Modbus/TCP

Overview

Modbus/TCP is a communication protocol which is a variant of the Modbus family. It is based on a master/slave architecture and intended for use in industrial automation especially with PLCs or IO modules. Modbus/TCP is defined in IEC 61158.

Modbus uses big-endian representation for addresses and data items.

Protocol structure:

transaction identifier protocol identifier length field unit identifier function code data
2 byte 2 byte (always 0x0000) 2 byte (n+2) 1 byte 1 byte n byte

Commissioning file specifics

A typical commissioning file for the Modbus/TCP protocol looks like this:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# ----------------------------------------------------------------------------#
# Commissioning File
# ----------------------------------------------------------------------------#
# Manufacturer:    Cybus GmbH
# Device:          Virtual Climate Regulator
# Copyright:       Cybus GmbH (2017)
# Contact:         support@cybus.io
# ----------------------------------------------------------------------------#
# Source Interface Definition - Modbus TCP
# ----------------------------------------------------------------------------#
source:
  driver:          modbus
  connection:
      protocol:    modbus.tcp
      host:        {{IP address}}
      port:        {{port}}
      unitId:      1
  defaults:
      operation:   subscribe
      interval:    1000 # ms
      fc:          3
      length:      2
# ----------------------------------------------------------------------------#
# Target Interface Definition - MQTT (Cybus Connectware Broker)
# ----------------------------------------------------------------------------#
target:
  driver:          mqtt # Internal Broker
  defaults:
      operation:   write
      topicPrefix: simulator/modbustcp
# ----------------------------------------------------------------------------#
#  Device Datapoint Mappings
#  Datapoint                        Register        Data Type
#  Current Temperature (°C)         30000           Float
#  External Temperature (°C)        30002           Float
#  Heating Power (kW)               30004           Float
#  Cooling Power (kW)               30006           Float
#  Setpoint Temperature (°C)        30008           Float
# ----------------------------------------------------------------------------#
mappings:
- source:
    address:     0
  target:
    topic:       temperature/current
- source:
    address:     2
  target:
    topic:       temperature/external
- source:
    address:     4
  target:
    topic:       power/heating
- source:
    address:     6
  target:
    topic:       power/cooling
- source:
    address:     8
  target:
    topic:       temperature/setpoint
- source:
    operation:   write
    fc:          16
    address:     8
  target:
    operation:   subscribe
    topic:       temperature/setpoint/set

For the general structure of a commissioning file check out user/device-commissioning.

Parameters for Modbus/TCP devices

connection
protocol
Specific name of the used protocol, in case of Modbus/TCP this is modbus.tcp
host
IP address of the Modbus/TCP device
port
Modbus/TCP port of the source device, typically this is 502
unitId
In Modbus/TCP there is no need for UnitID, since the devices are identified by the IP and the UnitID is typically set to 1. It may be used to communicate via devices such as bridges and gateways which use a single IP address to support multiple independent end units.
defaults
Default parameters can be defined for every mapping parameter. They are used for a mapping unless otherwise specified individually in the mappings list.
mappings
address
Start address of the data on the device (0:65535)
fc
Function code that should be performed on this mapping
operation
The operation is implied by the function code. For read functions it must be ‘subscribe’ and for write functions it must be ‘write’. Operation ‘read’ is not defined for Modbus/TCP mappings.
interval
Polling interval in milliseconds
length
Number of coils/discrete inputs to read in bits or number of registers to read in words (2 bytes)

Supported function codes

For reading or writing data over Modbus/TCP the protocol provides a set of functions. Which action should be performed on the other end of the connection is transferred through the function code (fc).

Supported function codes are:

Function code Action Operation
1 Read coils subscribe
2 Read discrete inputs
3 Read holding registers
4 Read input registers
5 Write single coil write
6 Write single holding register
15 Write multiple coils
16 Write multiple holding registers