The Internet of Things and the concept of connecting everything is quite trendy, isn’t it? Upon seeing Alibaba Cloud’s IoT platform, I thought about directly connecting the PLC to the Alibaba Cloud IoT platform. After several days of testing, I finally succeeded.
▲ Siemens’ MQTT client library
▲ Publishing messages
▲ Platform received the message
First, create a product, I named mine S7-1500, select custom for the category, choose direct connection device for the node type, Ethernet for the networking method, and transparent/custom for the data format, with the authentication method set to device secret.
Our PLC is basically a gateway, and not a sub-device under a gateway, so we selected direct connection device. The networking method is straightforward, it comes out through the CPU’s built-in Ethernet port, so we chose Ethernet. The data format is set to transparent; while selecting standard format is also possible, it would require more work for the PLC to organize data, converting arrays to strings and sending them in JSON format, which is not the PLC’s strong suit. The authentication method is device secret, with three options available; ID2 requires purchase, which I didn’t need to test, X.509 involves certificates, which I haven’t researched yet, so we will discuss that later. After saving, the product is created.
Next, add a device under the product, the device belongs to the product, and if you created more than one product earlier, you need to select which product to add the device under.
I added a device named PLC1 under the S7-1500 product.
This is the device I added:
Note the information in the red circle, this is the information needed for device authentication, which Alibaba refers to as the three elements. This information needs to be kept confidential, especially the DeviceSecret, which must not be leaked; otherwise, others can impersonate your device to connect to the network.
Next is the Topic list, which we will need when subscribing/publishing messages. You can only publish/subscribe to the topics in the list; we tested with the predefined ones.These are basically the settings on the Alibaba Cloud side.
Just like debugging serial communication before, I will let my PLC communicate with a serial device. I will first use the serial debugging tool on the PC to connect to the serial device, send communication commands according to the communication protocol, check the device’s response, and see if my understanding of the protocol is correct.
Since I haven’t used the LMQTT client block before, if I can’t connect later, it will be hard to pinpoint where the problem lies; is it a library issue or a parameter setting issue? So, I also found one; the example in Alibaba Cloud’s documentation uses MQTT.FX, while I use MQTTBOX, which are quite similar, with the parameters being mostly the same.
I’ve listed a few parameters:
broker address server/proxy domain name
broker port server/proxy port
clientid
username
password
Besides the port number, which is 1883 for TCP direct connection, the other parameters are related to the three elements of the created device.
The ${} above is a placeholder to be replaced with actual values, such as the productkey, devicename, etc., where ${region} currently only has cn-shanghai.
These parameters will be needed when the PLC connects to the platform. First, test with the MQTT client on the PC to see if it can connect to the platform. If it can, it means these parameters are correct; if not, we need to check where the error is, especially when generating the password; an extra space or a case error can lead to different generated passwords.
Below are my client settings in mqttbox:
It is important to note that Alibaba Cloud requires cleansession to be set to 1, and the keepalive time should not be set too short, recommended is 300s; otherwise, the connection will be refused.
If it can connect to the platform here, it means these parameters are all correct, and then we can proceed with PLC programming.
Since I do not have the physical S7-1500 CPU, testing is done using PLCSIM ADVANCED. To connect to Alibaba Cloud, it requires external network access, so the settings for PLCSIM ADVANCED also need to be particular; online access must choose virtual eth. adapter, and below that, it should be via Ethernet rather than the internal bus local. Switching online access requires no instances to be running.
Next, download the LMQTT library, open the library in the project files, and call the library program in your own block. It will automatically add an FB and several data types.
Fortunately, this FB is open-source and not encrypted, allowing free modification.
Among the data types, the first is used to set the connection flag, the second for setting MQTT connect parameters, the third for publishing, the fourth for subscribing, the fifth for receiving subscribed data, and the sixth for setting TCP connection properties, such as server address, port number, which interface the PLC uses, connection ID, etc.
▲ Calling the library
Create a data block to save the parameters used. Besides the first data type, create one for each of the other types because the first is included in the second.
The enable parameter is a bool type, 1 to connect to the server, 0 to disconnect; the publishdata parameter is for publishing topics, subscribetoTopic is for subscribing to topics; these two will be discussed later, as they are not needed when testing the connection. The tcpConnParam sets connection properties, while mqttParam sets MQTT connection properties. These two parameters must be set correctly to connect to the server.
First, let’s discuss tcpConnParam:
The first parameter usdQdn should be set to 1 because we are accessing the Alibaba Cloud server, which can only be accessed via domain name and not by IP address;
The second parameter hwidentifier is the device identifier for the Ethernet port. For newer CPUs, setting it to 0 defaults to using the first Ethernet port, or you can check the identifier for the specified port in the configuration. For instance, the identifier for the Ethernet port on a 1511 CPU is 64. connectionID is the connection ID, which anyone who has done Siemens network communication knows must be unique for each connection.
qdnAddressBroker is the address provided by the Alibaba Cloud platform, composed according to the following rules, based on productkey and region code, formatted as:
{productkey}.iot-as-mqtt.cn-shanghai.aliyuncs.com, where {productkey} is replaced with your own productkey;
Since qdn is used, ipAddressBroker does not need to be set;
localport does not need to be set, default 0 is fine, as the client does not need to specify a port number;
mqttPort is set to 1883, the port number used for MQTT TCP direct connection;
The next four parameters are not set, but will be needed for secure connections; currently, only TCP direct connection is used.
connectflag
According to Alibaba Cloud’s requirements, cleanSession must be set to 1, will and willRetain must be set to 0, and the qos setting for connect must also be 0. Since connecting to Alibaba Cloud requires login, the username and password must be set to 1.keepAlive cannot be less than 30, Alibaba recommends 300.
clientidentifier is a bit tricky; according to the MQTT protocol, this field should be less than 23 bytes in length, but it is allowed to exceed this length. However, Alibaba Cloud’s setting is far beyond 23 bytes, while Siemens’ MQTT library specifies the data type as string[23], so we need to change this. Since this is pulled from the library, it requires updating the library and republishing. This is the first modification I made to the library:willtopic and willmessage are left empty; username and password are generated based on the first reference connection.
With the overall framework set up, we can proceed to testing!
Note: When using the LMQTT library, I encountered a small issue; when enable is set to 1, during connection establishment, the status continuously reports 16#0000_8089 error, and statusID is 2. Checking the source code of the library, statusID corresponds to the state of #statStateTcpMachine when an error occurs, and 2 corresponds to TCP_CONNECTING. So, we need to check the TCON error codes, where 8089 corresponds to “The CONNECT parameter does not point to a connection descriptor, or the connection descriptor is manually created.” or “The CONNECT parameter does not point to a data block.”
In the static variables of the library, I found a variable of type TCON named “instTcpConnect”. Then I searched the program; there are two calls in the program, and the code is the same, just judging based on #tcpConnParam.useQdn whether to use a domain name or IP address, calling with different parameters. My program is based on domain names, so I created a new variable TCON_QDN in the global data block, and then used this variable as a parameter to call instTcpConnect, modifying both calls. Download the program and test again, and the connection is successful!
First, go back to Alibaba Cloud and check the current device’s topic list to see which topics have publishing permissions. I found one in the custom topics, copied the topic name, and filled it into the publishTopic field of the variable of type “LMQTT_typePublishData” that I created earlier in the global data block. Then, I filled the content to be published into the publishMessageData field, keeping publishQoS at 0 and publishRetainFlag as false, as Alibaba Cloud does not support qos=2 or publishRetain. Then, I gave publishMessage a rising edge, and the topic was published. Going back to Alibaba Cloud, I could see the just-published topic in the logs.
I did not test subscribing; since publishing works, subscribing should also be fine.
Note: I referred to three documents: one is Alibaba Cloud’s documentation for connecting to the Alibaba Cloud IoT platform via MQTT.FX client, another is the Siemens LMQTT manual, and the last one is the MQTT protocol.
Using MQTT.fx to Access the IoT Platform
FB “LMQTT_Client” for SIMATIC S7-CPU
The MQTT protocol was downloaded and printed long ago; I won’t post the link; it’s easy to find.
Source: Siemens Forum
