The ModBus TCP protocol is the cornerstone of the field of industrial communication systems. It is an application-layer messaging protocol that works with Ethernet to enable client/server communication between devices connected on different types of networks. Originating from the ModBus serial protocol (ModBus RTU), ModBus has evolved to adopt modern technologies such as TCP/IP, playing a key role in areas such as building automation, energy management, and industrial automation. Its simplicity, robustness, ease of use, openness, and integration capabilities make it the protocol of choice.
什么是ModBus TCP?
ModBus TCP is an adaptation of the classic ModBus protocol for TCP/IP networks. It provides a standardized TCP interface that enables ModBus devices to communicate seamlessly via Ethernet for efficient and reliable data exchange. The protocol inherits the simplicity and robustness of ModBus and increases the reliability and interoperability of TCP/IP. It utilizes the TCP transport protocol to ensure that data is delivered reliably and in an orderly manner, and is addressed and routed through the IP layer. ModBus TCP/IP works under a client-server model, where one device initiates a request as a client and the other devices respond as a server. It offers an elegant solution for ModBus communication over modern network infrastructures, enhancing its relevance in a digital industrial environment.
ModBus TCP/IP架构
The ModBus TCP/IP architecture implements layered network communication, including the TCP/IP stack and the ModBus Application Protocol (MBAP). The TCP/IP protocol is responsible for data transmission at the physical layer (Ethernet), network layer (IP), and transport (TCP) layers, while MBAP is part of the application layer that encapsulates ModBus messages in TCP/IP packets. This architecture ensures that ModBus data is communicated seamlessly over a standard network infrastructure, with ModBus messages containing MBAP headers, Function code, and Data fields at its core. This architecture is essential for seamless interoperability between different devices, while maintaining the simplicity and robustness of the ModBus protocol.
ModBus TCP帧结构
The ModBus frame structure can be divided into two parts: MBAP header + PDU.
MBAP header frame structure
The MBAP header is a 7-byte structure prefixed with a standard ModBus message, which is composed as follows.
| Transaction ID | Protocol identifier | length | Unit identifier |
| 2 bytes | 2 bytes | 2 bytes | 1 byte |
| substance | interpretation |
| Transaction ID | It can be understood as the sequence number of the packet, and 1 is usually added after each communication to distinguish different communication data packets. |
| Protocol Identifier | 00 00 indicates the ModBus TCP protocol. |
| length | Indicates the length of the next data, in bytes. |
| Unit identifier | It can be understood as the device address. |
PDU frame structure
The frame structure of the ModBus TCP PDU is the same as that of the ModBus RTU, which consists of two parts: function code and data.
| Feature codes | data |
| 1 byte | The length of the data varies, depending on the specific function |
1. There are four types of operation objects of ModBus: coil, discrete input, input register, and hold register
| object | meaning |
| coil | Switching quantity, readable and writable in ModBus |
| Discrete quantity | Switching quantity, read-only in ModBus |
| Enter the registers | Registers that can only be changed from the analog input are read-only in ModBus |
| Hold registers | Registers for outputting analog signals, readable and writable in ModBus |
2. Depending on the object, there are the following types of ModBus function codes:
| Feature codes | meaning | Bit Operation/Word Operation | Operation Quantity |
| 01 | Read the coil status | Bit operations | Single or multiple |
| 02 | Read discrete input status | Bit operations | Single or multiple |
| 03 | Read hold registers | Character manipulation | Single or multiple |
| 04 | Read the input register | Character manipulation | Single or multiple |
| 05 | Write coil status | Bit operations | Single |
| 06 | Write a single hold register | Character manipulation | Single |
| 15 | Write multiple coils | Bit operations | multiple |
| 16 | Write multiple hold registers | Character manipulation | multiple |
The data domains of ModBus TCP are the same as those of Serial Link ModBus.
ModBus TCP 与 ModBus RTU
ModBus TCP/IP and ModBus RTU are the two branches of the ModBus protocol, each with its own advantages and application fields. TCP/IP is Ethernet-based, with high speeds (100 Mbps+) for large-scale, decentralized industrial networks, using a client-server model that leverages TCP/IP stack communication to support complex network topologies. The ModBus RTU, on the other hand, is a serial version with a slower speed (up to 115,200 bps) via an RS-232/485 interface, based on a master-slave model, and includes CRC error checking to ensure data integrity, making it suitable for environments with high electrical noise. The choice is based on data speed, network topology, number of devices, and environmental conditions.
ModBus TCP/IP:实际应用
1. Core applications in the field of industrial automation
ModBus TCP/IP is at the heart of industrial automation, serving as a universal communication protocol that seamlessly connects a wide range of industrial devices, including programmable logic controllers (PLCs), remote termination units (RTUs), and sensors. This connectivity enables more efficient communication of industrial equipment and drives higher levels of industrial automation. The wide application of ModBus TCP/IP not only improves production efficiency, reduces labor costs, but also strengthens the collaboration between equipment to ensure the stability and reliability of industrial processes.
2. The key support of the building automation system
ModBus TCP/IP plays a crucial role in building automation systems. As a communication bridge between different subsystems, it enables seamless connection and data exchange between various systems in the building, such as HVAC, lighting control, access control systems, etc. This seamless communication not only improves the intelligence of the building, but also enables managers to monitor and control various equipment and systems in the building in real time, thereby providing a more comfortable, safe, and energy-efficient living and working environment.
3. The core components of the energy management system
ModBus TCP/IP plays a central role in energy management systems. By connecting devices such as power meters, sub-meters, and energy management software, it provides real-time energy usage data to support energy management. These data not only help enterprises identify energy waste and formulate energy-saving strategies, but also predict future energy demand, providing a scientific basis for energy management of enterprises. At the same time, the openness and standardization of ModBus TCP/IP enable devices from different manufacturers to be seamlessly integrated into the energy management system, improving the compatibility and scalability of the system.
TCP/IP ModBus的优点
ModBus TCP/IP offers several advantages that make it the protocol of choice for industrial automation and other applications.
Seamless integration: TCP/IP-based, compatible with existing network infrastructure, easy to integrate, and support cross-network communication.
Simple and efficient: The functional code set is small and well-defined, the data model is simple, easy to implement, and reduces processing overhead.
Reliable and robust: Based on the TCP protocol, it provides reliable and orderly byte stream transmission to ensure the accuracy of control commands and status updates.
Highly scalable: Supports large address spaces and broadcasts, making it suitable for large-scale applications.
Open and versatile: The protocol specification is free, no license required, and has a large ecosystem of compatible devices and software.
ModBus TCP/IP 的局限性和挑战
ModBus TCP/IP is ubiquitous, but it also has its challenges. The following are its main limitations:
Insufficient security: The design does not fully consider network security, does not support encryption and authentication, and data is easy to be intercepted and changed, and is easy to be accessed by unauthorized devices.
Inconvenient device configuration: Automatic device discovery is not supported, and new devices need to be manually configured, which is time-consuming to maintain.
Limited functionality: Only simple request/response communication is supported, which may not be appropriate for complex communication or real-time performance needs.
TCP congestion control impact: Congestion control that relies on TCP can lead to inefficiencies and delays when the network is busy or long-distance connections.
Limited scalability: Network performance can degrade as devices grow, and this is something to keep in mind when designing large systems.
conclusion
ModBus TCP/IP is an adaptation of the well-established ModBus RTU protocol designed for TCP/IP networks. It brings the simplicity and reliability of the original protocol to the world of Ethernet and Internet communications. With its open standards, it is widely recognized in industrial automation and building management systems. However, there are concerns about the protocol's lack of security measures and other modern network features, which could affect its suitability for certain applications.
Despite these challenges, ModBus TCP/IP is still a relevant choice due to its widespread use, industry familiarity, and extensive library of supported devices.
Wireless communication modules supporting standard ModBus protocols:
"Accurate temperature measurement, all under control! RTD/thermocouple temperature acquisition module, 0.1°C high resolution》
How to transfer PLC serial port to network port? PLC connected to Ethernet》
"High-speed continuous transmission Ethernet gateway, automatic relay networking, long-distance communication"