What Is a Protocol?
Before understanding what Modbus is, let’s first look at what a protocol is.
A protocol is a Chinese term, pronounced as xié yì, meaning mutual agreement and negotiation; it is a document jointly recognized and adhered to after negotiations and discussions.
In simple terms, when we communicate between microcontrollers and between microcontrollers and host computers, different content specifications are defined, which both parties need to comply with in order to achieve communication.
There can be many types of protocol specifications to adapt to different devices and communication requirements. Common ones include IIC, SPI, UART communication protocols, etc. Modbus is also a serial communication protocol.
What Are RS-485 and RS-232?
When we look at Modbus, we often see 485 ports and 232 ports. What are these?
RS232 and RS485 are voltage level standards.
Data is transmitted between the two communicating parties, essentially transmitting physical voltage levels, for example, transmitting a 5V voltage -1V voltage signal. These physical signals can be affected by many interferences during transmission. For instance, a 5V voltage may arrive at the receiving end as 4.8V, and the reference voltages for high and low levels may differ between the two communicating parties.
At this point, a voltage level standard is needed to determine how many volts represent high level 1 and how many volts represent low level 0. This is how RS-485 and RS-232 were born.
RS232: It is an asynchronous transmission standard interface established by the Electronic Industries Association (EIA), corresponding to voltage standards and communication protocols (timing). Its voltage standard: +3V to +15V corresponds to 0, -3V to -15V corresponds to 1.
Full Duplex
Logical 1: -15V to -5V
Logical 0: +3V to +15V
RS485: RS485 is a serial interface standard that uses differential signaling for long-distance transmission, which is much more resistant to interference than RS232. A differential voltage of -2 to -6V indicates 0, while a differential voltage of +2 to +6V indicates 1.
Half Duplex
Logical 1: +2V to +6V
Logical 0: -2V to -6V
Note that the 485 voltage refers to the voltage difference between the two transmission lines, 485-A and 485-B, not the voltage on the transmission line.
If you want to learn more, you can continue reading:
USB to Serial TTL RS-232 RS-485 COM Port UART Differences
In other words, the RS-485 voltage standard determines whether the transmitted data is 0 or 1. Based on this, these byte data are exchanged according to the Modbus communication protocol.
Hardware layer protocols: solve the reliable transmission of 0 and 1, commonly include RS232, RS485, CAN, IIC, SPI …
Software layer protocols: solve transmission purposes, commonly include Modbus, TCP/IP, CANopen …
Modbus Protocol Explanation
Modbus was born in 1979 from Modicon, which was later acquired by Schneider Electric. Modbus provides a common language for devices to communicate with each other.
Modbus has become the industry standard for communication protocols in the industrial field and is now a commonly used connection method between industrial electronic devices. Modbus is currently the most widely used protocol in the industrial sector.
In simplest terms, Modbus is a bus communication protocol, like IIC or SPI, but it does not rely on a hardware bus.
The reason Modbus is widely used is due to its advantages.
Modbus protocol standards are open, publicly published, and have no copyright requirements.
Modbus supports multiple electrical interfaces, including RS232, RS485, TCP/IP, etc., and can be transmitted over various media, such as twisted pair, fiber optics, infrared, wireless, etc.
Modbus protocol message frame format is simple, compact, and easy to understand. Users find it easy to understand and use, while manufacturers can easily develop and integrate it, facilitating the formation of industrial control networks.
For example, the commonly used IIC communication protocol requires a physical connection to the IIC bus, along with pull-up resistors, and a specification for the high and low levels of the physical layer.
However, the Modbus protocol is an application layer message transmission protocol. The protocol itself does not define the physical layer but defines the message structure that controllers can recognize and use, regardless of the network used for communication. Therefore, it can adapt to various electrical interfaces and is widely used.
Modbus Communication Process
Note that Modbus is a master-slave communication protocol.
In Modbus communication, only one device can send requests. Other slave devices receive the data sent by the master and respond. The slaves are any peripheral devices, such as I/O sensors, valves, network drives, or other types of measuring devices. The slave station processes the information and uses Modbus to send its data to the master station.
This means that Modbus cannot communicate synchronously. The master can only send requests to one slave at a time, and only one piece of data is transmitted on the bus at each time, i.e., the master sends, the slave responds, and when the master does not send, there is no data communication on the bus.
Slaves cannot send messages to the master on their own; they can only reply to requests sent by the master.
Moreover, Modbus does not have a busy mechanism to determine if the slave has received the command from the master or is processing something else. In that case, it cannot respond to the master because the Modbus bus only transmits data without any arbitration mechanism. Therefore, software methods are needed to determine whether data is received correctly.
Example
Now, let’s discuss how Modbus data transmission works, which can be simply understood as making a phone call. It is a one-way communication phone call.
The master sends data, first needing the slave’s phone number (distinguishing each slave, each address must be unique), tells the slave what to do in the call, then sends the content, and finally asks the slave, “Did you hear me clearly? Did you hear wrong?”
Then the slave receives the call from the master and replies with the required content. The master receives the slave’s data, completing the communication process from master to slave.
It’s like a teacher calling you; the teacher dials your number and says, “Xiao Wang, I need you to send me something, the content is the weekly summary from last week.” You say okay, open your computer’s folder, and send your weekly report to the teacher. This is a communication process.
Modbus Storage Area
Since slaves store data, there must be a storage area, which requires file operations. We know that files can be divided into read-only (-r) and read-write (-wr) types.
Moreover, the stored data types can be divided into: Boolean values and 16-bit registers.
Boolean values, such as the high and low levels of IO ports, the on/off status of lights, etc.
16-bit registers, such as temperature data from sensors, stored passwords, etc.
The Modbus protocol specifies four storage areas: 0, 1, 3, and 4, where areas 1 and 4 are read-write, while areas 1 and 3 are read-only.
Moreover, Modbus also assigns address ranges to each area. When the master requests data from the slave, it only needs to tell the slave the starting address of the data and how many bytes of data to retrieve, and the slave can send the data to the master.
The Modbus data model specifies the exact address range, and each slave has actual physical storage corresponding to the Modbus storage area. The master reads and writes the slave’s storage area, which actually involves reading and writing the actual storage space corresponding to the slave device.
Types of Modbus Protocol
As mentioned above, Modbus can be transmitted over various media, and its transmission modes are divided into three types: ASCII, RTU (Remote Terminal Unit), and TCP.
There are multiple versions of the Modbus protocol for serial ports, but the most common are the following four:
Modbus-RTU
Modbus-ASCII
Modbus-TCP
ModbusPlus
Modbus RTU is a compact way of representing data in hexadecimal format, while Modbus ASCII is a method that uses ASCII code to represent data, with each 8-bit byte sent as two ASCII characters.
The RTU format includes a cyclic redundancy check (CRC) checksum for subsequent commands/data, while the ASCII format uses a longitudinal redundancy check (LRC) checksum.
When using the Modbus protocol over serial transmission, RTU or ASCII mode can be selected, specifying the message, data structure, commands, and response methods, and requiring data checks. The ASCII mode uses LRC checks, while the RTU mode uses 16-bit CRC checks. When transmitted over Ethernet, TCP is used, which does not require checks, as the TCP protocol is a reliable connection-oriented protocol.
Of course, the commonly used mode is RTU, while ASCII is rarely used.
For example, if we need to send the number 10, in RTU mode, we only need to send 0x0A, and the data transmitted on the bus would be: 0000 1010.
In ASCII mode, however, the data 1 and 0 are converted to ‘1’ and ‘0’, requiring the transmission of 0x31 (1) and 0x30 (0) as two bytes of data. The data transmitted on the bus would be: 0011 0001 0011 0000.
We will elaborate on this in detail later.
Modbus-RTU Protocol
Modbus message frame structure
A message is a data frame, and a data frame is a message: it refers to a complete set of command data, essentially a string of data.
Modbus messages refer to a frame of data sent from the master to the slave, which includes the slave’s address, the operation the master wants to execute, the checksum, and other content.
The Modbus protocol message format on serial links is as follows:
Slave Address: Each slave has a unique address, occupying one byte, with a range of 0-255, of which the valid range is 1-247, and 255 is the broadcast address (broadcast means sending a response to all slaves).
Function Code: Occupies one byte; the function code indicates what this instruction is for. For example, you can query data from the slave or modify data in the slave, so different function codes correspond to different functions.
Data: Depending on the function code, different functions apply. For example, if the function code is to query data from the slave, this includes the address of the data to be queried and the number of bytes to be queried.
Checksum: During data transmission, errors may occur, and the CRC check detects whether the received data is correct.
Modbus Function Codes
Modbus specifies multiple functions, and to facilitate the use of these functions, we assign a function code to each function, which is a reference code.
Modbus protocol simultaneously specifies more than twenty function codes, but only eight are commonly used for reading and writing storage areas, as shown in the following table:
Of course, the ones we use most are 03 and 06, one for reading data and the other for modifying data.
CRC Check
Error checking (CRC) occupies two bytes, containing a 16-bit binary value. The CRC value is calculated by the transmitting device and then appended to the data frame. The receiving device recalculates the CRC value upon receiving the data and compares it with the value in the received CRC field. If these two values are not equal, an error has occurred.
For example, if the master sends 01 06 00 01 00 17 98 04, the 98 04 two bytes are the checksum, then the slave must recalculate the CRC based on 01 06 00 01 00 17 and check if the calculated CRC matches the received CRC (98 04 from the master). If they do not match, the data transmission has an error, and this data should be discarded.
CRC Check Process:
1. Pre-set a 16-bit register to 0FFFFH (all 1s), called the CRC register.
2. XOR the first byte’s 8 bits in the data frame with the low byte of the CRC register, and store the result back in the CRC register.
3. Shift the CRC register one bit to the right, filling the highest bit with 0, and shifting out the lowest bit for detection.
4. If the lowest bit is 0: repeat step three (next shift); if the lowest bit is 1: XOR the CRC register with a preset fixed value (0A001H).
5. Repeat steps three and four until eight shifts are completed. This process completes one complete eight-bit cycle.
6. Repeat steps two to five to process the next eight bits until all bytes are processed.
7. The final value of the CRC register is the CRC value.
Additionally, there is a method to calculate CRC using a preset table, which is characterized by fast computation but requires significant storage space for the table; this method will not be elaborated here.
Next, let’s look at detailed sending and receiving data:
1. Master reading data from slave
The master’s message format is as follows:
Meaning:
0x01: Slave address
0x03: Query function to read data from the slave register
0x00 0x01: Indicates the starting register address to read, meaning to start reading from 0x0001.
0x00 0x01: Number of registers to query is 0x0001. Modbus stores data in registers, and querying registers retrieves the values of different variables, with one register address corresponding to 2 bytes of data; the register address corresponds to the actual storage address of the slave.
0xD5 0xCA: Cyclic Redundancy Check (CRC)
The slave’s reply message format is as follows:
Meaning:
0x01: Slave address
0x03: Query function to read data from the slave register
0x02: Number of bytes returned is 2 (one register = 2 bytes)
0x00 0x17: The value of the register is 0017
0xF8 0x4A: Cyclic Redundancy Check (CRC)
2. Master writing data to slave
The master’s message format is as follows:
Meaning:
0x01: Slave address
0x06: Modify function to change data in the slave register
0x00 0x01: Indicates the starting register address to modify, meaning to modify the storage content from 0x0001 to 0x0003.
0x00 0x17: The value to be modified is 0017
0x98 0x04: Cyclic Redundancy Check (CRC)
The slave’s reply message format is as follows:
Meaning:
0x01: Slave address
0x06: Modify function to change data in the slave register
0x00 0x01: Indicates the starting register address to modify, meaning it is 0x0000.
0x00 0x17: The modified value is 0017
0x98 0x04: Cyclic Redundancy Check (CRC)
The slave’s reply is the same as the master’s sending; if they differ, it indicates an error.
Modbus-ASCII Protocol
In the message, each byte is sent as two ASCII characters.
Hexadecimal 0-F corresponds to ASCII characters 0…9, A…F.
That is, 0x30~0x3A and 0x41~0x46.
Below is the ASCII message frame:
1 byte start bit
2 bytes address bit
2 bytes function bit
n data bits, with the least significant bit sent first
LRC (Longitudinal Redundancy Check) – note the different checksum method
End character \r \n
As you can see, the data part is more complicated; normally, we use RTU format, and the ASCII format is just for understanding.
Summary:
Modbus ASCII has a start character (and end character (CR LF)) which can serve as indicators for the start and end of a frame of data. In contrast, Modbus RTU does not have such markers and needs to rely on time intervals to determine the start and end of a message frame. The protocol specifies a time of 3.5 character periods, meaning that before a frame of data begins, there must be a period of more than 3.5 character periods of idle time, and after a frame of data ends, there must also be 3.5 character periods of idle time; otherwise, a sticky packet situation may occur.
Note: The 3.5 character period is a specific time, but this time is related to the baud rate.
In serial communication, one character includes 1 start bit, 8 data bits (in normal situations), 1 parity bit (or none), and 1 stop bit (in normal situations). Therefore, one character comprises 11 bits, and 3.5 characters correspond to 38.5 bits. Baud rate indicates the number of binary bits transmitted per second, so if the baud rate is 9600, 3.5 character periods = 9600/38.5 = 0.00401s * 1000 = 4.01ms.
Modbus-TCP Protocol
First, let’s look at the differences between Modbus-TCP and Modbus-ASCII.
Modbus-TCP does not require a slave address but needs an MBAP message header.
Moreover, it does not require error checking since TCP itself has error-checking capabilities.
The MBAP message header format is as follows:
Where transaction processing indicates the protocol identifier, which we normally set to 0; the length is 6 bytes, 0x0006.
In simple terms, Modbus-TCP is based on Modbus-ASCII, removing the checks and adding five bytes of 0 and a 06.
Copyright Statement: This article is an original work by CSDN blogger “Z Xiao Xuan”.
Original link: https://blog.csdn.net/as480133937/article/details/123197782
Get Electrical Software for Free
Scan the QR code below↓↓↓
To get it "for free"
Like it here
Get Electrical Materials for Free, click to read the original text