Week 5 - Modbus Protocol Flashcards
Serial Protocols (RS-232 and RS-485)
Among the oldest and still widely used protocols.
They have low data rates (around 20 kbits/s) and no IP network or internet connectivity.
Variants are implemented in various devices like microcontrollers, embedded systems, single-board computers, and more.
Extremely basic and lack built-in security features.
Often used as a foundation for developing other protocols like Modbus Serial.
Modbus
protocol published by Modicon (now Schneider Electric) in 1979 for PLCs.
It is widely used in the industry, openly published, and royalty-free.
connects supervisory computers with remote terminal units (RTUs) in SCADA systems.
It uses terms like “master-slave” or “client-server” and has evolved to Modbus TCP for Ethernet and IP/TCP communication.
Queries follow a specific structure called a Modbus Frame, and Modbus supports data types like inputs, coils, input registers, and holding registers.
Modbus Frame
Modbus application protocol defines what is known as a Protocol Data Unit (PDU) which is completely independent of the underlying communication layers, be it TCP/IP or Serial.
The structure of the PDU is always the same, and it is only encapsulated depending on the type of physical connection (serial or TCP/IP communication).
Modbus Data types
Inputs (discrete input),
Coils,
Input register (input data),
Holding register (output data)
Inputs (discrete input)
1 bit of data (0 or 1), can only be read by a client, and its value is altered by I/O.
For instance, if I/O pins sense 5 volts, its value will change to 1, and zero volts make it 0.
Coils
1 bit of data (0 or 1), can be written to (or read from) by the client.
For instance, the client makes the value of a Coil 1, which means a specific I/O pin becomes 5 volts.
Input register (input data)
16 bits (2 bytes or 1 word), controlled by I/O.
Holding register (output data)
16 bits (2 bytes or 1 word), controlled by the user program.
Modbus functions
Read Discrete Inputs
Read Coils
Write Single Coil
Write Multiple Coils
Read Input Registers
Read Multiple Holding Registers
Write Single Holding Register
Write Multiple Holding Registers
PDU in transit
PDU structure is always the same, and PDU is only encapsulated depending on the type of physical connection (i.e., serial or TCP/IP communication.
This encapsulation introduces additional fields on the PDU depending on the type of
communication, this encapsulation is called Application Data Unit (ADU).
Function Code - Data
PDU in transit (serial)
Address Field,
Error Checking (CRC/LRC);
Addresses - Function Code - Data - CRC (or LRC)
Address Field
Slave address (master uses to specify the slave/server) ranges from 1 to 247.
Slave responses by placing its own address in this field to let the master know which slave is responding
Error check (CRC/LRC) Field
This is often 16-bit redundancy that is calculated depending on the rest of the PDU content and can indicate and correct some level of transmission error.
Stands for Cyclic and Longitudinal Redundancy Check.
PDU in transit (TCP/IP)
Modbus has defined PDU regardless of TCP/IP or Serial
communication
Modbus TCP has its own encapsulation of this fixed PDU for transmission over IP network, the encapsulated PDU is called Application Data Unit (ADU)
MBAP Header - Function Code - Data
Modbus Protocol Application header (MBPA)
Transaction identifier (2 bytes),
Protocol identifier (2 bytes),
Length (2 bytes),
Unit identifier/device address ( 1 byte);
