Modbus is a communication protocol developed by the American company Modicon (now Schneider Electric) in 1979. Its purpose is to use a twisted pair to achieve communication between multiple devices. Modbus soon became the de facto standard in the automation industry, and Modicon released it to the public without charging any patent fees. Through the Modbus protocol, communication between control devices (such as PLC, frequency converters and DCS) from different manufacturers can be easily achieved.
The Modbus protocol adopts a question-and-answer communication method, which has the advantages of simplicity, cheap hardware, strong versatility, easy use, and easy development and implementation. Modbus RTU has almost become the preferred communication protocol for domestic PLCs and frequency converters. The Modbus protocol does not require a specialized communication module. The stack and protocol mechanisms required for communication are implemented in software and belong to layer 7 of the ISO-OSI reference model. Another advantage is that it can communicate through any transmission medium, including twisted pairs, wireless communications, optical fiber, Ethernet, telephone modems, mobile phones, and microwaves. This makes it easy to establish a Modbus connection in a new or existing plant.
There are three versions of Modbus currently in use: Modbus ASCII, Modbus RTU and Modbus TCP. The Modbus ASCII protocol needs to convert one byte of data into two bytes of ASCII code before sending it. The data of the Modbus RTU protocol is encoded in binary, and each byte of data requires only one byte of communication.
Modbus RTU communication adopts master-slave mode and can transmit up to 255 bytes of data. A master device communicates with one or more slave devices. Typical main devices are PLC, PC, DCS (distributed control system) or RTU (remote terminal unit). Modbus RTU slave devices are generally field devices. When a Modbus RTU master device wants to get data from a slave device, the master device sends a message containing the slave device station address, the required data, and a CRC check code used to detect errors. All other devices on the network can receive this message, but only the slave device whose address is specified will respond. Slave devices on a Modbus network cannot initiate communication, they can only reply when the master device speaks to it.
Modbus TCP can be understood as Modbus on Ethernet. Modbus TCP simply uses the TCP/IP standard to simply package and compress Modbus information packets. This allows Modbus TCP devices to connect and communicate over Ethernet and fiber optic networks. Compared with the RS-485 interface, Modbus TCP also allows the use of more addresses, can adopt a multi-master architecture, and the transmission rate can reach the GB/s level. The number of slave stations in the Modbus TCP network is only limited by the capabilities of the network physical layer. Usually the number of slave stations is generally around 1024.
Modbus RTU uses a 16-bit cyclic redundancy check code (CRC). Through a complex procedure of ORing and shifting the data, the CRC is generated by the master device and checked by the receiving device. If the CRC values calculated by both parties do not match, the slave device will request to retransmit the information. The Modbus RTU protocol is divided into Modbus RTU master protocol and Modbus RTU slave protocol. Modbus communication is controlled by function codes, and the master station directly accesses the data area of the slave station.
Modbus RTU CRC check code calculation method
Only 8 data bits, the start bit and the stop bit are used in the CRC calculation. If there is a parity bit, including the parity bit, they are not involved in the CRC calculation.
The CRC calculation method is:
- Load a 16-bit register with a value of 0XFFFF. This register is the CRC register.
- XOR the first 8-bit binary data (ie, the first byte of the communication information frame) with the 16-bit CRC register, and the result of the XOR is still stored in the CRC register.
- Shift the contents of the CRC register to the right by one bit, fill the highest bit with 0, and detect whether the shifted bit is 0 or 1.
- If the shifted bit is zero, repeat the third step (shift right one bit again); if the shifted bit is 1, the CRC register is XORed with 0XA001.
- Repeat steps 3 and 4 until the right shift is performed 8 times, so that the entire 8-bit data is processed.
- Repeat steps 2 and 5 to process the next byte of the communication information frame.
- After all bytes of the communication information frame are calculated according to the above steps, the high and low bytes of the obtained 16-bit CRC register are exchanged.
- The final content of the CRC register is: CRC check code.