Hello, everyone! I'm the paymaster.
It has been more than 10 years since I started to contact Modbus protocol in 2012, from the beginning of ignorance, to later epiphany, and now enlightenment, it has always been stalwart, what has changed is my perception and understanding of it.
Today I'd like to talk to you about the Modbus protocol.
Development History
Modbus was born in 1979 and has been around for over 40 years.
Modbus was born at a specific time. 1969 saw the invention of the first PLC to solve the problem of digital circuits replacing traditional relay control, and 10 years later Modbus was invented to solve the problem of communication between PLCs.
Over the years, it has been widely used in a variety of products in the industrial automation field by virtue of its free and open, simple and easy-to-understand features.
When Modicon first invented Modbus, it was mainly for serial devices, i.e. ModbusRTU and ModbusASCII protocols, on which Schneider later invented ModbusTCP for Ethernet devices.
The birth and development of Modbus protocol is the inevitable result of the technological progress in the field of industrial automation. The data interaction between various industrial equipments inevitably requires an efficient and reliable protocol to support.
Even if Modicon hadn't invented Modbus in 1979, maybe Endicon would have invented a Nodbus out of it in 1989.protocol basis
Modbus protocol can be said to be the basis of all protocols, learning the upper computer development is naturally inseparable from it.
I think there are two levels of learning Modbus, the first is the application level and the second is the messaging level.
The application level allows us to easily implement device communication with the help of open source communication libraries; while the message level allows us to write our own communication libraries.
Some people may ask this question, since there are open source communication libraries, can we not learn Modbus protocol messages, and directly use the off-the-shelf communication libraries?
Initially it may be possible, but in the long run, since you have chosen the path of the host computer, you will inevitably encounter a variety of protocols in the future, and the Modbus protocol is precisely a very good opportunity to learn and practice.
We use it as a springboard; we learn it not only to use it, but also to build a solid foundation for understanding other protocols. So don't miss this opportunity when you're first learning it, or you'll fold.
Storage Area Classification
I like to present the Modbus protocol from the point of view of the protocol makers and in the context of things around them.
Let's first clarify that the purpose of the protocol is to enable data interaction.then (in that case)
Well, let's start with the [data], the data will certainly need a carrier, naturally, the concept of the storage area, the storage area is similar to our computer hard disk.
Hardware should be partitioned and storage areas should be categorized.
As for how to categorize them, first we thought of categorizing them according to data type, but it's impossible to categorize one for each data type, that would be too much, we separated Boolean and non-Boolean, hence the concept of coils and registers.
In electrical circuits, contactors and relays are controlled by coils gaining and losing power, so coils are used to represent Booleans, while registers are also used to store data in PLCs, so registers are used to represent non-Booleans, and a register represents a Word.
Modbus is more similar to Japanese and domestic PLCs, with coil storage areas similar to X, Y, and M storage areas, and register storage areas similar to D, W, and H storage areas.
X and Y are also coil storage areas, X denotes input and Y denotes output, input means that the data in this storage area is accessed by an external device and is read-only, output means that the output is given to an external device and is readable and writable.
Therefore, the coil and register storage areas of Modbus need to be further subdivided according to the read/write characteristics, thus forming the 4 storage areas of Modbus as shown in the table below:
serial number | fill out or in (information on a form) | Storage type | Storage Area Name |
1 | read-only (computing) | transformers | Input Coil |
2 | fill out or in (information on a form) | transformers | output coil |
3 | read-only (computing) | processor register | input register |
4 | fill out or in (information on a form) | processor register | Holding Register |
Storage Area Designator
Storage area name is a complete name, the actual application of the time will be more trouble, so we will give these storage areas to take a code name, this and PLC is the same, PLC we only say X area, Y area, D area, except that the PLC uses the letter as a code name, and Modbus uses the number, so there is a storage area code table:Storage Area Name | Storage Area Designator |
Input Coil | Zone 1 |
output coil | Zone 0 |
input register | Zone 3 |
Holding Register | Zone 4 |
There is no Zone 2 in this storage area designation, and there is really no reason for this; perhaps it is that Modicon simply does not like the number 2, as we do in this country.
Modbus address
Any storage area is a range, such as Siemens M area is only 8192 bytes, Mitsubishi D area has 8000 words, high-end series has 18000 words, our computer hard disk is also, the previous 500G is very large, and now it is easy to 1T, 2T, there is a range of the end of the day, so the storage area of the Modbus also has a range of infinite size is impossible.
The Modbus protocol is such that each memory area may hold up to 65536 coils or registers, which is a large enough range. Memory addresses start at 0, so for each memory area the address range is from 0 to 65535.
Storage Area Name | storage area address |
Input Coil | 0-65535 |
output coil | 0-65535 |
input register | 0-65535 |
Holding Register | 0-65535 |
This will encounter a problem, for example, if you tell someone that the address is 100, the other person does not know which storage area is 100, because each storage area has 100, so how to solve this problem?
Let's look at how the PLC is defined, first of all, look at a PLC variable address, such as D100, this D100 is a combination of D + 100, D is the storage area designation, 100 is the address offset, so that the address model directly contains the storage area, here D100 we can understand as an absolute address, and the address offset 100 can be interpreted as a relative address after.
The so-called absolute address is the address name, you can clearly know what storage area is the first location of the data, while the relative address is the address offset, so the absolute address is unique, while the relative address, each storage area has.
Modbus still adheres to this formula: absolute address = memory area designator + relative address.
Modbus is different from PLC in two ways:
1, PLC's storage area code is a letter, so you can directly splice, but the Modbus storage area code is digital, if you directly splice, it will lead to address confusion, such as the 10th address of the 4 area, called 410, and the 0 area of the 410 address is also 410, so it is necessary to ensure that the total length of a fixed, relative address is always accounted for the 5-bit, insufficient to make up for the 0, and so there is a form of the following, the The table is only the current understanding of the table, not the final correct table:
2, Modbus protocol regulations: to maintain the register storage area, for example, the first address is not 400000, but 400001, this is determined by the Modbus statute, other storage areas are the same reason.Therefore the correct Modbus storage area range is shown in the table below:
As mentioned earlier, 65536 is a very large range, in practice, we may not even use so many addresses. So for ease of use, there is a short address model, that is, 5-bit address model, the front is called the long address model, that is, 6-bit address model, short address model storage area range is shown in the table below:
It wasn't until here that we saw the familiar 40001, and this is how the address 40001 gradually evolved.
function code
Let's go back to the original point, the purpose of the protocol is to enable data interaction.
The previous section has been centered around [Data], and the following section explains around [Interaction].
Interaction as reading and writing.
We already have 4 different storage areas, so our reading and writing to these storage areas will inevitably result in many different behaviors, such as reading the output coil and writing the output coil, i.e., 2 different behaviors. Let's give these behaviors a code name, i.e. function code.
A function code is a designator for Modbus read and write behavior.
So how many different behaviors would there be?
Reading and writing are 2 different actions, and the object is 4 storage areas, the permutation is 2 * 4 = 8, but the input coil and input registers can not be written, so 8-2 = 6, as shown below:
serial number | concrete action |
1 | Read Input Coil |
2 | Read Output Coil |
3 | Read input registers |
4 | Read Holding Register |
5 | Write Output Coil |
6 | Write Holding Registers |
function code | Functional Description |
0x01 | Read Output Coil |
0x02 | Read Input Coil |
0x03 | Read Holding Register |
0x04 | Read input registers |
0x05 | Write to individual coils |
0x06 | Write to a single register |
0x0F | Write multiple coils |
0x10 | Write to multiple registers |
Modbus protocol in addition to these eight commonly used read and write function codes, there are a number of function codes used to diagnose abnormalities, but generally seldom used, understanding can be.
Protocol Classification
The Modbus protocol is an umbrella term for three protocol families, ModbusRTU, ModbusASCII and ModbusTCP.
We often say that Modbus communication is performed between A and B. This statement is not rigorous and should clearly indicate exactly which communication protocol is used.
Generally, ModbusRTU and ModbusASCII are used for serial communication, and ModbusTCP is used for Ethernet communication. However, this is not absolute, because the Modbus protocol is only an application layer protocol, and does not specify the physical layer, e.g., the ModbusRTU protocol can also be used for data transfer in Ethernet.
If accurately divided, there should be 7 different communication methods, we actually mainly use ModbusRTU and ModbusTCP, the others are less used.
message format
ModbusRTU, ModbusASCII, ModbusTCP for the three different protocols, in the study, do not need to learn three times, as long as a certain kind of understanding, the other two are very easy to get started, generally we ModbusRTU as the entry point to learn ModbusRTU protocol, ModbusASCII understanding can be, and then study the ModbusTCP protocol, the following are the three protocols to explain the message format:
1, ModbusRTU common message format is as follows: the first part: slave address, accounting for 1 byteThe second part: function code, occupies 1 byte
Third part: data part, occupying N bytes
Part 4: Checksum part, CRC checksum, takes up 2 bytes2. The common message format of ModbusASCII is as follows:
Part I: Start character (:)
The second part: slave address, occupies 2 bytes
Part III: Function code, occupying 2 bytes
Part IV: Data part, occupying N bytes
Part V: Checksum section, LRC checksum, takes up 2 bytes
Part VI: Terminating characters (CR LF)3. The common message format of ModbusTCP is as follows:
First part: transaction identifier, occupies 2 bytes
Second part: protocol identifier, occupies 2 bytes
Third part: length, occupying 2 bytes
Part IV: Unit identifier, occupying 1 byte
Part V: Function code, occupying 1 byte
Part VI: Data part, occupying N bytesSpecific messages are described through later articles.
Modbus is very inexpensive to learn because the protocol is publicly available for free, and there is a wealth of debugging tools that make it possible to learn the Modbus protocol thoroughly without even purchasing any hardware.
Of course, if you have the means, buying some hardware to go along with your studies is even better.