Detailed Explanation of Modbus Protocol - Clear and Easy to Understand

Modbus protocol is a serial communication protocol published by Modicon Corporation (now Schneider Electric) in 1979 for communication using programmable logic controllers (PLCs). Modbus protocol has become the industry standard (De facto) for communication protocols in the industrial field, and is now a common connection method between industrial electronic devices.

1. Introduction to modbus protocol

Modbus protocol is a serial communication protocol published by Modicon Corporation (now Schneider Electric) in 1979 for communication using programmable logic controllers (PLCs). Modbus protocol has become the industry standard (De facto) for communication protocols in the industrial field, and is now a common connection method between industrial electronic devices. The main reasons why Modbus protocol is more widely used than other communication protocols are:

1.1 Published publicly and without copyright claims
1.2 Easy to deploy and maintain
1.3 There are not many restrictions on the supplier to modify the bits or bytes of the mobile local

Modbus protocol allows multiple (approximately 240) devices to communicate on the same network, for example, a device that measures temperature and humidity and sends the results to a computer. In the data acquisition and supervisory control system (SCADA), Modbus protocol is usually used to connect the monitoring computer and the remote terminal control system (RTU).

2. Protocol version of modbus protocol

Versions of the Modbus protocol currently exist for serial, Ethernet, and other networks that support Internet Protocol.

Most Modbus protocol device communication occurs over the serial EIA-485 physical layer.

For serial connections, two variants exist that differ slightly in numerical data representation and protocol details. Modbus protocol RTU is a compact, binary representation of data, and Modbus protocol ASCII is a human-readable, verbose representation. Both variants use serial communication. Subsequent commands/data in the RTU format have a checksum of the cyclic redundancy check, while the ASCII format uses a checksum of the longitudinal redundancy check. Nodes configured for the RTU variant will not communicate with nodes configured for the ASCII variant, and vice versa.

For connections via TCP/IP (e.g. Ethernet), there are several Modbus/TCP variants that do not require checksum calculations.

The data model and function calls are the same for all three communication protocols, only the encapsulation is different.

Modbus protocol has an extended version Modbus protocol Plus (Modbus+ or MB+), but this protocol is proprietary to Modicon and is different from Modbus protocol. It requires a dedicated coprocessor to handle HDLC-like high-speed token rotation. It uses a 1Mbit/s twisted pair, and each node has a switching isolation device, which is a device that uses switching/edge triggering instead of voltage/level triggering. Connecting Modbus protocol Plus to a computer requires a special interface, usually a board that supports ISA (SA85), PCI or PMCIA bus.

3. Modbus protocol communication and equipment

The Modbus protocol is a master/slave architecture protocol. One node is the master node, and other nodes that use the Modbus protocol to participate in communication are slave nodes. Each slave device has a unique address. In serial and MB+ networks, only the node designated as the master node can start a command (on Ethernet, any device can send a Modbus protocol command, but usually there is only one master node device start command).

A ModBus protocol command contains the Modbus protocol address of the device it intends to execute. All devices will receive the command, but only the device at the specified location will execute and respond to the command (except address 0, the command specified at address 0 is a broadcast command, and all devices that receive the command will run, but will not respond to the command). All Modbus protocol commands include checksums to make sure that arriving commands have not been corrupted. Basic ModBus protocol commands can instruct an RTU to change a value in one of its registers, control or read an I/O port, and direct the device to send back data in one or more of its registers.

There are many modems and gateways that support the Modbus protocol because the Modbus protocol is simple and easy to replicate. Some of them are specially designed for this protocol. There are different implementations using wired, wireless communication and even SMS and GPRS. However, designers need to overcome some issues including high latency and timing.

4. Implementation of modbus protocol

Almost all implementations are some variation of the official standard. Devices from different vendors may not communicate correctly. Some major changes are:

4.1 Data types
IEEE standard floating point numbers
32-bit integer
8 bit data
mixed data types
bit fields in integers
multipliers to change data to/from integer. 10, 100, 1000, 256 ...

4.2 Protocol extension
16-bit slave address
32-bit data size (1 address = return 32-bit data)
word swap data

5. Limitations of the modbus protocol

Modbus protocol was developed for PLC communication in the late 1970's, these limited data types were understandable by PLCs in that era, large binary object data was not supported.

For nodes, there is no standard way to find the descriptive information of a data object, for example, to determine whether a register data represents a temperature between 30-175 degrees.

Since Modbus protocol is a master/slave protocol, there is no way to ask devices to "report exceptions" (except for the TCP/IP protocol built on top of Ethernet, known as open-mbus) - the master node must loop through each node device, and look for changes in the data. In applications where bandwidth may be at a premium, this approach consumes bandwidth and network time in the application, such as on low-rate wireless links.

Modbus protocol can only handle 247 addresses on a single data link, which limits the number of devices that can be connected to the master station (again except for Ethernet TCP/IP)

Modbus protocol transmission is carried out in the way of buffering data between remote communication devices, and there is a restriction on the communication must be continuous, avoiding the problem of buffer loopholes in transmission

The Modbus protocol itself provides no security against unauthorized commands or intercepted data.