What is Modbus
Despite it's age, Modbus is still one of the most commonly used protocols for field device communicaitons. It's relative simplicity and robustness and openness made it a protocol of choice for many automation hardware and software vendors. Because of this, Modbus is a safe choice for organization to commit to as there are always devices that support it.
Another major benefit of Modbus is that it does not prescribe a specific physical layer. Instead, Modbus can work on top of RS-232, RS-485 or TCP/IP over Ethernet. Those are all cheap and already commonly used in enterprises. This means there is no need to invest into expensive protocol-specific network infrastructure.
There are different types of Modbus implementation depending on data encoding format, the transport layer and some other considerations. The most popular protocol types are:
- Modbus RTU (binary over serial link)
- Modbus ASCII (text-based over serial link)
- Modbus TCP (binary over TCP/IP transport)
Modbus RTU Protocol Overview
Modbus RTU is a master-slave protocol. This means that only one device, the master, is allowed to initiate communication. The other devices on the network are called slaves and they may only respond to the requests. Modbus RTU can support up to 247 devices on the same physical network. It's possible to modify the protocol to support more slaves, but in most applications the standard limit of slaves if enough.
Modbus RTU encodes data as binary and uses big-endian encoding for 16-bit values. This means that the most significant byte of a 16-bit word is sent first.
Below is an example of Modbus RTU Request and Response messages with explanation of each item.
First, a master sends a request telling the slave
1 to return the value of one register starting at address
slave id (1) | function code (read holding registers) | | address of first register to read (2) | | | number of registers to read (1) | | | | checksum | | | | | 01 03 00 02 00 01 25 CA
The request also includes a checksum which is used to make sure the messaged is not corrupted on the way to the slave.
All slaves except for
1 must ignore the message. Slave
1 is expected to send a response message similar to the following:
slave id (repeats own id) | function code (repeats requested code) | | number of bytes of data (2) | | | the value of the register (0x07FF) | | | | checksum | | | | | 01 03 02 07 FF FA 34
Modbus ASCII works similar to Modbus RTU, but it uses text-based encoding of data. This make requests and responses human-readable, which is the main benefit over RTU. On the other hand, it's much less efficient because the messages become twice as long. Because of this, Modbus ASCII is only used for testing and rarely in production.
Limitations of Modbus RTU and ASCII
Low requirements and simplicity of the protocol has it's drawbacks:
- There is no good way to have multiple masters on the same network, or achive two-way communication. This is because there no mechanism to control media access and thus avoid collisions.
- It's hard to support many slaves with serial links such as RS-485. In fact, using more than a couple of dozens of devices is only possible by building a complex nested hierarchy of masters and slaves.
- The bandwidth of serial links is limited to 115200 baud. This is quite low by modern standards, but still works for many applications.
Modbus TCP is an adaptation of Modbus to be used on top of modern TCP/IP networks. There are two types of Modbus TCP implementation:
- Modbus RTU over TCP, which simply uses TCP as a transport layer for RTU messages
- Normal Modbus TCP which has some changes in the message format.
Because Modbus TCP uses Ethernet networks, the data transmission speeds is much higher than in RTU using serial links. The drawback is that TCP/IP stack is much more difficult to support in some types of field devices where Modbus RTU would work fine.
- Modbus RTU Data Frame
- Modbus Function Codes
- Modbus Exceptions
- Modbus RTU CRC Calculation
- Modbus TCP