Industrial Communication Chapter 2: Modbus Serial
Modbus Serial Features
Modbus Serial Features
Introduction ● Modbus = Modicon Bus (1979) ● is an application layer messaging protocol for client/server communication between devices connected on the bus. ● Independent from the other layers ● Openly published and royalty-free
● Relatively easy industrial network to deploy ● It moves raw bits or words without placing many restrictions on vendors
● Various versions ● Modbus RTU (Serial), Modbus ASCII, Modbus Ethernet Et hernet TCP/IP, Modbus Plus (Proprietary of =S=)
Layers Used in OSI Model ● 3 Layers used for Modbus Serial APPLICATION
Modbus Protocol
PRESENTATION
Not used
SESSION
Not used
TRANSPORT
Not used
NETWORK
Not used
DATALINK
Master / Slave, Transmission RTU / ASCII
PHYSICAL
RS485, RS422, Fiber Optic, Radio, Cellular, …
Physical Layer RS485 2 wire
Required
RS485 4 wire
Optional
RS232
Optional
Multi-point and point-to-point To integrate into an existing installation without modification Point-to-point mode 15 meter max.
Transmission speeds: 9600 bps and 19200 bps required with 19.2 Kbps by default Other speeds: 1200, 2400, 4800, 38400, 56 Kbps, 115 Kbps optional
RS485 is the most common physical layer used on Modbus. 32 devices included the master can be connected on the bus.
Modbus RS485 2 wire installation Master T R 5V 650 ohms
Balanced pair 120 ohms 1 nF
650 ohms
Common PG T
R
Slave 1
Topology: bus type
T
R
Slave n
Max. number of devices: 32 including master without a repeater Max. length: Main segment: 1,000 m at 19,200 bits/s Drops: 40 m in total (20 m for one tap link)
120 ohms 1 nF
Data Transmission ● Method of accessing the medium ● Master slave
● Transmission method: ● Client / Server
● Max. useful data size: ● 120 words
Unicast Addressing Mode Address = 1 to 247 Request 5
Adr 1
Adr 2
Adr 3
Adr 4
Funct. Code
Request data
CRC
Adr 5
Adr n
Response 5
Funct. Code
Response data
CRC
Broadcast Addressing Mode Address = 0 Request Funct. Code
0
Adr 1
Adr 2
Adr 3
Adr 4
Adr 5
No response from slaves Used only with write functions
Request data
CRC
Adr n
Transmission Modes ● ASCII transmission mode ● Every data item is encoded in two ASCII characters (7 bits) ● allows time intervals of up to 1 second to occur between characters without causing an error. ● Used with Modem / Barcodes
● RTU transmission mode ● Every data item is encoded in one byte (8 bits) ● Achieves higher throughput & reliability ● Used with PLC / SCADA
Modbus Serial Frame Modbus PDU
Address
= 0 to 247 Identifies the addressee
Function Code
= 1 to 127 Action to perform
Two addressing modes:
PDU = Protocol Data Unit
Data
CRC or LRC
Additional data depending on the Function Code
Validity check
Unicast
Address field = 1 to 247
Broadcast
Address field = 0 (used in write only mode)
Address Field Address
Function
Data
Checksum
Valid device addresses : 0 to 247 decimal. Value 0 reserved for broadcast message (no reponse)
● Request ● A master addresses a slave by placing the slave address in the address field of the message.
● Response ● When the slave sends its response, it places its own address in this address field of the response to let the master know which slave is responding.
Function Field Address
Function
Data
Checksum
Valid codes are in the range of 1 to 255 decimal.
● Request ● The function code field tells the slave what kind of action to perform.
● Response ● For a normal response, the slave simply echoes the original function code. ● For an exception response, the slave returns a code that is equivalent to the original function code with its most significant bit set to a logic 1.
Data Field Address
Function
Data
Checksum
● Request ● The data field contains additional information which the slave must use to take the action defined by the function code. This can include items like register addresses, quantity of items to be handled, etc...
● Response ● If no error occurs, the data field contains the data requested. ● If an error occurs, the field contains an exception code that the master. Application used to determine the next action to be taken.
Checksum Field Address
Function
Data
Checksum
● Modbus RTU uses CRC ● Cyclical Redundancy Check (2 bytes)
● Modbus ASCII uses LRC ● Longitudinal Redundancy Check (1 byte)
● Request ● The checksum is calculated by the master and sends to the slave.
● Response ● The checksum is re-calculated by the slave and compared to the value sent by the master. If a difference is detected, the slave will not construct a response to the master.
Function Codes Code
01 02 03 04 05 06 07 08 15 16 23 43
(0x01) (0x02) (0x03) (0x04) (0x05) (0x06) (0x07) (0x08) (0x0F) (0x10) (0x17) (0x2B)
Function
Read n consecutive output bits Read n consecutive input bits Read n consecutive output words Read n consecutive input words Write 1 output bit Write 1 output word Read exception status Access diagnostic counters Write n output bits Write n output words Read/Write n output words Read identification
http://www.modbus.org
Example of Read Request Request 1 byte
1 byte
2 bytes
2 bytes
Slave
Function
First word
Number of
address
words to read
2 bytes
2 bytes
2 bytes
2 bytes
Value of the last word
CRC16
Address code = 3
2 bytes CRC16
Response 1 byte
1 byte
Slave
Function
Number of
Value of the
Address code = 3
bytes read
first word
Registers & Index ● Registers ● Memory variable located in a device ● Word, Bit, Byte, etc… ● Can be reached thanks to its Index
● Inputs Registers: read only (status) ● Outputs Registers: read / write (commands)
Programming Modbus with Unity Pro
1 Platform, 3 Target ● 3 PLC Targets ● M340, Premium, Quantum
● Same Philosophy ● Different Function Blocks
BMXNOM0200 ● Safety screw (1) ● Display block with 4 LEDs: (2) ● RUN (green) and ERR (red): Module status ● SER COM (green): Activity on the serial link (lit) or fault (flashing).
● Channel 0 (3a & 3b) ● RS 232C connection, marked COM Port 0 RS232 ● RS 485 connection, marked COM Port 0 RS485
● Channel 1 (4) ● RS 485 connection, marked COM Port 1 RS485
BMXNOM0200 Configuration
Request Programming ● Dedicated Function Blocks for M340 ● ADDM ● Address Conversion ● READ_VAR
●Execute a read request ● WRITE_VAR ●Execute a write request ● DATA_EXCH ●Execute a user defined request ● OUT_IN_MBUS ●Change from Slave to Master mode
ADDM FB ● IN: ● String variable: ‘r.m.c.e.MBS’
● Out ● Converted table of words, to be used in the others FB
●‘r.m.c.e.MBS’ ● r = the rack number where the Modbus module is located, ● m = the slot number of the Modbus module, ● c = the channel used ● e = the equipment address (slave address) of the target ● “MBS” = used to indicates to use Modbus Serial (optional)
READ_VAR FB
● IN: ● ADR: to be linked to the output of the ADDM block.
● OBJ: defining object to read (in the case of Modbus register: ‘%MW’) ● NUM: starting register to read ● NB: number of consecutive register to read
● OUT ● RECP: reception zone of the block, delivering the value read (table of words)
● IN/OUT ● GEST: table of 4 words to manage the communication block (errors, timeout, length, etc..)
WRITE_VAR FB
● IN: ● ADR: to be linked to the output of the ADDM block.
● OBJ: defining object to write (in the case of Modbus register: ‘%MW’) ● NUM: starting register to write ● NB: number of registers to write ● EMIS: source table to write from the PLC
● IN/OUT ● GEST: table of 4 words to manage the communication block (errors, timeout, length, etc..)
GEST Variable ● Structured Variable ● Table of 4 words Most Significant Byte
Least Significant Byte
GEST[1]
Exchange number (updated each time the request is executed)
Activity bit: 1 = exchange in progress, 0 = exchange terminated.
GEST[2]
Operation report
Communication Report
GEST[3]
Timeout
GEST[4]
Length
Exercise ● Add & Configure Modbus Module (p 2-13)
– Add a module – Configure the channel – Set the Modbus Slave address (Tesys U) – Insert the ADDM block – Create the READ_VAR request (to read status register index 455) – Test the application
Optimizing Communication ● Beware of Communication Buffer Overload ● Usage of the Activity Bit (GEST[1].X0)
Optimizing Communication (Example) ● Conditioning with the Activity Bit ● Avoid buffer overload ● Ensure that the next block is send when the previous is finished.
Optimizing Communication (Cont.) ● Device Timeout ● Mean to know if the Master is lost ● After a defined time without receiving request, Slave goes to fallback mode Allo, anybody still there?
● Fallback Mode ● Mode activated when communication is lost ● Behaviour to define (start a motor, stop a process, switch off outputs..) No answers… great, let’s go party!
Exercise ● Optimizing the Communication (2-16)
– Insert the Activity Bit as condition – Insert the WRITE_VAR function (to write into command register 704) – Test the communication ● Testing the TimeOut (2-20) – Use WRITE_VAR to change the Timeout parameter
– Test the communication
