Difference between revisions of "Protocol:Modbus"

From Serious Documentation
Jump to: navigation, search
(Embedded Modbus Protocol Software)
(Embedded Modbus Protocol Software)
Line 236: Line 236:
  
 
=== Embedded Modbus Protocol Software ===
 
=== Embedded Modbus Protocol Software ===
* Coming soon: ''Serious'' sample source code for Renesas RL78 and Microchip PIC18! <ext>http://www.seriousintegrated.com/contact ::Contact ''Serious''</ext> for details.
+
* Coming soon: ''Serious'' sample source code for Renesas RL78 and Microchip PIC18! <ext>http://www.seriousintegrated.com/contact ::Contact Serious</ext> for details.
 
* <ext>http://myserious.com/viewforum.php?f=5 ::Serious SHIPWare</ext> No-cost C source code on Micrium, FreRTOS, and Segger for [[SIMs|Serious Integrated Modules]] ([[SIMs|SIM]] owners only, registration necessary)
 
* <ext>http://myserious.com/viewforum.php?f=5 ::Serious SHIPWare</ext> No-cost C source code on Micrium, FreRTOS, and Segger for [[SIMs|Serious Integrated Modules]] ([[SIMs|SIM]] owners only, registration necessary)
 
* <ext>http://www.protocessor.com/solutions/Free-Modbus-RTU-Source-Code.php ::Protocessor</ext> Free source for Microchip PIC18 MCUs (registration necessary)
 
* <ext>http://www.protocessor.com/solutions/Free-Modbus-RTU-Source-Code.php ::Protocessor</ext> Free source for Microchip PIC18 MCUs (registration necessary)
 
* <ext>http://micrium.com/page/products/rtos/modbus ::Micrum µC/Modbus</ext> Commercial, robust, and fully supported; many MCU ports
 
* <ext>http://micrium.com/page/products/rtos/modbus ::Micrum µC/Modbus</ext> Commercial, robust, and fully supported; many MCU ports

Revision as of 14:19, 25 November 2012

What is Modbus?

See References for more information and training on Modbus.

Modbus is a very simple master/slave communications protocol operated traditionally over point-to-point RS232 or multi-drop RS485 networks.

It is designed to be operated in half-duplex mode, with one device, and one device only, designated the master that is responsible for polling and directing all the slaves. Slaves cannot spontaneously initiate data messages: they must be polled by the masters. Similarly, slaves cannot talk peer-to-peer to another slave. The master must poll one slave, gather data, and re-send it to another.

Every slave on a given network must have a unique identification number (slave ID). Slaves may occupy more than one slave ID (acting as multiple slaves in one physical device), but no slave IDs can overlap. Typically slaves can be very simple devices, like sensors or actuators, with a tiny DIP switch to manually select from a range of slave IDs.

The master has no id (although in some networks 0 is reserved for the master). This is because the slaves to not need to address the master explicitly, they always just respond to requests from the master.

Modbus Protocol Modes

Modbus is a very simple set of packet protocol. When the packet is decoded, regardless of the protocol transmission "mode", they contain exactly the same message contents. Software decoders can be written with various decoder/encoder front ends for the different transmission modes and the rest of the software can be unified.

When Modbus is transmitted over RS232, RS422, and RS485 type serial networks, there are two standard transmission modes: ASCII or RTU (binary). The serial network must be designated ASCII or RTU. You cannot mix modes on the same network. There is no negotiation process or auto-baud capabilities. The type must be set by the network/system designer once and all devices on the network must be manually set to the correct speed.

When Modbus is transmitted over TCP/IP, the Modbus TCP mode is used.

Modbus ASCII

Modbus ASCII is a human-readable ASCII transmission format. Every master-initiated packet looks like this:

Modbus ASCII Packet Format (Master Packet)
Name Bytes Description
Start 1 ":" (ASCII 0x3A) start-of-packet character
Slave ID 2 ASCII of slave id (for example, slave id 0x2F is sent as two characters "2" and "F")
Function Code 3 ASCII of command (called a "function code", or "FCxx" where xx is the code)
Data varies Command specific data as a sequence of ASCII characters (2 per byte), in MSB format
Checksum 2 Simple 8-bit checksum
End 2 CR-LF sequence terminating packet

Every slave responds with a modified version of the packet:

Modbus ASCII Packet Format (Slave Response)
Name Bytes Description
Start 1 ":" (ASCII 0x3A) start-of-packet character
Slave ID 2 ASCII of slave id
Function Code 3 ASCII of command with high bit set if error
Data varies Command specific response data
Checksum 2 Simple 8-bit checksum
End 2 CR-LF sequence terminating packet

Modbus ASCII mode has several advantages:

  • easy to debug on a sniffer terminal device (a device that only listens but does not drive the RS232 or RS485 cable) since a terminal program can display the packets in a human readable format, 1 packet per line
  • easy to parse and stay synchronized in software, with a unique start character (':') and end sequence (CR-LF)
  • smaller/simpler software for the 8-bit checksum calculation than the 16-bit CRC used in RTU mode

and a few disadvantages:

  • half the speed of RTU: every byte is sent as a hex-ASCII value , it is half the speed of a binary transmission protocol.
  • less robust than RTU: an 8-bit checksum is far more susceptible to missing errors than the RTU's 16-bit CRC

Modbus RTU

Modbus RTU is a binary transmission format. Every master-initiated packet looks like this:

Modbus RTU Packet Format (Master Packet)
Name Bytes Description
Slave ID 1 The byte ID of the slave to target
Function Code 1 The command (called a "function code", or "FCxx" where xx is the code)
Data varies Command specific data as a sequence of bytes, in MSB format where appropriate
CRC 2 16-bit CRC

Every slave responds with a modified version of the packet:

Modbus ASCII Packet Format (Slave Response)
Name Bytes Description
Slave ID 1 The byte ID of the slave to target
Function Code 1 Same FC as master requested; high bit is set if error
Data varies Command specific response data as a sequence of bytes, in MSB format where appropriate
CRC 2 16-bit CRC

Modbus RTU mode has advantages:

  • faster than Modbus ASCII: one byte per character rather than two
  • more robust to noise than ASCII: the 16-bit CRC is better at detecting bit errors than the ASCII 8-bit checksum

and a few disadvantages:

  • tricker to write software to stay synchronized in a noisy environment: no start/end sequences
  • CRC requires more software on the slave to generate/test
  • harder to to debug on a sniffer terminal device: typically needs a packet decoder program

Modbus TCP

Although not currently natively supported in SHIP, Modbus packets can also be sent over TCP/IP connections to enable server and cloud connectivity. Often the SIM will be set up as a Modbus master controlling a slave (such as a motor, pump, or PLC). With the addition of a very simple UART to WiFi bridge and a server-based Modbus slave implementation, the SIM can now be "cloud connected" and send and receive information from a server. In this mode, for example, the SIM can supply a cloud-based application with motor or equipment status and both the GUI on the SIM and the cloud application can control the equipment.

Modbus TCP Packet Format (Master Packet)
Name Bytes Description
Sequence # 2 Since TCP/IP can deliver out-of-order, this enables in-order handling by master and slave.
Protocol ID 2 0x0000 means Modbus/TCP
Length 2 Number of bytes after this point in the packet
Slave ID 1 Slave Address 0x01..0xFE (0xFF if not used)
Function Code 1 Standard Modbus Function Code
Data (varies) FCxx specific command or response data
Modbus TCP Packet Format (Slave Response)
Name Bytes Description
Sequence # 2 Same sequence number from master packet.
Protocol ID 2 0x0000 means Modbus/TCP
Length 2 Number of bytes after this point in the packet
Slave ID 1 Slave Address 0x01..0xFE (0xFF if not used)
Function Code 1 Modbus Function Code (high bit set if error)
Data (varies) FCxx specific command or response data


Function Codes

Wikipedia has a complete list of common Modbus Function Codes. However the four basic codes are:


There are four basic function codes (FC's) in the Modbus system:


Modbus is a very simple set of packet protocol. There are 2 different Modbus transmission methods for each packet:

The network is either designated ASCII or RTU. You cannot mix packet types. There is no negotiation process or autobauding capabilities. The type must be set by the network/system designer once and all devices on the network must be manually set to the correct speed.

MODBUS_SLAVE_ASCII is a human-readable ASCII transmission format and is easy to debug on a sniffer terminal device (a device that only listens but does not drive the RS232 or RS485 cable) since a terminal program would display the packets . It is very easy to parse in software, with a unique start character (':') and end sequence (CR-LF), but because every byte is sent as a hex-ascii value (for example, an 'a' is sent as two bytes '2' and '1', representing hex 0x21 which is an 'a'), it is half the speed of a binary transmission protocol.

For more information on the protocol, see the list of modbus references.



As a Modbus slave, the SIM (and the GUI within the SIM is polled by a Master on the network.

References

More Information

Debugging Tools

  • Simply Modbus has inexpensive PC-Based software for simulating a master/slave
  • FrontLine Test Equipment has a PC-USB sniffer device (with software) for RS232 and 485 cables (this is what we use at Serious)

Embedded Modbus Protocol Software

Retrieved from "https://techref.myserious.com/index.php?title=Protocol:Modbus&oldid=443"