MODBUS:

MODBUS It is an application layer, i.e. level-7 of OSI model, messaging protocol that provides master/slave communication between intelligent devices connected on different types of buses or networks. The protocol describes how information is received, how queries are responded, etc. Usually data link layer & physical layer of MODBUS implementation use serial communication protocol & RS-485 bus for transmission.

MODBUS Protocol Layers:

MODBUS Protocol Layers Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer MODBUS application protocol (client/server) NOT USED MODBUS serial-line protocol (master/slave) RS-485

Slide 3:
MODBUS devices communicate using master-slave technique in which the master initiates the queries & slaves respond by supplying data to master or by taking requested action. The master can individually address and send message to each slave ( unicast model ) or can send message to all slaves ( broadcast model ). Slaves respond to unicast messages but do not respond to broadcast messages. MODBUS supports 4 basic data types : analog inputs, analog outputs, digital inputs & digital outputs.

Slide 4:
MODBUS devices usually include a Register Map. MODBUS functions access the registers to monitor, configure & control the I/O modules. MODBUS assigns 9999 addresses for each data type. Register map of field devices is provided by the manufacturer.

Transmission Modes:
Transmission Modes 2 types of transmission modes for MODBUS communication : ASCII transmission mode : RTU transmission mode Transmission mode defines bit definitions of message bytes & method of packing & decoding the message information into message stream.

Slide 6:
ASCII transmission mode : Each byte in a message is sent as 2 ASCII characters. RTU transmission mode: Each bytes in the message is sent as one 8-bit binary number containing two hexadecimal digits. RTU mode, has higher throughput rate than the ASCII made for same baud rate.

Message Framing:
Message Framing MODBUS messages are framed. Framing allows devices to determine the beginning and ending of messages. The ASCII mode messages start with a colon : character & end with carriage return & line feed (CR & LF, ASCII 0D &0A)) pair of characters. RTU mode message frames start with a silent time gap of at least 3.5 characters implemented as a multiple of character times at the baud rate being used on the network.

Slide 8:
The message frames end with the similar interval of 3.5 characters. The entire message frame must be transmitted as a continuous stream. If a silent interval of 1.5 characters occurs before the completion of the frame, the device treats the following as a new message and clears the buffer. Similarly, if silent interval of less than 3.5 characters occurs before commencing a new message, the device treats the following as continuation of previous message.

MODBUS message structure:

MODBUS message structure This will generate error, as the value in final CRC field will not match with CRC for combined messages. Apart from start & end information, each MODBUS message contains four more basic information which includes device address, function code, data & error checking. Device Address Function Code Data bytes Error checking

Typical MODBUS message frames:

Typical MODBUS message frames (a) ASCII mode Start, (:) 1character 3AH Address 2 characters Function code 2 characters Data N characters LRC check 2 characters End( CR LF) 2 characters 0DH, 0AH (b) RTU mode Start, 3.5character silence Address 8 bits Function code 8 bits Data N x 8 bits CRC check 16 bits End 3.5 characters silence

Slide 11:
The different fields in the MODBUS frames are described as: Device Address The device address is the address of the slave to which the message is sent. It is in the range between 1 & 247. The address field of the message in the ASCII transmission mode contains 2 ASCII characters & in RTU transmission mode an 8-bit binary value.

Slide 12:
(b) Function Code The function code tells the device what action to perform, such as switching on a relay. Though valid function codes range from 1 to 255, the devices do not use all. Some of the common function codes are read coil status(code:01), read input status (code:02), & read holding register(code:03). When a slave responds to a request, normally it returns the same function code as in the request. However, when an error is detected the slave switches on the MSB of the function code returned. It enables the master to distinguish the success & failure responses.

Slide 13:
(c) Data The data field provides additional information on the action to be performed. In ASCII mode , the data is formed with ASCII characters 0 to 9, A to F. One hex character is present in each ASCII character byte of the message. Each byte contains 1 start bit, 7 data bits, & 1 stop bit if parity is used or 2 stop bits if no parity is used. In RTU mode , the data is formed with two hex digits 0 to 9, A to F. The two hex digits are accommodated in each data byte in 8-bit data field of the message. Each data byte contains 1 start bit, 8 data bits & 1 stop bit if parity is used or 2 stop bits if no parity is used.

Slide 14:
(d) Error checking 2 methods of error checking parity checking & frame checking Parity Checking Method: In this, a device is configured for even or odd parity, the number of logic 1s of each character of data portion is counted. Parity bit is set to 0 or 1 to result in even parity or odd parity as per configuration. In frame checking , ASCII mode frame includes Longitudinal Redundancy Check (LRC) characters in the error checking field preceding the CR-LF field. The LRC is computed for all fields except the starting : & the CRLF characters in the frame. The RTU mode frame includes 16-bit Cyclical Redundancy Check (CRC) word in the error checking field.