MODBUS – Glad You Asked! (Part 2)

Last time my Modbus article focused on general Modbus questions. This article answers questions specifically related to the protocol.

How does the Modbus Protocol work?
Modbus uses the traditional Master/Slave architecture: the Master sends a message and a Slave responds. A message contains a function code that identifies the action the Modbus device must execute. Even though the specifications define a number of function codes, there are only about six that are ever used. Three of the function codes instruct the device to return values from the device’s address space, and three provide values and instruct the device to write those values into the address space.

What does Modbus RTU mean?
Modbus RTU is a version of Modbus in which data is transferred as binary values. In the earlier versions of Modbus, data was transmitted as encoded ASCII – see Modbus ASCII below. In Modbus RTU, the value 65, for example, (which also can be represented as 41 hexadecimal and 0100 0001 binary) is transmitted as a single byte with its binary pattern.

What is Modbus ASCII?
In Modbus ASCII, values are transmitted by encoding and transmitting their hexadecimal values as ASCII characters. The value 1234, for example, is converted to four ASCII characters; ‘1’, ‘2’, ‘3’ and ‘4’. These ASCII characters are also represented internally as hexadecimal values 31, 32, 33 and 34. In Modbus ASCII, each nibble of the hexadecimal values is transmitted as an ASCII character so the values transmitted for the value 1234 are the characters 3, 1, 3, 2, 3, 3, 3 and 4. Modbus ASCII representation, as you no doubt can understand from this example, is exceedingly tedious and slow. Not only does the sender have to decompose and convert the value, the receiver has to do it in reverse. But that kind of processing was perfect for the slow teletype kinds of systems that were often used in years past. Modbus ASCII is (hopefully) no longer used in industrial systems.

How many Master devices can I have in a Modbus network?
Serial Modbus (Modbus RTU) is a single Master network with up to 32 Modbus Slave devices. It uses an RS485 physical layer where only one device can transmit at one time. In a Modbus RTU network, the Slave devices listen as the single Master sends a message. The Slave target for the message takes control of the bus and transmits its reply to the Master. This is called a half-duplex network: one message out; one message in.

Modbus TCP on the other hand uses Ethernet for its physical layer. In Modbus TCP, any number of Modbus Master devices can send messages to any number of Modbus Slave devices.

How does Modbus ensure the integrity of a message?
Modbus messages contain a CRC (cyclic redundancy check) at the end of the message. Slave devices use the CRC to validate the message. The CRC will fail to detect an invalid message about one in ten thousand times.

How is the Address Space of a Modbus device organized?
A Modbus data space is composed of data spaces for coils (bits) and registers (unsigned 16-bit integers). There are two data spaces for coils and two data spaces for registers. One coil data spaces is designed for Input Coils – coils created for customers – and is mapped to external inputs. The other coil data space is for status coils – essentially temporary coils used by the software. The same address spaces exist for registers – input registers that are connected to some analog inputs and holding registers that exist as temporary workspace for the software.

In the next article, I’ll discuss Modbus RTU hardware questions.

John

PS – You can move Modbus Registers and coils to ControlLogix and other networks with RTA gateways.