What is Modbus RTU?
Modbus RTU, the oldest and most popular digital automation protocol, uses serial RS485 wiring to communicate between various compliant devices in building management systems (BMS), industrial automation systems (IAS), and SCADA systems. Created by Modicon in 1979, it was originally developed as a way for programmable logic controllers (PLCs) to efficiently communicate with each other, but it is now commonplace and utilized by a multitude of industrial devices.
Modbus is an open protocol and, as such, any manufacturer can create a compatible device that aligns to the Modbus standard without the need to pay a royalty fee. A typical Modbus network will contain a variety of field devices such as sensors, meters, VFDs, and assorted controllers or other equipment. Regardless of manufacturer, Modbus permits each of these devices to send collected data to the PLC for process or operational decision making.
Modbus RTU System Architecture
Like other industrial protocols, Modbus RTU devices are arranged in a master/slave relationship. A master device (typically a PLC) will query slave devices on the network and each slave device will reply, in turn, with the requested data. Slaves cannot send unsolicited data and remain “quiet” until queried by the master. Modbus RTU permits only a single master on a network. This is in contrast to Modbus TCP, which utilizes Modbus protocol over an Ethernet network and permits multiple master devices.
It is possible to implement Modbus RTU over a serial RS232 physical layer. However, this configuration only permits a single master and a single slave device (point to point), making it far less flexible than serial RS485 networks. In addition, RS232 ports are uncommon on modern devices, the cable run distance is limited to 50 feet, and the communication is susceptible to noise interference.
For these reasons, Modbus RTU is nearly always implemented over an RS485 physical layer. RS485 is a multi-drop serial bus that permits up to 32 slave devices to be daisy chained together and connected to the master. However, the number of slave devices can be increased to 247 with the use of a repeater. The maximum distance is 1200 meters, and all devices must be using the same baud rate to connect, typically 9600 or 19200 (maximum 115200 baud).
Modbus RTU Data Representation
Unlike 4-40mA current loops or other analog communications, Modbus RTU sends digital communication packets that are comprised of binary values. In this way, it can communicate a discrete number of values from 2 to billions determined by the number of bits. Modbus utilizes two data types which are called "coils" and "registers."
Coils are simply single bit (binary) data that can indicate status, for example ON (1) or OFF (0). Some coils represent discreate inputs or outputs.
Registers are 16-bits of unsigned data and range in value from 0 to 65535. There are two types of registers: Input Registers and Holding Registers. Input registers are for analog data and are read only. Holding registers are also for analog values but are both read and write; they are the most frequently used register type.
Register Type | Access | Address Range | Size | Function Code | Description | Example Use |
---|---|---|---|---|---|---|
Coil | Read/Write | 0001-09999 | 1-Bit | 01 to read 05 to write | Binary data. Discrete outputs or coils. | ON (1) or OFF (0) |
Discrete Input (Input Status) | Read Only | 10001-19999 | 1-Bit | 02 | Binary data. Read discrete inputs. | Physical switch status (open or close) |
Input Register | Read Only | 30001-39999 | 16-Bits | 04 | Analog data. Read input registers. | Float values, such as levels or energy meter readings |
Holding Register | Read/Write | 40001-49999 | 16-Bits | 03 to read 06 to write | Analog data. Read holding registers. | Use to change the setpoint of a device, such as temperature |
Larger values require 32-bit registers which are created by combining two 16-bit registers. The two registers need to be transmitted and interpreted in a specific “byte order” to correctly read the value. By default, the high-order byte (“most significant word”) is transmitted first followed by the low-order byte (“least significant word”). Data is transmitted using hexadecimal, which uses digits 0-9 and letters A-F; a single register value can range in hexadecimal from 0 to FFFF.
Following is an example of using two 16-bit registers to create a 32-bit, unsigned register:
Modbus Data Packets
Modbus data packets contain key information for communicating across the network. Each packet contains the same information: Slave Address, Function Code, Data, and Cyclical Redundancy Checking (CRC). The CRC, or error checking, is especially important to ensure that the contents of the message are valid. The maximum size of each packet is 256 bytes and between each packet is a silent interval (length: 3.5 characters) that indicates to a device that the message is complete.
Modbus Register Lists
Each Modbus device has a published register list (sometimes called a “Modbus Map”) that is unique to that particular device (or a manufacturer’s family of similar devices). In other words, although Modbus is an open protocol adopted by many devices, the register list for each device is not universal. For example, the “Line Frequency” register may be 4093 in one device whereas another device may use register 1165. In this case, it is critical that the Master has this information properly mapped so that incoming data from each device is correctly interpreted. It is also important to note that, unlike some other protocols, there is no device discovery option which means it would be nearly impossible to identify the proper register without a list from the device manufacturer.
The Future of Modbus RTU
Modbus has been one of the most widely adopted protocols in industrial automation and there are millions of Modbus RTU devices around the world faithfully reporting data across many industries. Even 40+ years after its creation, Modbus RTU remains popular due to its reliability, affordability, and simple architecture. The required RS485 serial connections continue to be included on a variety of industrial devices making their integration into existing Modbus RTU systems straightforward.
Unfortunately, one disadvantage to Modbus RTU (and Modbus TCP) is a lack of conformance with modern-day security standards. With growing cybersecurity concerns, especially in utility and energy sectors, advanced security measures will be mandatory, pushing out antiquated protocols and methods. In addition, limits to speed, packet size, and data types means that Modbus RTU is often outmoded compared to protocols that can provide metadata, such as engineering units, or can communicate over Ethernet. For these reasons, building management and industrial automation sectors will continue the process of replacing Modbus RTU with faster, more secure protocols.