MODBUS

Modbus is a robust, industry-standard communication protocol designed for industrial automation systems. It allows
communication between devices connected on different types of networks. Created in 1979 by Modicon (now Schneider
Electric), Modbus is widely used for connecting programmable logic controllers (PLCs), sensors, meters, and other
devices in factory or plant automation setups.

Key Features of Modbus:

1. Master-Slave Communication:
o One device (master) initiates communication, and other devices (slaves) respond.
o The master queries the slaves, and the slaves only respond to the master's commands.
2. Open Protocol: Modbus is open and royalty-free, making it widely adopted across industries.
3. Multiple Variants:
o Modbus RTU (Remote Terminal Unit): Used over serial lines like RS-232 or RS-485.
o Modbus ASCII: Similar to RTU but uses ASCII characters for data representation.
o Modbus TCP/IP: A newer version that works over Ethernet/IP networks.
o Modbus Plus: A proprietary variant with peer-to-peer communication.
4. Simple Structure: Based on a client-server model, where data is exchanged in a straightforward way.
5. Reliability: It includes error-checking mechanisms, making it highly reliable for industrial systems.

Modbus Frame Format:

1. Address: Identifies the slave device (1 byte in RTU/ASCII, 4 bytes in TCP/IP).

2. Function Code: Specifies the operation (e.g., read, write) to be performed.
3. Data: Contains the data to be read, written, or processed.
4. CRC (Cyclic Redundancy Check): Used for error detection (not applicable in TCP/IP).

Types of Modbus Protocols:

1. Modbus RTU (Remote Terminal Unit)

o Communication Medium: Serial communication (RS-232, RS-485).
o Data Encoding: Binary format.
o Advantage: Efficient and compact data packets.
o Use Case: Suitable for systems requiring real-time control over serial networks.
2. Modbus ASCII
o Communication Medium: Serial communication (RS-232, RS-485).
o Data Encoding: Human-readable ASCII characters.
o Advantage: Easy to debug.
o Drawback: Larger data packets compared to RTU, leading to lower efficiency.
o Use Case: Legacy systems requiring human-readable data.
3. Modbus TCP/IP
o Communication Medium: Ethernet/IP networks.
o Data Encoding: Uses TCP/IP for transport, eliminating CRC (handled by TCP layer).
o Advantage: Easy integration with modern systems, allows multiple clients to communicate with one
server.
o Use Case: SCADA systems, where Ethernet networks are already in place.
4. Modbus Plus
o Communication Medium: Proprietary, uses peer-to-peer communication.
o Data Encoding: Binary.
 o Advantage: Devices can act as both master and slave.
o Drawback: Proprietary and less commonly used compared to other variants.

Modbus Function Codes (used to define the type of operation being performed):

Function Code Operation

01 Read Coils

02 Read Discrete Inputs

03 Read Holding Registers

04 Read Input Registers

05 Write Single Coil

06 Write Single Holding Register

15 Write Multiple Coils

16 Write Multiple Holding Registers

Applications of Modbus:

1. Industrial Automation: Communication between PLCs, SCADA systems, HMIs, and sensors.
2. Building Management Systems: Controlling HVAC systems, lighting, and power meters.
3. Energy Monitoring: Monitoring power meters and renewable energy systems like solar inverters.
4. Process Control: Monitoring and controlling pressure, temperature, and flow sensors in industrial plants.

Advantages of Modbus:

1. Wide Adoption: Open and royalty-free, supported by a vast number of devices.

2. Simplicity: Easy to implement and troubleshoot.
3. Versatility: Available for both serial and Ethernet communication.
4. Scalability: Works well in both small and large systems.

Limitations of Modbus:

1. Speed: Limited speed, especially in Modbus RTU and ASCII.

2. Distance: Limited range for serial communication; Ethernet (TCP/IP) overcomes this.
3. Security: No inherent encryption, making it vulnerable to cyberattacks in unprotected networks.
4. Single-Master Limitation: Traditional Modbus supports only one master in RTU/ASCII modes.

Comparison of Modbus Variants:

Feature Modbus RTU Modbus ASCII Modbus TCP/IP

Medium Serial (RS-232/485) Serial (RS-232/485) Ethernet

Encoding Binary ASCII TCP/IP

Efficiency High Low Moderate to High

Error Checking CRC LRC Handled by TCP

Speed Moderate Slow High

Use Case Real-time control Legacy systems Modern SCADA systems

Modbus is a simple yet powerful protocol for industrial communication. It is widely used due to its simplicity, open
nature, and support for multiple devices and media. Choosing the right Modbus variant (RTU, ASCII, or TCP/IP) depends
on the application’s requirements for speed, distance, and communication medium.

MODBUS RTU
Modbus RTU (Remote Terminal Unit) is a widely adopted serial communication protocol in industrial automation,
facilitating efficient data exchange between devices such as sensors, actuators, and controllers. Operating on a master-
slave architecture, it utilizes serial communication interfaces like RS-232, RS-422, and RS-485.

Key Features of Modbus RTU:

 Data Encoding: Employs a compact, binary representation in big-endian format, enhancing communication
efficiency.
 Frame Structure: Each frame comprises a slave address, function code, data, and a Cyclic Redundancy Check
(CRC) for error detection.
 Transmission Requirements: Frames must be transmitted continuously without inter-character delays, with
specific timing constraints to ensure data integrity.
 Error Checking: Incorporates a CRC-16 checksum to detect transmission errors, ensuring reliable communication.

Common Use Cases:

 Industrial Automation: Connecting PLCs, sensors, and actuators for process control.
 Building Management Systems: Monitoring and controlling HVAC, lighting, and security systems.
 Energy Management: Interfacing with power meters and renewable energy systems for data collection and
control.

Advantages:

 Simplicity: Straightforward implementation and troubleshooting.

 Efficiency: Compact binary frames enable faster data transmission compared to ASCII-based protocols.
 Wide Adoption: Open standard with extensive support across various devices and industries.

Limitations:

 Distance Constraints: Limited by the physical characteristics of serial communication interfaces.

 Single Master Limitation: Traditional Modbus RTU networks support only one master device.
 Security Concerns: Lacks inherent encryption, making it vulnerable to interception in unsecured networks.

Function Codes: Modbus RTU employs function codes to define specific operations between a master and slave devices.
These codes instruct the slave on the action to perform and determine the structure of the data exchanged. Below is a
summary of commonly used Modbus RTU function codes:

Data Access: Bit Access

Function Code Function Name Description

0x01 (01) Read Coils Reads the status of coils (outputs); allows reading from 1 to 2000 coils.
0x02 (02) Read Discrete Inputs Reads the status of discrete inputs; allows reading from 1 to 2000 inputs.
0x05 (05) Write Single Coil Sets the status of a single coil (output) to ON or OFF.
0x0F (15) Write Multiple Coils Sets the status of multiple coils (outputs); allows writing to multiple coils.
 Data Access: 16-bit Access

Function Function Name Description

Code
0x03 (03) Read Holding Registers Reads the contents of holding registers; allows reading from 1 to 125 registers.
0x04 (04) Read Input Registers Reads the contents of input registers; allows reading from 1 to 125 registers.
0x06 (06) Write Single Register Writes a value to a single holding register.
0x10 (16) Write Multiple Registers Writes values to multiple holding registers; allows writing to multiple registers.
0x17 (23) Read/Write Multiple Performs a combination of one read operation and one write operation in a single
Registers transaction.

Diagnostics and Other Functions

Function Function Name Description

Code
0x07 (07) Read Exception Reads the status of eight Exception Status outputs; specific to serial line only.
Status
0x08 (08) Diagnostics Provides a series of tests for checking the communication system between master and slave;
specific to serial line only.
0x11 (17) Report Server ID Reads the description of the type, the current status, and other information specific to the
slave device; specific to serial line only.
0x2B (43) Read Device Reads the identification and additional information relative to the physical and functional
Identification description of the slave device.

Modbus RTU Message Frame Structure:

Field Size Description

Slave 1 byte Identifies the slave device intended to receive the message. Valid addresses range from 1 to 247;
Address address 0 is reserved for broadcast messages.

Function 1 byte Specifies the action to be performed by the slave (e.g., read or write operations). Common function
Code codes include: 0x03 (Read Holding Registers), 0x06 (Write Single Register), and 0x10 (Write Multiple
Registers).

Data Variable (0– Contains the data associated with the function code, such as register addresses and values. The length
252 bytes) and content of this field vary depending on the function code and the specific operation.

CRC 2 bytes Cyclic Redundancy Check for error detection. It ensures the integrity of the message by detecting
errors that may have occurred during transmission. The CRC is calculated over the entire message
frame except for the CRC field itself.

Transmission and Timing Requirements:

 Frame Delimiters: Modbus RTU messages are framed by silent intervals to distinguish between consecutive
messages. A silent interval of at least 3.5 character times (t3.5) marks the end of one message and the beginning
of the next. This ensures that devices can correctly identify the start and end of each message.
 Inter-Character Timing: The time interval between two consecutive characters within a message must not
exceed 1.5 character times (t1.5). Exceeding this interval may cause the receiving device to interpret the
message as incomplete or erroneous.
 Continuous Transmission: The entire message frame must be transmitted as a continuous stream without inter-
character delays exceeding t1.5. Interruptions longer than this may lead to communication errors.
Example of a Modbus RTU Frame:

Consider a Modbus RTU frame in hexadecimal representation: 01 04 02 FF FF B8 80

 Slave Address: 01 (addressing slave device 1)

 Function Code: 04 (Read Input Registers)
 Data: 02 FF FF (data content, specifics depend on the function code)
 CRC: B8 80 (CRC-16-MODBUS checksum)

In this example, the master device is instructing slave device 1 to perform a read operation on input registers, with the
data field specifying the details of the request.

Data Types in Modbus RTU:

Modbus RTU primarily utilizes two fundamental data types:

1. Coils: These are single-bit binary values representing discrete on/off states. A coil can be either ON (1) or OFF (0).
Coils are typically used to control or monitor binary outputs and inputs.
2. Registers: These are 16-bit data storage locations used to hold numerical values. Registers can store various
types of data, including:
o Integer Values: Whole numbers within the range of a 16-bit signed or unsigned integer.
o Floating Point Numbers: By combining two consecutive 16-bit registers, Modbus RTU can represent 32-
bit floating-point numbers, adhering to the IEEE 754 standard.
o ASCII Characters: Registers can store ASCII characters, allowing the transmission of textual data.
o Tables and Queues: Registers can be organized to represent structured data like tables or queues,
enabling complex data management.

Message Framing:

A typical Modbus RTU message frame consists of the following components:

 Slave Address (1 byte): Identifies the slave device intended to receive the message.
 Function Code (1 byte): Specifies the action to be performed, such as reading or writing data.
 Data ((0-252 bytes): Contains the actual data being transmitted or parameters related to the function code.
 Cyclic Redundancy Check (CRC) (2 bytes): Provides error-checking capabilities to ensure data integrity during
transmission.

Transmission Details:

Each byte in Modbus RTU is transmitted as 11 bits, structured as follows:

 1 Start Bit
 8 Data Bits (Least Significant Bit first)
 1 Parity Bit (optional)
 1 Stop Bit

This framing ensures synchronized communication between devices.

Data Encoding: Modbus RTU uses binary encoding for data representation, which allows for faster transmission speeds
and smaller message sizes compared to ASCII encoding. This compact format is particularly advantageous in
environments where bandwidth is limited or communication speed is critical. For 16-bit values, Modbus RTU employs
big-endian encoding, meaning the most significant byte is transmitted first.

Error Checking: The protocol utilizes a 16-bit CRC (Cyclic Redundancy Check) appended at the end of each message. This
CRC is calculated based on the message content and helps detect errors during transmission.
Timing Considerations:

To maintain proper synchronization and frame integrity, Modbus RTU defines specific timing requirements:

 Inter-frame Delay: A minimum silent interval of 3.5 character times is required between consecutive messages.
 Inter-character Delay: The time between characters within a message should not exceed 1.5 character times.

These timing constraints help receivers distinguish between separate messages and detect communication errors.

----------------------------------------------------------------------------------------------------------------------------------------------------------------

Modbus RTU Data Tables: In Modbus RTU, data is organized into four primary tables, each serving distinct purposes and
accessed using specific function codes.

1. Discrete Output Coils:

 Type: Single-bit (1 bit)
 Access: Read/Write
 Function Codes:
o Read: 01 (0x01)
o Write Single: 05 (0x05)
o Write Multiple: 15 (0x0F)
 Address Range: 0000 to 270E (0 to 9998)
 Coil/Register Numbers: 1 to 9999

2. Discrete Input Contacts:

 Type: Single-bit (1 bit)
 Access: Read-Only
 Function Code: Read: 02 (0x02)
 Address Range: 0000 to 270E (0 to 9998)
 Coil/Register Numbers: 10001 to 19999

3. Analog Input Registers:

 Type: 16-bit (2 bytes)
 Access: Read-Only
 Function Code: Read: 04 (0x04)
 Address Range: 0000 to 270E (0 to 9998)
 Coil/Register Numbers: 30001 to 39999

4. Analog Output Holding Registers:

 Type: 16-bit (2 bytes)
 Access: Read/Write
 Function Codes:
o Read: 03 (0x03)
o Write Single: 06 (0x06)
o Write Multiple: 16 (0x10)
 Address Range: 0000 to 270E (0 to 9998)
 Coil/Register Numbers: 40001 to 49999

Each table can hold up to 9,999 values. It's important to note that while coil/register numbers are used for reference, the
actual Modbus messages utilize data addresses. For instance, the first Holding Register, numbered 40001, corresponds to
data address 0000. This offset is a common source of confusion, as the numbering starts at 1, but the addressing starts at
0.