Modbus Protocol Tutorial : Frame Formats for RTU, ASCII and TCP Communication
Modbus is a communication protocol developed by Modicon (now Schneider Electric) in 1979 for use with its programmable logic controllers (PLCs). It has become a standard communication protocol and is widely used in industrial applications for connecting electronic devices. Modbus enables communication between many devices connected to the same network, including sensors, instruments and other devices. It is known for its simplicity and reliability. Let us learn Modbus protocol working including its various frames for RTU, ASCII and TCP communication with examples.
What is Modbus Protocol ?
Introduction:
"Modbus" term is a trademark of Modicon Inc. which maintains the standard.
It is a application layer protocol which is based on client/server architecture
between the devices connected on different types of buses or networks.
This Modbus protocol is used in SCADA style of network communication
between the devices.
Modbus protocol runs on top of RS232, RS422 and RS485. There is a specification for Modbus/TCP defined for IP based link layer for Modbus frames. There are many protocols for industrial automation and metering. The Modbus protocol is based on query/response model. The enlarged view of the "Query message" and "response message" with their fields (i.e. contents) are shown in the following figure.
• As shown, both query and response messages consist of start (0x3A) and end (0x0D0A) delimiters.
• Query message consists of fields which include device address, function code,
query data and error check.
• Response message consists of fields which include device address, function code,
response data and error check.
How modbus works
Modbus operates on a master slave (or client-server) model. A master device initiates communication with a slave device, requesting information or sending commands. The slave device responds to the master's request, providing the requested data or acknowledging the command. Modbus architecture provides complete control to the master for flow of information.
This has great merits over the previous multidrop networks using RS422/RS485 etc. Modbus can use various transmission modes, including Modbus RTU, Modbus ASCII, and Modbus TCP.
• As shown in the figure, Modbus request message is a layered set of data. Controllers can be setup to communicate on standard Modbus networks using either of two transmission modes: ASCII or RTU. Users select the desired mode, along with the serial port communication parameters (baud rate, parity mode, etc), during configuration of each controller. The mode and serial parameters must be the same for all devices on a Modbus network.
• The selection of ASCII or RTU(remote terminal unit) mode pertains only to standard Modbus networks. It defines the bit contents of message fields transmitted serially on those networks. It determines how information will be packed into the message fields and decoded.
• When controllers are setup to communicate on a Modbus network using ASCII mode, each eight-bit byte in a message is sent as two ASCII characters. The main advantage of this mode is that it allows time intervals of up to one second to occur between characters without causing an error.
• When controllers are setup to communicate on a Modbus network using RTU mode, each eight-bit byte in a message contains two four-bit hexadecimal characters. The main advantage of this mode is that its greater character density allows better data throughput than ASCII for the same baud rate. Each message must be transmitted in a continuous stream.
• In either of the two serial transmission modes (ASCII or RTU), a Modbus message is placed by the transmitting device into a frame that has a known beginning and ending point. This allows receiving devices to begin at the start of the message, read the address portion and determine which device is addressed , and to know when the message is completed. Partial messages can be detected and errors can be set as a result.
• As shown Modbus protocol works on master-slave model. One device on the bus or network can initiate transactions (referred as queries) which can address individual slave devices or broadcasts to all the slave devices. The slave device take action as per the Modbus frame received and respond if required in the form of "response frame".
• The transmission mode defines framing and bit encoding of the messages to be transmitted on the Modbus network.
Modbus ASCII Frame
The figure depicts ASCII mode of Modbus frame. As shown in ASCII mode, each byte is encoded on serial link as 2 ASCII characters. Each ASCII character is transmitted as 1 start bit, 7 data bits, zero or 1 parity bit, one or two stop bits
Modbus RTU Frame
The figure depicts RTU mode of Modbus frame. As shown in RTU (Remote terminal unit) mode, the message is transmitted in a continuous stream format. Each 8 bit byte is framed by 1 start bit, 8 data bits, 0 or 1 parity bit, 1 or 2 stop bits. The message itself starts after a silent period of at least 3.5 character times.
Modbus message structure fields
➤Let us understand major fields used both in ASCII mode and RTU mode.
Modbus Address: Modbus message starts with 8 bit target address.
This can take any value from 0 to 247.
Here 0 is used as broadcast address and rest are used as unique device addresses.
Modbus Functions: The function code contains 2 characters (in ASCII mode)
and 8 bits (in RTU mode)/ It takes any value from 1 to 255 and are selected
as per application profile.
Modbus Data Field: This data field convey application level
information as desired by different Modbus function.
If function contains variable size of data,
it begins with "byte count" in this position.
Modbus Error Check Field: This field is used as error detection.
It is also known as "Checksum".
Modbus TCP Frame
Unlike RS232 and RS485, Modbus TCP uses TCP/IP protocol to carry Modbus message. Figure depicts mapping of Modbus protocol in TCP/IP and OSI protocol stacks.
• Modbus TCP provides TCP/IP access to the Modbus functionality.
• Each Modbus request/response is sent over a TCP connection established between
the master and the slave, using well known port 502.
• The TCP connection may be reused for several query/response exchanges.
• The byte content of the modbus request/response frames
(i.e. without framing start-stop-parity bits specific to the serial physical
layer) is simply transported over the TCP connection, in big indian order.
The only addition of Modbus TCP is to add a seven-byte message prefix.
➤Ref ref 00 00 00 len unit
• The "ref" bytes are simply copied by the slave from the request,
and may be used as a handle by the master. The length information in the message
prefix allows proper reassembly of the Modbus message when
it has been segmented in several IP packets.
• The slave address has been renamed "unit identifier" and is contained in unit.
The rest of the message conforms to the regular Modbus structure, but the error check fields
may be omitted for obvious reasons.
Profibus vs Modbus
Following table mentions comparion between Profibus and Modbus with respect to various parameters.
| Features | Profibus | Modbus |
|---|---|---|
| Mode of operation | Operates in multi master mode using RS485. | Operates on only single master mode using ASCII/RTI. |
| Use of ethernet | Can not operate on ethernet, but profinet operates on ethernet which is not same as profibus. | Can run on ethernet using TCP/IP protocols. |
| Physical medium | twisted pair, fiber | Modbus does not define physical medium. It defines message structure which can be used over any physical medium. However Modbus RS485 is popular among all. |
| Speed of transmission | Operates at different speeds of transmission from 1.2 Kbps to 12 Mbps. | Modbus RS485 supports seed of transmissions upto 115 Kbps or upto 19.2 Kbps. |
| distance coverage | 32 stations use profibus for distances upto 1200 meters, while 2 stations communicate at speed of 500 kbps for distances upto 400 meters. Low speed transmission supports higher distances while high speed transmission supports lower distances. | Modbus RS485 cable should be less than 700 meters. |
| Number of master and slave devices | Upto 126 devices (masters and slaves) are connected on single profibus network. | Modbus master actually supports 247 slave devices. The number of slave devices including master connected on main cable are 32 due to RS485 protocol limitation. To support more than 32 repeater is used. |
| Future use | Individually use of profibus was fine, but its specialized charateristics combined with RS485 is going to be obsolete. However specialized sensor/actor fieldbus devices have increased their market penetration in automation industry now and in future. | Due to simple protocol, it has become popular as one of the main ethernet protocols in automation industry. The other older versions are RS232, RS422, RS485 etc. Devices are used on the bus with and without addresses. |
| Application | It is very robust protocol which can be used to automate entire plants. It is used where there are more points and multiple vendor equipments are to be automated. | It is very simple protocol which can be used to interface single controller in point-to-point mode of configuration. It is used for small plant automation. |
Modbus Application Examples
The modbus protocol can be implemented in various systems like RS485/RS422.
• Zigbee to Modbus RTU/TCP Gateway
• Real time inventory control such as pick to light, put to light etc.
• Industrial automation
• Smart metering
Summary
Modbus is a versatile protocol that supports multiple transmission modes, each with its own frame format. Modbus RTU is efficient for serial communication, Modbus ASCII is easier to read and debug, and Modbus TCP integrates well with modern Ethernet networks. Each mode ensures reliable data exchange between master and slave devices, making Modbus a widely used standard in industrial automation and control systems.