Modbus - /s (strangemonad's notes)

# [[Modbus]] Modbus is an polled, client-server data communication protocol ^[ technically only modbus TCP/IP is an [[OSI Network Model#Layer 7 - Application|OSI Layer 7]] application protocol. For example, Modbus RTU addresses the device directly] open standard widely used in industrial applications. Most modern applications use modbus over [[TCP]] rather than character serial links. Many of the data type names are named after the physical systems components of the devices they're typically used to control in an [[Industrial Control System]]. For example a physical output is called a `coil` and a physical input is called a `discrete input` or `contact` ## Data types *(called object types in the spec)* | Object Type | Access | Size | Address Space | | ----------- | ----------- | ----------- | ----------- | | Coil | Read/Write | 1bit | 00001 - 09999 | | Discrete input | Read-only | 1 bit | 10001 - 19999 | | Input register | Read-only | 16bits | 30001 - 39999 | | Holding register | Read-only | 16bits | 40001 - 49999 | There are other data types in proprietary extensions e.g. Enron Modbus adds support for 32-bit `int` and `float`. Data on the device is stored in 4 tables. 2 tables store boolean / discrete values as single bits (coils) and 2 other tables store 16-bit integer values (registers) each have a read-only table and a read-write table. Most implementations still strictly support 0-9999 (10k values or addresses 0000 to 270E) per type. More recently, some devices and controller gateways support 2^16 (65,6536) values of each type (making use of the additional 270F to FFFF addresses) are supported through extended register addresses. ^[ I don't fully understand how that impacts the addressing notation e.g. Simply Modbus FAQ says 40001 to 105536]. Addressing notation example 40001 is the first (0001) holding register (holding registers are the 4th table). Larger data types (e.g. 32-bit int and float) or strings can be transmitted with the convention of using contiguous register ranges. Usually that's [[big endian]] but that's not universally true ^[ many gateways and devices support checking a swap bit and swapping low / high ordering]. ## Message frame https://en.wikipedia.org/wiki/Modbus#Frame_formats ``` ADU := Address:[1..247] + PDU + Error Check PDU := FunctionCode + Data ``` ## Modbus TCP Modbus TCP adapts Modbus RTU with slight changes to the message frame content (e.g. error correction and checksum are inherently handled by Ethernet). The overhead of [[TCP/IP]] message framing is 250/(250 - 70 - 70) = 60% efficiency but that's usually negated by the benefits of pervasive, affordable, Ethernet. In Modbus TCP the (slave) device is the server and the (master) controller initiating the TCP/IP connection is the client. ## Other Variants ### Modbus ASCII This is an older implementation that mirrors RTU but makes all characters printable ASCII. It's considered deprecated. ## Questions - IO Base - Registers - Command set? ## Resources - [Modbus Spec - Modbus Org](https://modbus.org/specs.php) - [Modbus protocol spec](https://modbus.org/docs/Modbus_Application_Protocol_V1_1b3.pdf) - [Modbus Security Protocol](https://modbus.org/docs/MB-TCP-Security-v21_2018-07-24.pdf) - [Modbus TCP/IP](https://modbus.org/docs/Modbus_Messaging_Implementation_Guide_V1_0b.pdf) - [Object messaging spec for the modbus TCP protocol](https://modbus.org/docs/Object_Messaging_Protocol_ExtensionsVers1.1.doc) - [Modbus 101 - Introduction to Modbus - Control Solutions Minnesota](https://www.csimn.com/CSI_pages/Modbus101.html) - [Simply Modbus FAQ](http://www.simplymodbus.ca/FAQ.htm) --- - Links: [[Tupple space]] [[Industrial Control System]] - Created at: [[2021-03-11]]