An Introduction to the Modbus Communication Protocol
Original equipment manufacturers (OEMs) all have proprietary communication protocols such as Profinet, CIP, DeviceNet, and ControlNet used to communicate with all their devices on the plant floor. As we know, there are different manufacturers of controllers, instruments, and peripheral devices, which leaves the question of how to make them exchange data with each other. This led to open-source protocols that bridge the gap left by proprietary protocols in communicating with third-party devices. Standard open protocols are Modbus, OPC DA, OPC UA, MQTT. This article will look in-depth into the MODBUS protocol, its benefits, types, and implementation.
What is Modbus
MODBUS is a communication protocol developed by Modicon in 1979 (now Schneider Electric) used by programmable logic controllers. Modbus transmission of data can be over serial lines or ethernet. Many devices are now Modbus compliant since it's now a widely accepted communication protocol. Supervisory Control and Data Acquisition mainly use Modbus (SCADA) to receive data from remote terminal units (RTU) and PLCs.
Modbus communication types
Modbus can be grouped into three broad types:
- Modbus RTU
- Modbus ASCII
- Modbus TCP
Modbus RTU is the most often used Modbus protocol. Modbus RTU is a straightforward serial protocol that may be sent using standard UART technology. At baud speeds ranging from 1200 bits per second (baud) to 115200 bits per second, data is delivered in 8-bit bytes, one bit at a time. The majority of Modbus RTU devices support only 38400 bits per second. A Modbus RTU operates a Master to slave structure. A Modbus master can connect with up to 254 slaves and exchange data. Each slave has its own 8-bit device address, often known as a unit number. The address of the slave for whom the communication is intended is included in the packets transmitted by the master. The slave must only answer if its address is recognized, and it must do so within a specific amount of time, or the master will consider it a "no response" error.
A slave is any peripheral device that analyzes data and delivers a response message to the master using Modbus, such as an I/O transducer, valve, network drive, or other measuring devices. The communication media for an RTU network is serial, either using RS232, RS422, or RS485.
Modbus ASCII is an older version of the protocol that contains all of the elements of an RTU packet but is entirely written in understandable ASCII characters. Modbus ASCII isn't supported, isn't widely used, and isn't included in the official Modbus protocol specification.
Since its inception, Ethernet IP/TCP has been the most common network protocol. Modbus TCP wraps Modbus RTU data packets in a TCP packet that can be sent over conventional Ethernet networks. In TCP, the slave address is not the primary method of addressing. The IP address, for example, 192.168.0.20, is the most essential here. The regular Modbus TCP port is 502, but it is frequently reconfigured if necessary. Modbus TCP follows the OSI network model.
Modbus shifts from the conventional master to slave relationship to the client to server, where the master becomes the client and the slave the server. There can be multiple clients and multiple slaves, which is one of the beauties of Modbus TCP made possible through the peer-to-peer communication of Ethernet IP. A standard RJ 45 cable (LAN) is used for physically connecting Modbus TCP compliant devices.
Modbus message structure
To be able to use any technology to its full capacity, it is pertinent to understand how it functions. Modbus makes use of registers in sending the different types of data. Registers are like ‘buckets’ that house data points. Some of the registers used in Modbus include the following;
- Discrete inputs (contacts): Discrete inputs are bit contact registers, and they can only be read. They can best be described as the contacts in PLC programming.
- Discrete Outputs (Coils): Coils are one-bit registers used as outputs. They are both read and write registers.
- Input registers: Inputs registers are 16-bit registers used for inputs. They are read only.
- Holding registers: Holding registers are 16-bit registers that are both read and write. They are the most universal register as they can be used for inputs, outputs, and for holding any kind of data.
Modbus function codes
The Modbus protocol specifies the number of function codes that can be used to access Modbus registers. Modbus defines four separate data blocks, each with addresses or register numbers that overlap. As a result, both the address (or register number) and the function code are required to comprehensively explain where to find a piece of data (or register type).
The function codes recognized by Modbus are listed in the table below. Although this is not an exhaustive list of function codes, they are the most used and important ones to familiarize with.
Modbus error (exception) code explanation
When a Modbus slave detects a packet but concludes that the request contains an error, it responds with an exception code rather than a data response. The slave address or unit number, a copy of the function code with the high bit set, and an exception code make up the exception reply.
This is only an introduction to what the Modbus protocol is all about. Numerous resources on the internet will explain some of these concepts. I encourage the reader to explore some of these resources. The Modbus protocol is a versatile industrial network protocol that has gained relevance in the automation society; hence having a good understanding is imperative.