1. Design Philosophy of Modbus Protocol
Modbus devices communicate using a master-slave (client-server) architecture, where only one device (the master/client) can initiate transactions (referred to as queries). Other devices (slave/server) respond by providing requested data or performing operations as requested in the query. Slaves are any peripheral devices (I/O converters, valves, network drives, or other measurement devices) that process information and send their output to the master using Modbus.
The master can address a single slave or broadcast messages to all slaves. Slave servers will return responses to all queries sent to them individually but will not respond to broadcast queries. Slave servers do not initiate messages themselves; they only respond to queries from the master.
The master query will include a slave address (or broadcast address), a function code defining the requested operation, any required data, and an error-checking field. The response from the slave consists of an acknowledgment of the action taken, any data to be returned, and an error-checking field.
Note that both queries and responses include device addresses, function codes, applicable data, and error-checking fields. If no error occurs, the response from the slave contains the requested data. If an error occurs in the received query, or if the slave cannot perform the requested operation, the slave will return an exception message as a response.
The error-checking field in the slave message frame allows the master to confirm that the content of the message is valid. Traditional Modbus messages are transmitted serially, and parity is also applied to each transmission character in its data frame.
At this point, it is important to distinguish that Modbus itself is an application protocol, as it defines the rules for organizing and interpreting data, but it is still merely a messaging structure independent of the underlying physical layer.
2. Modbus TCP
The Modbus message structure is an application protocol that defines the rules for organizing and interpreting data independent of the data transmission medium.
TCP/IP refers to the Transmission Control Protocol and Internet Protocol, providing the transmission medium for Modbus TCP/IP messages.
Note: The primary function of TCP is to ensure that all packets are correctly received; TCP/IP is merely a transport protocol and does not define the meaning of the data or how the data is interpreted, which is the job of the application protocol.
Essentially, Modbus TCP/IP messages are just Modbus communications encapsulated in Ethernet TCP/IP wrappers. Modbus TCP embeds standard Modbus data frames into TCP frames, without a Modbus checksum, as shown in the figure below.
You might wonder why the Modbus error-checking field is not used compared to the serial version of Modbus RTU.
This is because TCP/IP is a reliable transport that uses standard Ethernet TCP/IP link-layer checksum methods to ensure data integrity.
3. Message Introduction
Let’s refer to this diagram. From the figure, it can be seen that the function code and data fields remain the same as in the original form.The Modbus TCP/IP Application Data Unit (ADU) consists of a 7-byte header (transaction identifier + protocol identifier + length field + unit identifier) and a Protocol Data Unit (function code + data).The MBAP header is 7 bytes long and includes the following fields:
- Transaction/Invocation Identifier (2 bytes): This identifier is used for transaction pairing when the client sends multiple messages over the same TCP connection without waiting for a previous response.
- Protocol Identifier (2 bytes): This field is always 0 for Modbus services; other values are reserved for future extensions.
- Length (2 bytes): This field is the byte count of the remaining fields, including the unit identifier byte, function code byte, and data field.
-
Unit Identifier (1 byte): This field is used to identify remote servers located on non-TCP/IP networks (for serial bridging). In typical Modbus TCP/IP server applications, the unit ID is set to 00 or FF, ignored by the server, and simply echoed back in the response.
The complete Modbus TCP/IP Application Data Unit is embedded in the data field of a standard TCP frame and sent via TCP to system port 502, which is reserved specifically for Modbus applications.Modbus TCP/IP clients and servers listen and receive Modbus data through port 502.
We can see that the operation of Modbus over Ethernet is almost transparent to the Modbus register/command structure. Therefore, if you are already familiar with the operation of traditional Modbus, you are already very familiar with the operation of Modbus TCP/IP.
Source: Embedded Intelligence Bureau
Note:
Due to recent changes in the WeChat public platform push rules, many readers have reported not seeing updated articles in a timely manner. According to the latest rules, it is recommended to frequently click on “Recommended Reading, Share, Collect,” etc., to become a regular user.
Recommended Reading:
-
Just in! Another new energy vehicle company has filed for bankruptcy!
-
A certain company is criticized for offering only 300 yuan monthly salary for interns trending on social media!
-
Big move! Huawei establishes a new company with 870 million, suspected of entering a new field.
Please click 【View】 to give the editor a thumbs up.
