RK512
The RK512 protocol is used to access the internal memory areas of a Siemens PLC of the S5 series.
In the OSI model , RK512 is on layer 4, the transport layer (since individual areas of the target system are addressed). The 3964R protocol usually runs under RK512 (on layer 2). The network layer (layer 3) is omitted because it is a point-to-point communication and therefore no target system has to be addressed.
Protocol sequence
An RK512 transaction consists of a command telegram and a response telegram. The initiator of the transaction controls the data transfer to or from the partner system. A distinction is made between two types of job: SEND (data transfer to the partner system) and FETCH (request to partner and data transfer to initiator).
Telegram structure
A SEND command and a FETCH response consist of a telegram header and the following data, while SEND responses and FETCH commands only have a telegram header (without data). The telegram header differs between command and response.
Command telegram header
The telegram header of a command telegram consists of 10 bytes:
| byte | meaning |
|---|---|
| 1-2 | Telegram ID |
| 3 | Order type |
| 4th | Data area |
| 5-6 | Data destination or source |
| 7-8 | Length of the data |
| 9 | Coordination flag |
| 10 | Coordination flag bit (bits 0-3) and CPU number (bits 4-7) |
| (11-?) | (Data for the SEND job) |
Mean:
- Telegram ID
- 0x00 0x00: start telegram
- 0xFF 0x00: ( hex ) Follow-up telegram if more than 128 bytes of data are transmitted
- Order type
- 'A': SEND job in data block as target
- 'O': SEND job in extended data block as target
- 'E': FETCH order
- Data area
- 'D': data block
- 'X': extended data block
- 'E': input bytes
- 'A': output bytes
- 'M': memory bytes
- 'P': peripheral bytes
- 'Z': counter
- 'T': timer
- 'S': Absolute memory addresses
- 'B': (operating) system addresses
- Data destination / source
- Block number (byte 5) and offset (byte 6)
- Byte, counter or timer number
- Memory address (in big endian byte order )
- Data length
- Number of bytes to be transmitted (inputs, outputs, flags, peripherals) or words
- in big-endian byte order
- Coordination flag
- indicates successful processing of the command
- Specification as flag byte (byte 9) and bit in this byte (byte 10, bits 0-3)
- No coordination flag is represented as flag 255, bit 15
- CPU number
- Number of the CPU being accessed
- No specification (all CPUs) is shown as 0 (if there is a coordination flag) or 0xF (without a coordination flag)
Response telegram header
The telegram header of a response telegram consists of 4 bytes:
| byte | meaning |
|---|---|
| 1-2 | Telegram ID |
| 3 | Order type |
| 4th | status |
| (5-?) | (Data for FETCH order) |
Mean:
- Telegram identification (analogous to the command)
- 0x00 0x00: start telegram
- 0xFF 0x00: ( hex ) Follow-up telegram if more than 128 bytes of data are transmitted
- Order type
- 0x00: response telegram
- status
- 0x00: Processing successful
- > 0x00: error number
swell
SIMATIC S5 CP 544 manual, Chapter 3.6: Protocol definition of the computer link RK512