Modbus
The Modbus protocol is a communication protocol based on a master / slave or client / server architecture . It was launched in 1979 by Gould- Modicon for communication with its programmable logic controllers . In the industry, Modbus has become a de facto standard because it is an open protocol. The Modbus TCP version has been part of the IEC 61158 standard since 2007 .
Basics
A master (e.g. a PC) and several slaves (e.g. measuring and control systems) can be connected using Modbus. There are two versions: One for the serial interface ( EIA-232 and EIA-485 ) and one for Ethernet .
There are three different operating modes for data transmission:
- Modbus RTU
- Modbus ASCII
- Modbus TCP
Each bus participant must have a unique address. The address 0 is reserved for a broadcast . Each participant can send messages via the bus. Usually, however, this is initiated by the master and an addressed slave replies.
Read and write access is possible to the following object types:
Object type | access | size | Function code |
---|---|---|---|
Single input / output "Coil" | Read Write | 1-bit | 01/05/15 |
Single input "Discrete Input" | just read | 1-bit | 02 |
(analog) inputs "Input Register" | just read | 16-bits | 04 |
(analog) inputs / outputs "Holding Register" | Read Write | 16-bits | 03/06/16 |
RTU Modbus
Modbus RTU (RTU: Remote Terminal Unit ) transmits the data in binary form. This ensures a good data throughput, but the data cannot be evaluated directly by humans, but must first be converted into a readable format.
Protocol structure
In RTU mode, the start of transmission is marked by a transmission pause of at least 3.5 times the character length. Depending on the operating mode of the UART, a character has a length of 10 to 12 bits (depending on the number of stop bits and the presence of a parity bit). The length of the pause in transmission therefore depends on the transmission speed. This must be strictly adhered to at low data rates. With a bit rate of more than 19200 bps, a fixed pause time of 1.75 ms can be used. The address field consists of eight bits that represent the recipient address. When it replies to the master, the slave sends this address back so that the master can assign the reply. The function field consists of 8 bits. If the slave has received the request from the master correctly, it answers with the same function code. If an error has occurred, it changes the function code by setting the most significant bit of the function field to 1. The data field contains information about which registers the slave should read out and from which address they begin. The slave uses the read data (e.g. measured values) there in order to send them to the master. In the event of an error, an error code is transmitted there. The field for the checksum, which is determined using CRC , is 16 bits. The entire telegram must be transmitted in a continuous data stream. If a transmission interruption occurs between two characters that is longer than 1.5 characters, the telegram is to be assessed as incomplete and should be rejected by the recipient.
begin | address | function | Data | CR check | The End |
Waiting time (min. 3.5 characters) | 1 byte | 1 byte | n bytes | 2 bytes | Waiting time (min 3.5 characters) |
ASCII Modbus
In the Modbus ASCII no binary sequence is transmitted , but ASCII code . This means that it can be read directly by humans, but the data throughput is lower compared to RTU.
Protocol structure
In ASCII mode, messages begin with a preceding colon; the end of the message is marked by the string Carriage return - Line feed ( CRLF ).
The first two bytes contain two ASCII characters that represent the address of the recipient. The command to be executed is encoded on the next two bytes. The data follow over another n characters. An LRC is carried out over the entire telegram (without start and end markings) to check for errors . If there is a pause of> 1 s during the transmission of a frame, the frame is evaluated as an error. The user can configure a longer timeout.
begin | address | function | Data | LR check | The End |
1 character (:) | 2 characters | 2 characters | n characters | 2 characters | 2 characters (CRLF) |
Modbus / TCP
Modbus / TCP is very similar to RTU, except that TCP / IP packets are used to transfer the data. The TCP port 502 is reserved for Modbus / TCP. Modbus / TCP has been specified in the IEC 61158 standard since 2007 and is referenced in IEC 61784-2 as CPF 15/1.
Protocol structure
Transaction number | Protocol identifier | Number of bytes remaining | address | function | Data |
2 bytes | 2 bytes (always 0x0000) | 2 bytes ( n + 2) | 1 byte | 1 byte | n bytes |
Since no CRC checksum bytes have to be calculated here, the implementation of a driver for the TCP interface is easier than for the serial interface, provided that an existing TCP implementation can be used.
MODBUS / TCP Security Protocol
In October 2018, a secure variant of the Modbus / TCP protocol based on Transport Layer Security (TLS) was published. This uses X.509 v3 digital certificates to authenticate the server and client. This is to prevent attacks on networked Modbus / TCP components (e.g. man-in-the-middle attacks). The secure Modbus / TCP also offers role-based access control. It uses the TCP port 802. The protocol is described in the MODBUS / TCP Security Protocol Specification.
Web links
- Modbus-IDA Independent User Organization , with detailed specifications
- Modbus specification via serial line (English, PDF; 326 kB), with data link layer and physical layer (also pin assignment)
- Modbus library in C , open source and with documentation (English)
- Modbus libraries for .NET, Java and Python , with documentation and code examples
Individual evidence
- ↑ Modbus Organization, Inc .: MODBUS over Serial Line - Specification and Implementation Guide. Modbus Organization, Inc., accessed March 27, 2020 .
- ↑ Modbus Organization, Inc .: PRESS RELEASE Modbus Security - New Protocol to Improve Control System Security. Modbus Organization, Inc., October 29, 2018, accessed January 25, 2019 .
- ↑ Modbus Organization, Inc .: MODBUS / TCP Security Protocol Specification. Modbus Organization, Inc., accessed January 25, 2019 .