI, I/O interfaces, sensors, modems, device controllers, PLCs, network gateways, host adapters, AC/DC inverters, RTUs, SCADA hardware, software device drivers, routers, and more.

In practical applications, most Modbus implementations involve devices handling modest data transfers, typically in scenarios where rapid speed is not a crucial factor, such as temperature monitoring.

Modbus operates as a data communication protocol, functioning on a request-response framework. Previously labeled as a master-slave protocol, the Modbus organization updated the terminology to server and client in 2020.

It facilitates the transmission of data among devices linked via buses or networks, primarily over serial lines or Ethernet, and increasingly via wireless connections.

Widely adopted in industrial manufacturing, Modbus serves as the predominant network protocol. Its primary application involves facilitating communication between a human-machine interface (HMI) or supervisory control and data acquisition (SCADA) system and devices like sensors, programmable logic controllers (PLCs), or programmable automation controllers (PACs). This fosters interoperability among diverse automation equipment cost-effectively, irrespective of hardware.

Modbus enjoys popularity due to its open-source nature, user-friendly operation, and ubiquitous usage, rendering it a dependable solution for transferring discrete or analog I/O and register data between control devices.

Positioned as an application-layer messaging protocol at level 7 of the OSI model, Modbus typically operates on port 502 by default on server devices.

Modbus variants

There are several variants of Modbus; variants rather than versions as they are not interoperable on the same network segment and have different uses.

Modbus RTU

Modbus RTU stands as the prevalent variant, specifically tailored for serial connections.

Two types of Modbus serial connections exist: Modbus RTU and Modbus ASCII. Conveniently, they are often collectively referred to as Modbus RTU, denoting variants employing serial cables.

In Modbus RTU, data transmission occurs in binary format, whereas Modbus ASCII presents data in readable ASCII characters. Binary messages, being shorter, theoretically offer faster transmission and reception speeds. Conversely, ASCII messages allow for easier monitoring by administrators.

A notable distinction for developers is that Modbus RTU messages lack start-of-text tokens. Instead, the receiving device detects the commencement of a new message during a “silent” period. Conversely, ASCII messages include start-of-text tokens.

Modbus Serial Connections

Serial connections like Modbus RTU and Modbus ASCII operate on a point-to-point (P2P) basis. P2P establishes a communication channel between two ports, with transactions initiated solely by the client device. This differs from peer-to-peer communication, where both devices can initiate communication. An example of a common P2P connection is the usage of a USB drive.

In contrast to Modbus TCP, Modbus RTU accommodates only one client device and up to 247 server devices, depending on the physical signal standard employed, with each device necessitating a separate port. Setting up serial connections using serial cables proves simpler compared to Ethernet connections, which entail the installation of a network card and software, along with the configuration of IP addresses.

Modbus TCP

Modbus TCP, also known as Modbus Ethernet, operates as an industrial Ethernet protocol utilizing TCP/IP at the transport layer. It facilitates the establishment of a multipoint network, enabling a single client device to communicate with multiple server devices across a physical Ethernet layer.

In Modbus TCP, a message is encapsulated within a TCP packet, which is then encapsulated within an IP packet, utilizing Ethernet electrical signaling for transmission. TCP’s primary role is to ensure accurate reception of data packets, while IP ensures proper addressing and routing of messages.

There are two Modbus Ethernet connection types. Modbus TCP and Modbus over TCP variants are generally referred to collectively as Modbus TCP. Modbus TCP involves a Modbus TCP packet wrapped in TCP, whereas Modbus over TCP entails a Modbus RTU packet wrapped in TCP. Technically, the latter could be termed Modbus RTU over TCP, but it is grouped with Modbus TCP due to its utilisation of Ethernet.

Ethernet connections offer greater speed compared to serial connections, although speed typically isn’t a critical requirement for many Modbus devices, such as those used for temperature monitoring. Moreover, Ethernet connections are more reliable and facilitate data transmission over longer distances.

Secure Modbus

The Modbus Security protocol, introduced in 2018, aims to enhance security features while maintaining compatibility with the original specification.

Secure Modbus employs Transport Layer Security (TLS) for secure communication. It utilizes certificate-based authorization, incorporating role information transmitted via certificate extensions. Authorization is specific to each product and activated by the Modbus function code handler. Additionally, it offers certificate-based authentication.

Types of serial connections in Modbus RTU

In Modbus RTU networks, messages are transmitted according to EIA-approved RS-485, RS-422, or RS-232 physical signal standards that define the electrical characteristics of drivers and receivers used in serial communications. EIA stands for the Electronic Industries Alliance and RS stands for recommended standard.

Other standards may be used but these are the most common standards. The EIA standards are physical layer interfaces that use communication converter chips to convert the way that signals are transmitted to and from different types of devices. The data rate, driver load, maximum driver output voltage, baud rate, etc. all differ between the three standards. Sometimes, Modbus implementations are referred to by the type of interface they use, for example Modbus RS-232 or Modbus RS-485.

RS-232, used with the first version of Modbus, is slow with a maximum data rate of 20 kilobytes per second, only allows cables up to 50 feet in length, and is limited to connecting one client and one server device. However, RS-232 is still used, for instance, with older printers or as an inexpensive way to connect PLCs to other devices that use RS-232.

There are two types of RS-232-enabled devices: data terminal equipment (DTE) devices, for example PCs, and data communications equipment (DCE) devices, for example modems. For two of the same types of devices to communicate, they are connected using a reverse RS-232 cable connection.

Modbus Plus

Modbus Plus, a proprietary high-speed token-passing network protocol developed by Schneider Electric, differs from Modbus variants. It requires proprietary cabling and terminators. While Modbus Plus primarily adopts a peer-to-peer message structure, it can also operate on point-to-point (P2P) and multidrop networks. This protocol demands a dedicated coprocessor and utilises twisted pair cables at a speed of 1 Mbps. Unlike Modbus variants, Modbus Plus triggers transitions rather than relying on voltage triggers.

How does Modbus work

Each server device is preassigned a unique ID. When a client requests data from a server device, it uses the first byte of the message to identify which server device should respond.

2151252520.jpg

Serial connections

The Modbus message structure employs an ADU/PDU frame. The Protocol Data Unit (PDU) remains independent of the communication layers beneath it. Within the ADU, the server device’s address, the PDU, and a checksum field are included.

The PDU contains a function code indicating a read or write command, along with relevant data if applicable. The ADU delineates the start and end of a request frame, ensuring the receiving device can accurately discern when a message begins and ends. Frame formats are not interchangeable across variants.

Data requested by a client device is stored on server devices in up to four tables. Two tables manage on/off discrete values (coils), while the other two handle numeric values (registers). Both coils and registers have a read-only table for inputs and a read-write table for outputs. Navigating these tables on a server device is facilitated by a Modbus map, which defines the data’s location, format, and storage.

Offsets are also specified in the Modbus map. Each data address on a Modbus server device is assigned a number between 1 and 10000. However, data addresses in messages utilise numbers between 0 and 9999. Consequently, an offset must be subtracted from the device’s address before using it in a message. Manufacturers may specify the offsets employed by their products. Data models may vary among devices based on specific requirements; for instance, certain devices may exclusively store discrete inputs.

Ethernet connections

Commonly known as Modbus TCP, both Modbus TCP and Modbus TCP over UDP are essentially adaptations of the Modbus RTU serial variant, designed to operate with a TCP/IP interface across Ethernet and fibre networks, ensuring rapid and reliable connections.

Modbus TCP transactions function similarly to Modbus RTU transactions, albeit with a few distinctions. Modbus TCP allows for a greater number of addresses compared to Modbus RTU, supports multiple client devices, facilitates faster transmission speeds, and accommodates as many server devices as the physical layer permits. It also enables multiple client devices to simultaneously send requests to a single server device and allows client devices to broadcast messages concurrently to multiple client devices.

Modbus TCP incorporates an MBAP header, a 7-byte header appended at the start of messages. This header includes a transaction identifier for unique request identification, a protocol identifier set to 0 to indicate the Modbus protocol (which can be used for intra-system multiplexing), the length of the message data following it, and a unit identifier specified by the client device to identify the server device. 

In Modbus TCP, the Application Data Unit (ADU) contains the Modbus message and information about the transport protocol in use. Modbus offers ADU variants tailored to support different network protocols and buses.

Unlike traditional Modbus setups, the server device in Modbus TCP doesn’t require an ID; instead, it utilizes an IP address, with messages routed through the network. Additionally, the checksum field becomes unnecessary as checksum calculations are performed at the Ethernet layer. Routing information specific to the transport method, such as TCP or UDP, is stored within the ADU.

Wireless Modbus

Wireless Modbus is gaining popularity for its ability to cut wiring expenses, especially in remote locations housing sensors. Setting up a Modbus network over a wireless connection involves substituting the typical twisted pair cables used with RS-485 with standard transmitters placed at each network end. This wireless setup remains transparent to both client and server devices.

Data packets, transmitted and received in encrypted form, are seamlessly converted back to their original format before reaching the receiving device.