Some basics about the Modbus protocol

Feb 22, 2025 Leave a message

Industrial control has moved from stand-alone control to centralized monitoring and centralized control, and now has entered the network era, industrial controllers connected to the network also provides a convenient network management. Modbus is one of the network protocols for industrial controllers.


Introduction of Modbus communication protocol


Modbus protocol, first of all, from the literal understanding it includes Mod and Bus two parts, first of all, it is a bus, that is, bus protocol, and I2C, SPI similar, bus means that there are hosts, there are slaves, these devices on the same bus.

Modbus supports a single master, multiple slaves and up to 247 slave devices. About Mod, because this protocol was first used in PLC controllers, Modicon's PLC controllers to be exact, which is where the name Mod-Bus comes from.

Later Modicon was acquired by Schneider (Schneider), Modbus protocol is widely used in industrial controllers, HMIs and sensors, and gradually accepted by other manufacturers, becoming a mainstream communication protocol for communication with peripheral devices.

 

Modbus belongs to the seventh application layer in the 7-layer OSI reference model, and there are two types of data link layer: based on the standard serial protocol and TCP protocol, the physical layer can use 3-wire 232, 2-wire 485, 4-wire 422, or fiber optic, network cable, wireless and other transmission media.

 

Modbus protocol is a request/answer mode of interaction process, the host initiates the communication request, the slave responds to the host's request, the slave will not send data actively when it does not receive the host's request, and the slaves will not communicate with each other.


Features of Modbus communication protocol


(1)Standard, open, users can use the Modbus protocol free of charge, rest assured that there is no need to pay license fees, and will not violate intellectual property rights.

(2)Modbus can support a variety of electrical interfaces, such as RS-232, RS-485, etc. It can also be transmitted over a variety of media, such as twisted-pair, fiber optic, wireless and so on.

(3) The frame format of Modbus is simple, compact and easy to understand. It is easy for users to use and simple for vendors to develop.


Modbus 4 data types


Modbus protocol stipulates that the data types for read and write operations can be categorized into the following 4 types according to the read and write attributes and types:

1. Discrete input (Discretes Input ): 1 bit, read-only

2. Coils (Coils): 1-bit, read-write

3. Input Registers: 16 bits, read-only

4. Holding Registers: 16 bits, read/write.

 

Modbus Protocol Versions


Versions of the Modbus protocol currently exist for serial, Ethernet, and other networks that support the Internet Protocol.

Most Modbus devices communicate over the serial EIA-485 physical layer.

For serial connections, two variants exist that differ slightly in terms of different numerical data representations and protocol details.Modbus RTU is a compact, binary representation of data, and Modbus ASCII is a human-readable, verbose representation. Both variants use serial communication; the RTU format follows up with commands/data with a cyclic redundancy checksum, while the ASCII format uses a longitudinal redundancy checksum. Nodes configured for the RTU variant do not communicate with nodes configured for the ASCII variant and vice versa.

For connections via TCP/IP (e.g. Ethernet) where multiple Modbus/TCP variants exist, this approach does not require a checksum calculation.

For all three communication protocols the data model and function calls are the same, only the encapsulation is different.

Modbus has an extended version ModbusPlus (Modbus+ or MB+), however this protocol is Modicon proprietary and different from Modbus. It requires a specialized coprocessor to handle the high speed token rotation similar to HDLC. It uses 1Mbit/s twisted pair cable and has conversion isolation at each node, a device that uses conversion/edge triggering rather than voltage/level triggering. Connecting Modbus Plus to a computer requires a special interface, usually a board that supports the ISA (SA85), PCI or PMCIA bus.

So when we refer to the Modbus protocol, it is important to determine which mode it is, there is still a big difference between the different modes.


Modbus Data Frame Format


The first thing we need to know is that a normal MODBUS data frame contains the following: address field + function code + data + glitch checksum, plus the Modbus frame format is the same regardless of which version of the protocol is mentioned above:


Mainly includes:


1. address field: that is, the slave address to be accessed by the master, its range 0~247

2. Function code: i.e. what kind of operation the master wants to perform on the slave.

3. Data: If the master's request is to read data, then the "data" should contain the following information: where to start reading data + how much data to read. If the master's request is to write data to the slave, then the "data" should contain the following information: where to start writing data + how many bytes of data to write + the specific data to be written.

4. Error check: In order to ensure the correctness of data transmission, the Modbus protocol adds a two-byte error check at the end of the data frame.


Modbus Function Code

Modbus function codes, which are written in the host request data frame, determine whether the host reads or writes, whether it reads coils, discrete quantities or registers, whether it writes a single register or multiple registers, etc., and what type of data the host requests.


There are three main types of function codes: public function codes, user-defined function codes and reserved function codes.

1. Public Function Codes

-Function codes that are better defined

-Guaranteed to be unique

-Changeable by the MODBUS organization

-Publicly provable

-Have a usable conformance test

-Proven in the MB IETF RFCs

-Contains defined public assigned function codes and unassigned reserved function codes for future use.


2. User-defined function codes

There are two user-defined function code definition ranges, i.e. 65 to 72 and decimal 100 to 110.

-The user can select and implement a function code without any approval from the MODBUS organization.

-The use of the selected function code is not guaranteed to be unique.

-If the user wants to reset the function as a public function code, then the user has to start the RFC in order to introduce the change into the public classification and assign a new public function code.


3. Reserved Function Codes

-Function codes that are commonly used by some companies for legacy products and are not valid for public use.

The actual most commonly used are the 4 function codes in the public function codes: 03/04/06/10

0x03: Read multiple holding registers

0x04: Read input register

0x06: Write single holding registers

0x10: Write multiple holding registers

Since the PLC mainly controls relay contacts, the coils (Coils) are also frequently read and written on the PLC. Here need to pay special attention to one point is: write hold registers, need to distinguish between 0x06 write single register and 0x10 write multiple registers, while read hold registers do not distinguish between read single and read multiple, when you need to read a single hold register, is also the use of the 0x03 instruction, specify the number of reads for 1.
 

Send Inquiry

whatsapp

Phone

E-mail

Inquiry