Modbus
Encyclopedia
Modbus is a serial communications protocol
published by Modicon
in 1979 for use with its programmable logic controller
s (PLCs). Simple and robust, it has since become one of the de facto
standard
communications protocols in the industry
, and it is now amongst the most commonly available means of connecting industrial electronic
devices. The main reasons for the extensive use of Modbus in the industrial environment are:
Modbus allows for communication between many (approximately 240) devices connected to the same network, for example a system that measures temperature and humidity and communicates the results to a computer
. Modbus is often used to connect a supervisory computer with a remote terminal unit (RTU) in supervisory control and data acquisition
(SCADA
) systems. Many of the data types are named from its use in driving relays: a single-bit physical output is called a coil, and a single-bit physical input is called a discrete input or a contact.
The development and update of Modbus protocols are managed by the Modbus Organization, formed of independent users and suppliers of Modbus compliant devices.
and for Ethernet
and other networks that support the Internet protocol suite
. Most Modbus devices communicate over a serial EIA-485 physical layer http://www.obvius.com/documentation/faq/modbus.html. There are many variants of Modbus protocols
Data model and function calls are identical for the first 4 variants of protocols; only the encapsulation is different. However the variants are not interoperable as the frame formats are different.
There are many modems and gateways that support Modbus, as it is a very simple protocol and often copied. Some of them were specifically designed for this protocol. Different implementations use wireline, wireless communication, such as in the ISM band
, and even SMS
or GPRS. One of the more common designs of wireless networks makes use of the mesh topology
. Typical problems the designers have to overcome include high latency and timing problems.
Unit identifier is used with MODBUS/TCP devices that are composites of several MODBUS devices, e.g. on MODBUS/TCP to MODBUS RTU gateways. In such case, the unit identifier tells the Slave Address of the device behind the gateway. Natively MODBUS/TCP-capable devices usually ignore the Unit Identifier.
The byte order is Big-Endian (first byte contains MSB)
Note: The "Function code" field is part of the PDU and not part of the transport (TCP) header.
Function Name Function Code
Data Access Bit access Physical Discrete Inputs Read Discrete Inputs 2
Internal Bits or Physical Coils Read Coils 1
Write Single Coil 5
Write Multiple Coils 15
16-bit access Physical Input Registers Read Input Register 4
Internal Registers or Physical Output Registers Read Holding Registers 3
Write Single Register 6
Write Multiple Registers 16
Read/Write Multiple Registers 23
Mask Write Register 22
Read FIFO Queue 24
File Record Access Read File Record 20
Write File Record 21
Diagnostics Read Exception Status 7
Diagnostic 8
Get Com Event Counter 11
Get Com Event Log 12
Report Slave ID 17
Read Device Identification 43
Other Encapsulated Interface Transport 43>
for the promotion and development of Modbus protocol.
Communications protocol
A communications protocol is a system of digital message formats and rules for exchanging those messages in or between computing systems and in telecommunications...
published by Modicon
Modicon
Modicon can mean:* Modicon PLC, the first programmable logic controller or PLC. The brand has gone through several owners and is now owned by Schneider Electric.* Modicon , an oral contraceptive formulation...
in 1979 for use with its programmable logic controller
Programmable logic controller
A programmable logic controller or programmable controller is a digital computer used for automation of electromechanical processes, such as control of machinery on factory assembly lines, amusement rides, or light fixtures. PLCs are used in many industries and machines...
s (PLCs). Simple and robust, it has since become one of the de facto
De facto
De facto is a Latin expression that means "concerning fact." In law, it often means "in practice but not necessarily ordained by law" or "in practice or actuality, but not officially established." It is commonly used in contrast to de jure when referring to matters of law, governance, or...
standard
Standardization
Standardization is the process of developing and implementing technical standards.The goals of standardization can be to help with independence of single suppliers , compatibility, interoperability, safety, repeatability, or quality....
communications protocols in the industry
Industry
Industry refers to the production of an economic good or service within an economy.-Industrial sectors:There are four key industrial economic sectors: the primary sector, largely raw material extraction industries such as mining and farming; the secondary sector, involving refining, construction,...
, and it is now amongst the most commonly available means of connecting industrial electronic
Electronics
Electronics is the branch of science, engineering and technology that deals with electrical circuits involving active electrical components such as vacuum tubes, transistors, diodes and integrated circuits, and associated passive interconnection technologies...
devices. The main reasons for the extensive use of Modbus in the industrial environment are:
- It has been developed with industrial applications in mind
- It is openly published and royalty-free
- It is easy to deploy and maintain
- It moves raw bits or words without placing many restrictions on vendors
Modbus allows for communication between many (approximately 240) devices connected to the same network, for example a system that measures temperature and humidity and communicates the results to a computer
Computer
A computer is a programmable machine designed to sequentially and automatically carry out a sequence of arithmetic or logical operations. The particular sequence of operations can be changed readily, allowing the computer to solve more than one kind of problem...
. Modbus is often used to connect a supervisory computer with a remote terminal unit (RTU) in supervisory control and data acquisition
Data acquisition
Data acquisition is the process of sampling signals that measure real world physical conditions and converting the resulting samples into digital numeric values that can be manipulated by a computer. Data acquisition systems typically convert analog waveforms into digital values for processing...
(SCADA
SCADA
SCADA generally refers to industrial control systems : computer systems that monitor and control industrial, infrastructure, or facility-based processes, as described below:...
) systems. Many of the data types are named from its use in driving relays: a single-bit physical output is called a coil, and a single-bit physical input is called a discrete input or a contact.
The development and update of Modbus protocols are managed by the Modbus Organization, formed of independent users and suppliers of Modbus compliant devices.
Protocol versions
Versions of the Modbus protocol exist for serial portSerial port
In computing, a serial port is a serial communication physical interface through which information transfers in or out one bit at a time...
and for Ethernet
Ethernet
Ethernet is a family of computer networking technologies for local area networks commercially introduced in 1980. Standardized in IEEE 802.3, Ethernet has largely replaced competing wired LAN technologies....
and other networks that support the Internet protocol suite
Internet protocol suite
The Internet protocol suite is the set of communications protocols used for the Internet and other similar networks. It is commonly known as TCP/IP from its most important protocols: Transmission Control Protocol and Internet Protocol , which were the first networking protocols defined in this...
. Most Modbus devices communicate over a serial EIA-485 physical layer http://www.obvius.com/documentation/faq/modbus.html. There are many variants of Modbus protocols
- Modbus RTU — This is used in serial communication & makes use of a compact, binary representation of the data for protocol communication. The RTU format follows the commands/data with a cyclic redundancy checkCyclic redundancy checkA cyclic redundancy check is an error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data...
checksum as an error check mechanism to ensure the reliability of data. Modbus RTU is the most common implementation available for Modbus. A Modbus RTU message must be transmitted continuously without inter-character hesitations. Modbus messages are framed (separated) by idle (silent) periods. - Modbus ASCIIASCIIThe American Standard Code for Information Interchange is a character-encoding scheme based on the ordering of the English alphabet. ASCII codes represent text in computers, communications equipment, and other devices that use text...
— This is used in serial communication & makes use of ASCII characters for protocol communication. The ASCII format uses a longitudinal redundancy checkLongitudinal redundancy checkIn telecommunication, a longitudinal redundancy check or horizontal redundancy check is a form of redundancy check that is applied independently to each of a parallel group of bit streams...
checksum. Modbus ASCII messages are framed by leading colon (':') and trailing newline (CR/LF). - Modbus TCP/IP or Modbus TCP — This is a Modbus variant used for communications over TCP/IP networks, connecting over port 502. It does not require a checksum calculation as lower layers already provide checksum protection.
- Modbus over TCP/IP or Modbus over TCP or Modbus RTU/IP — This is a Modbus variant that differs from Modbus TCP in that a checksum is included in the payload as with Modbus RTU.
- Modbus over UDPUser Datagram ProtocolThe User Datagram Protocol is one of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol network without requiring...
— Some have experimented with using Modbus over UDP on IP networks, which removes the overheads required for TCPTransmission Control ProtocolThe Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP... - Modbus Plus (Modbus+, MB+ or MBP) — An extended version, Modbus Plus (Modbus+ or MB+), also exists, but remains proprietary to SCHNEIDER ELECTRIC. It requires a dedicated co-processor to handle fast HDLCHigh-Level Data Link ControlHigh-Level Data Link Control is a bit-oriented synchronous data link layer protocol developed by the International Organization for Standardization...
-like token rotation. It uses twisted pair at 1 Mbit/s and includes transformer isolation at each node, which makes it transition/edge triggered instead of voltage/level triggered. Special interfaces are required to connect Modbus Plus to a computer, typically a card made for the ISA (SA85), PCI or PCMCIA bus. - Modbus PEMEX- Modbus PEMEX is an extension of standard Modbus with support for historical and flow data. It is widely used in process automation.
Data model and function calls are identical for the first 4 variants of protocols; only the encapsulation is different. However the variants are not interoperable as the frame formats are different.
Communication and devices
Each device intended to communicate using Modbus is given a unique address. In serial and MB+ networks only the node assigned as the Master may initiate a command, but on Ethernet, any device can send out a Modbus command, although usually only one master device does so. A Modbus command contains the Modbus address of the device it is intended for. Only the intended device will act on the command, even though other devices might receive it (an exception is specific broadcastable commands sent to node 0 which are acted on but not acknowledged). All Modbus commands contain checking information, ensuring that a command arrives undamaged. The basic Modbus commands can instruct an RTU to change a value in one of its registers, control or read an I/O port, as well as commanding the device to send back one or more values contained in its registers.There are many modems and gateways that support Modbus, as it is a very simple protocol and often copied. Some of them were specifically designed for this protocol. Different implementations use wireline, wireless communication, such as in the ISM band
ISM band
The industrial, scientific and medical radio bands are radio bands reserved internationally for the use of radio frequency energy for industrial, scientific and medical purposes other than communications....
, and even SMS
Short message service
Short Message Service is a text messaging service component of phone, web, or mobile communication systems, using standardized communications protocols that allow the exchange of short text messages between fixed line or mobile phone devices...
or GPRS. One of the more common designs of wireless networks makes use of the mesh topology
Mesh networking
Mesh networking is a type of networking where each node must not only capture and disseminate its own data, but also serve as a relay for other nodes, that is, it must collaborate to propagate the data in the network....
. Typical problems the designers have to overcome include high latency and timing problems.
Frame Format
All modbus variants choose different frame formats.| Modbus RTU Frame Format | ||||
|---|---|---|---|---|
| Name | Length | Function | ||
| Start | 3.5c idle | at least 3-1/2 character times of silence (MARK condition) | ||
| Address | 8 bits | Station Address | ||
| Function | 8 bits | Indicates the function codes like read coils / inputs | ||
| Data | n * 8 bits | Data + length will be filled depending on the message type | ||
| CRC Check | 16 bits | Error checks | ||
| End | 3.5c idle | at least 3-1/2 character times of silence between frames | ||
| Modbus ASCII Frame Format | ||||
|---|---|---|---|---|
| Name | Length | Function | ||
| Start | 1 char | starts with colon ( : ) (ASCII value is 3A hex) | ||
| Address | 2 chars | Station Address | ||
| Function | 2 chars | Indicates the function codes like read coils / inputs | ||
| Data | n chars | Data +length will be filled depending on the message type | ||
| LRC Check | 2 chars | Error checks | ||
| End | 2 chars | carriage return – line feed(CRLF) pair (ASCII values of 0D & 0A hex) | ||
| Modbus TCP Frame Format | ||||
|---|---|---|---|---|
| Name | Length | Function | ||
| Transaction Identifier | 2 bytes | For synchronization between messages of server & client |
||
| Protocol Identifier | 2 bytes | Zero for MODBUS/TCP | ||
| Length Field | 2 bytes | Number of remaining bytes in this frame | ||
| Unit Identifier | 1 byte | Slave Address (255 if not used) | ||
| Function code | 1 byte | Function codes as in other variants | ||
| Data bytes | n bytes | Data as response or commands | ||
Unit identifier is used with MODBUS/TCP devices that are composites of several MODBUS devices, e.g. on MODBUS/TCP to MODBUS RTU gateways. In such case, the unit identifier tells the Slave Address of the device behind the gateway. Natively MODBUS/TCP-capable devices usually ignore the Unit Identifier.
The byte order is Big-Endian (first byte contains MSB)
Note: The "Function code" field is part of the PDU and not part of the transport (TCP) header.
Supported Function Codes
The various reading, writing and other operations are categorised as follows. The most primitive reads and writes are shown in bold. A number of sources use alternative terminology, for example Force Single Coil where the standard uses Write Single Coil.Implementations
Almost all implementations have variations from the official standard. Different varieties might not communicate correctly between equipment of different suppliers. Some of the most common variations are:- Data types
- Floating pointFloating pointIn computing, floating point describes a method of representing real numbers in a way that can support a wide range of values. Numbers are, in general, represented approximately to a fixed number of significant digits and scaled using an exponent. The base for the scaling is normally 2, 10 or 16...
IEEE - 32-bit integer
- 8-bit data
- Mixed data types
- Bit fields in integers
- Multipliers to change data to/from integer. 10, 100, 1000, 256 ...
- Floating point
- Protocol extensions
- 16-bit slave addresses
- 32-bit data size (1 address = 32 bits of data returned.)
- Word swapped data
Limitations
- Since Modbus was designed in the late 1970s to communicate to programmable logic controllerProgrammable logic controllerA programmable logic controller or programmable controller is a digital computer used for automation of electromechanical processes, such as control of machinery on factory assembly lines, amusement rides, or light fixtures. PLCs are used in many industries and machines...
s, the number of data types is limited to those understood by PLCs at the time. Large binary objects are not supported. - No standard way exists for a node to find the description of a data object, for example, to determine if a register value represents a temperature between 30 and 175 degrees.
- Since Modbus is a master/slave protocol, there is no way for a field device to "report by exception" (except over Ethernet TCP/IP, called open-mbus)- the master node must routinely poll each field device, and look for changes in the data. This consumes bandwidth and network time in applications where bandwidth may be expensive, such as over a low-bit-rate radio link.
- Modbus is restricted to addressing 247 devices on one data link, which limits the number of field devices that may be connected to a master station (once again Ethernet TCP/IP proving the exception).
- Modbus transmissions must be contiguous which limits the types of remote communications devices to those that can buffer data to avoid gaps in the transmission.
- Modbus protocol provides no security against unauthorized commands or interception of data.
Trade group
The Modbus organization is a trade associationIndustry trade group
A trade association, also known as an industry trade group, business association or sector association, is an organization founded and funded by businesses that operate in a specific industry...
for the promotion and development of Modbus protocol.
External links
- Modbus Organization site
- Detailed Protocol Description
- Modicon - Modbus Protocol Reference Guide
- Modbus TCP
- Protocol explanation for Java developers
- Free Modbus Device Testing Software
- Training video: Connecting I/O Devices to SCADA/HMI Using MODBUS RTU and TCP
- Training video: Wireless Connect of Modbus Enabled Remote IO to SCADA/HMI With GSM-modem
Open-source software
- A C# implementation of the Modbus protocol.
- An Open Source Modbus library in C for GNU/Linux, Mac OS X, FreeBSD, and QNX
- QModBus is a graphical Modbus master application for Linux and Windows.
- Free Modbus ASCII/RTU and TCP for microcontrollers. In C. New site location is http://www.freemodbus.org/. A commercially supported version is available at http://www.embedded-solutions.at/.
- Protocol::Modbus in Perl
- Modbus::Client in Perl
- Modbus master in Ruby. Public domain sample code, can easily be re-implemented in other scripting languages.
- rmodbus. Free implementation of ModBus protocol in pure Ruby.
- jamod. Implementation of ModBus protocol in Java.
- Modbus4J. Implementation of the ModBus protocol in Java. Part of the Mango M2M project.
- ModBus-Droid. Modbus Scanner for Android based on a modified version of the Modbus4J library.
- node-modbus-stack. Open-source implementation of the Modbus protocol, written in JavaScript for NodeJS.
- pymodbus. Free implementation of ModBus protocol in Python.
- MinimalModbus An easy-to-use Python module for talking to instruments (slaves) using the Modbus protocol.
- modbus-tk. Another implementation of Modbus Protocol in Python
- MBLogic - Free implementation of Modbus/TCP in Python
- DelphiModbus - Free Delphi implementation of Modbus/TCP