3413

Get a Live Demo

You need to see DPS gear in action. Get a live demo with our engineers.

Get the SCADA White Paper

Download our free SCADA tutorial.

An introduction to SCADA from your own perspective.

DPS is here to help.

1-800-693-0351

Have a specific question? Ask our team of expert engineers and get a specific answer!

Learn the Easy Way

Sign up for the next DPS Factory Training!

DPS Factory Training

Whether you're new to our equipment or you've used it for years, DPS factory training is the best way to get more from your monitoring.

Reserve Your Seat Today

Understanding Modbus Protocol - RTU vs TCP vs ASCII

Modbus is a communications protocol for transmitting data between two or more devices. It was developed in 1979 for use with Programmable Logic Controllers (PLCs). It's now widely used for connecting many types of industrial electronic devices on different types of networks.

Modbus Explained: What is Modbus?

Modbus communication protocol is a widely used protocol in Supervisory Control and Data Acquisition (SCADA) systems. It's used extensively for a number of its key benefits, including the following:

  • It's an open-source protocol. It can be included in a wide range of device types from any equipment vendor.
  • It uses a simple message structure, making it less difficult to deploy. It might require just a matter of days to implement, which can save months of work. There is no need to learn and deploy other protocols.
  • It moves raw words and bits, and it has very few restrictions.
  • It's a polled protocol, where a central master asks each device for status information in a sequential loop.
Polling large numbers of Modbus registers often benefits from a prioritized polling scheme.

For devices with large numbers of input registers (more than a few hundred), you'll benefit from a master device that can prioritize more important registers over less important ones.

Uses for Modbus Protocol

Beyond its technical advantages, the Modbus protocol is renowned for its broad applicability across various sectors. Here's a look at some of its diverse uses:

Industrial Automation

In the realm of industrial automation, Modbus serves as a cornerstone for communication between devices. It ensures a seamless network between Programmable Logic Controllers (PLCs), sensors, and actuators. This standardized communication is crucial in environments such as manufacturing plants, power plants, and oil refineries, where monitoring and controlling equipment and processes is vital for operational efficiency.

Vehicle Systems

Modbus also plays a significant role in vehicle systems, particularly in electric vehicles. It facilitates the monitoring and control of battery management systems, charging stations, and inverter systems. This protocol is favored for its simplicity and effectiveness in maintaining smooth operations within these complex systems.

Communications in IoT

With the rise of the Internet of Things (IoT), Modbus, especially Modbus TCP/IP, has become increasingly relevant. It provides a straightforward method for IoT devices, sensors, and controllers to communicate over ethernet networks. Its simplicity and widespread acceptance make it a popular choice in the IoT landscape.

Sensor and Actuator Communication

Modbus excels in enabling communication between sensors and actuators, offering a standardized interface for data transmission such as sensor readings or control signals. This capability allows for centralized control systems or PLCs to efficiently manage a variety of equipment, making it indispensable in fields ranging from industrial machinery to environmental monitoring systems.

By bridging the technical details with real-world applications, Modbus continues to be a pivotal protocol in both traditional and innovative technological domains.

Modbus Systems Are Flexible

Like most remote monitoring system protocols, Modbus follows the master/slave model, but the devices are typically referred to as interrogators/responders, respectively. A system will consist of an RTU which polls (or interrogates) a device for data and alarm information. A remote terminal unit (RTU) is also able to tell a Modbus device when and what commands to execute.

Even the format of the data is flexible. Devices store important values of different data types in various 16 bit registers. A register could contain one analog value, a collection of binary values, or something else. For simplicity's sake, imagine a database or a spreadsheet with two columns: one column contains the register name, and the other column contains the register value. That's really all holding registers are, and you'll configure an RTU to only collect data from the registers you want.

Manufacturers are free to use any number of formats (Modbus function code fields) to suit the function of their devices. If your monitoring device needs information to present to a human operator, the targeted device will read holding registers to receive the data.

What are the Modbus Security Features?

Modbus security features in DPS Telecom equipment focus on sustaining secure and reliable communication and control within network management systems. These security features include:

  1. Support for secure protocols makes sure data transmitted over the network is encrypted and secure from eavesdropping or tampering.
  2. SNMPv3 integration incorporates strong security features including message integrity, authentication, and encryption to protect against unauthorized access and uphold the integrity of data in transit.
  3. Local Modbus processing provides an additional layer of security by handling Modbus communication internally and reducing the risk of interception or manipulation of Modbus messages transmitted over the network​.
  4. RADIUS authentication makes sure only authorized personnel can interact with the system.
  5. TLS encryption ensures that data transmitted over the network is encrypted and secure, preventing unauthorized access or data breaches​​​​.
  6. Dual Network Interface Cards (NICs) allow communication on two separate networks without routing between them, enhancing security by isolating network segments and reducing the risk of unauthorized access​.
  7. Optional battery sensors for security monitor individual batteries for voltage, temperature, and internal resistance, ensuring reliable operation and security of the power supply​.
  8. Firmware updates and security patches promptly address any vulnerabilities so the system remains secure against emerging threats​.

These features collectively ensure that Modbus communication within DPS Telecom's network management systems is secure, reliable, and protected against unauthorized access and potential cyber threats.

Two Channels: Modbus RTU vs Modbus TCP/IP

Modbus data can be carried on two channels - over serial communication, or over a network connection. This flexibility is part of the lasting appeal of Modbus.

Modbus Serial Protocols

There are two types of Modbus serial protocols: RS-232 and RS-485.

Modbus RS-232 allows concurrent, full-duplex flow of data.

Modbus RS-485 is half-duplex, indicating values using differences in voltage.

Modbus TCP/IP

Modbus messages can also be sent over Ethernet or TCP/IP. These Modbus messages are packed as a single bit, or 16-bit word packets. Modbus is not part of a physical layer on a network, as with some other protocols. Messages are transferred on top of physical layers, enabling it to be utilized on many different types of networks. This non-physical layer property makes Modbus an application layer SCADA protocol.

Key Differences: Modbus TCP vs RTU

The main differentiation between Modbus TCP and Modbus RTU is in their communication media and application scenarios:

Modbus TCP is primarily suitable for network communication, especially long-distance communication. It operates based on TCP/IP and is mostly employed in LAN or internet communication. Each message in Modbus TCP includes a header with meta-information like message length and transaction identifiers. However, it lacks CRC integrity checks, relying instead on the underlying TCP/IP network protocol for data integrity.

Modbus RTU is designed for serial communication, ideal for short-distance communication between devices. It does not include distinct message headers but incorporates CRC error detection. This feature provides an efficient method for detecting deviations in message content and transfer order. However, without specific headers, pinpointing changes in transaction details from the message alone is challenging.

By understanding these key differences, you can select the most appropriate Modbus protocol for your specific application needs, ensuring robust and reliable communication between devices.

Real-World Example: Using Modbus to Track Your Generator Status

In this video, you'll see a few simple steps on how to monitor your generator using Modbus. We'll start polling data from a backup generator (propane/diesel). This example uses the web interface of the NetGuardian DIN remote monitoring device.

Two Variants: Modbus RTU vs Modbus ASCII

There are two variants of the standard Modbus protocol: ASCII Modbus and Modbus RTU.

Understanding Modbus RTU

Modbus RTU (Remote Terminal Unit) is a binary implementation of the Modbus protocol, typically used over serial communication. Known for its compact data format, Modbus RTU is efficient and fast. This efficiency simplifies its implementation in hardware. Common physical interfaces for Modbus RTU communications include RS-485 and RS-232.

Modbus RTU over TCP is a hybrid form, combining Modbus RTU and Modbus TCP protocols. Although Ethernet is used to transmit, data follows the RTU format in this setup. This hybrid offers the advantage of incorporating existing RTU-based systems onto Ethernet networks with minimal hardware changes, allowing for system expansions while maximizing current infrastructure.

Modbus ASCII Protocol

The second variant is the Modbus ASCII protocol. This version is more verbose, using ASCII characters that can be read by human operators. A different type of checksum, the longitudinal redundancy checksum, takes place after ASCII data transmission. ASCII is the less secure of the two variants.

Due to its lower efficiency compared to the RTU variant, operators shouldn't use it as their go-to. Only utilize Modbus ASCII for transmission of data to devices that do not support the RTU format.

By understanding these two Modbus protocol variants, operators can make informed decisions on implementation, balancing efficiency and compatibility with existing systems.

Modbus Is a Interrogator/Responder Protocol

Modbus communications take place between a centralized interrogator and up to 247 connected electronic devices on a single network. The design is commonly referred to as a "master/slave" protocol.

The system interrogator requests information from connected Modbus devices, which are referred to as responders. Responding devices only send information to the interrogator in response to these requests, and do not initiate messages themselves. The interrogator can also write information to the responding devices, but the responding devices cannot write information to the master.

When a responder address transmits a communication to the Modbus interrogator, it begins the message with a unique address identifier. This is a number ranging from 1 to 247. This enables the interrogator to identify which specific device is responding with the requested information.

Understanding the Modbus Data Model and Registers

Modbus communication relies on a well-defined data model, which is structured around a series of registers. These registers are essentially memory locations within a device where data is stored. They form a critical part of the Modbus framework, acting as the storage area for various types of data that the system needs to access and manipulate.

Types of Registers

Within the Modbus data model, registers are divided into two main types:

Holding Registers: These registers are versatile, allowing a Modbus master to both read from and write to them. This capability is crucial for operations that require data modification or updating.

Input Registers: In contrast, input registers are read-only. A Modbus master can access the data stored here but cannot alter it. This is typically used for monitoring or retrieving data that should remain constant.

Modbus Holding Registers Store Key Values

Modbus registers are formatted according to one of several "function codes" based on the data contained. You might have an analog fuel level value stored as an 8-bit integer. Instead, a register could use those same 8 bits to store 8 different binary values (door open, power fail, etc.) in a bitmap.

This dual-functionality enhances the flexibility of registers, allowing them to adapt to various data storage needs. Whether it's handling simple numerical values or more complex data sets, the structure of Modbus registers provides a robust framework for data management within automated systems.

What is Modbus OPC UA?

OPC Unified Architecture (OPC UA) was released in 2008. The platform-independent, service-oriented architecture integrates functionalities from various OPC Classic specifications into a single, extensible framework. It supports complex data structures and provides secure, reliable communication over multiple protocols, including TCP/IP, HTTP, and WebSockets.

Integrating Modbus with OPC UA involves using a gateway device or software to translate Modbus data into OPC UA data and vice versa. This integration allows legacy Modbus devices to communicate with modern OPC UA systems. This communication enhances interoperability, scalability, and security in industrial environments. OPC UA's support for complex data types enables efficient data enrichment and access from Modbus devices. This guarantees that legacy systems can interact with advanced technologies, thus future-proofing industrial automation infrastructure.

What is Modbus Plus?

Modbus Plus is a high-speed, peer-to-peer network protocol designed by Modicon for industrial automation and control systems. This protocol aids communication between various devices, enabling them to share information and synchronize their actions effectively.

Modbus Plus supports data transfer rates of up to 1 Mbps, which is significantly faster than traditional Modbus protocols. Devices on a Modbus Plus network can communicate directly with each other without requiring a master-slave configuration. This direct communication allows for more flexible and efficient network designs.

The protocol makes sure that this communication between devices is timely and predictable. Timely responses are needed for real-time industrial control applications. In addition to rapid reponses, Modbus Plus supports dual-path communication. This provides redundancy and enhances network reliability by automatically switching to an alternate path if the primary path fails.

The advanced diagnostic features of Modbus Plus allow for monitoring and troubleshooting network health and performance. These assessments minimize downtime and enhance the efficiency of maintenance.

Supervisory Control and Data Acquisition Can Take Several Forms

Just like any SCADA devices, the official Modbus function of "data acquisition" can vary.

The most common thing you probably think of is an external sensor. You have a process that involves heat, so you put a temperature sensor near it. You have a sealed chamber, so you add a pressure sensor.

That's not the only way to acquire data, though. Many devices self-monitor and report via Modbus; and generators are a great example. They monitor their own fuel levels, temperatures, pressures, and more.

Finally, there are synthesized registers that depend on soft values like timers and calculations. "Time since last maintenance" could be tracked as an analog value, perhaps. Some generators have over 1000 registers to poll. Most of them aren't a physical sensor reading.

The Limitations of Modbus

Despite the popularity of Modbus, it has several limitations that can affect its performance and applicability in secure and complex automation systems. Understanding these limitations can help in making informed decisions about whether Modbus is the right choice for your specific needs.

1. Limited Security Features

Modbus, especially in its traditional forms (RTU and ASCII), lacks built-in security features. This makes it vulnerable to cyber-attacks like data interception, modification, and unauthorized commands. Even Modbus TCP, which runs over TCP/IP, doesn't secure data unless additional measures like VPNs or encryption protocols (e.g., TLS) are used.

2. No Standardized Device Addressing

Modbus uses a simple addressing scheme that can be problematic in larger systems. The address range is limited to 1 to 247, which restricts the number of devices in a single Modbus network. This is especially limiting for large industrial applications where hundreds or thousands of devices need to be integrated.

3. Limited Data Types and Functions

Modbus supports only basic data types and functions, mainly 16-bit registers and discrete inputs/outputs. This simplicity can be useful for simple applications but is limiting for complex data structures or advanced data types. The protocol also lacks advanced operations and diagnostics, which is a drawback for sophisticated control systems.

4. Slow Communication Speed

Traditional Modbus (RTU and ASCII) over serial lines (RS-232 or RS-485) is slow, with typical baud rates from 9600 to 19200 bits per second. Although Modbus TCP can use faster Ethernet networks, its design doesn't always optimize data throughput, leading to slower communication speeds compared to more modern protocols.

5. Single Master Limitation

Modbus networks usually have a single master device that initiates communication with slave devices. This master-slave setup can cause bottlenecks and inefficiencies, especially when multiple masters are needed for redundancy or load balancing. This single master limitation can also create single points of failure in the network.

6. No Built-in Error Handling

While Modbus has basic error-checking like checksums, it lacks advanced error-handling capabilities. There's no standard way to handle communication errors or device failures, so custom error-handling routines are often needed at the application level, adding complexity and potential inconsistencies.

7. Difficulty in Integrating with Modern Systems

The Modbus protocol can be integrated into the Industrial Internet of Things (IIoT) by providing a means to communicate between industrial devices like sensors, controllers, and other equipment. However, integrating legacy protocols like Modbus with modern IoT devices and platforms can be challenging as industrial automation systems evolve. Modbus wasn't designed for modern network architectures, leading to compatibility issues, higher integration costs, and the need for protocol converters or gateways.

To address these challenges, an edge protocol gateway can be employed. This gateway supports various Modbus drivers such as Modbus TCP, Modbus RTU, and Modbus RTU over TCP, facilitating seamless integration with IoT systems.

Key Modbus Drivers for IoT Integration

  • Modbus TCP: Utilizes TCP/IP networks to enable communication between Modbus master devices and Modbus slave devices. This driver ensures efficient data exchange and control over modern network infrastructures.
  • Modbus RTU: A serial communication protocol often used in industrial environments. It allows connectivity with Modbus devices via serial interfaces like RS-485 or RS-232, supporting data exchange in systems where this communication method is prevalent.
  • Modbus UDP: Employs the User Datagram Protocol to offer low overhead and fast transmission, ideal for real-time control applications where speed is critical.
  • Modbus RTU over TCP: Combines the simplicity of Modbus RTU with the network capabilities of TCP/IP, encapsulating RTU frames within TCP/IP packets for broader network reach.

To address these challenges, an edge protocol gateway can be employed. This gateway supports various Modbus drivers such as Modbus TCP, Modbus RTU, Modbus UDP, and Modbus RTU over TCP, facilitating integration with IoT systems.

Benefits of Integration

Integrating Modbus with IoT not only resolves compatibility issues but also unlocks numerous benefits:

Optimized Operations: Data from Modbus devices can be collected and analyzed to refine processes and improve efficiency.

Enhanced Safety: Real-time data monitoring enhances safety protocols by enabling quick responses to potential hazards.

Cost Reduction: Improved data analytics lead to better resource management and reduced operational costs.

By leveraging the right tools and technologies, Modbus protocol can effectively become part of a larger, interconnected IIoT ecosystem, streamlining industrial operations and elevating the industrial automation landscape.

Remember SCADA Best Practices - Regardless of Protocol

No matter what protocol you choose to use, keep in mind a few important points:

Always focus on open protocols that don't trap you in ridiculous licensing fees. By reading this article, you've already taken one step in the right direction.

Open standards empower you to choose a new manufacturer later. Closed protocols written by one manufacturer won't allow that.

Also, look for devices that speak in multiple protocols. You should always standardize as much as possible because something WILL come up. Don't settle for a master if it only has Modbus SCADA software if you have other devices that use different protocols like SNMP or DNP3. The T/Mon LNX is a great example of a master that speaks multiple protocols.

Invest Time in Evaluating Manufacturers

Any SCADA system you choose will have a big impact on your unmanned site. Your operations are important, and SCADA protects those operations. That's why you need to choose a manufacturer with a track record. Big companies can be a reasonable option, but sometimes they're too big to care about you unless you're huge also, or willing to shell out tons of cash for a solution.

Proven providers who maintain a custom focus on your needs can be great. Look for a team that will provide free tech support, and who doesn't outsource their tech support.

Ask any sales rep you talk to whether designs can be changed or new features you need can be added. What if you need something unexpected, will they develop a solution for you? A great shorthand for this is whether a company has its own engineers. Devices built overseas and merely sold in your country can be a problem.

Ideally, your SCADA manufacturer has strong control over design, manufacturing, sales, and support. That's a priceless tool for the problems you can't predict.

Do Your Homework With These Guides

The more you know about Mod bus and SCADA, the more valuable you'll be to your company.

You can also read about the T/Mon Alarm Master if you're evaluating solutions now. Finally, keep learning about tech with the RS485/RS232 article below.

Related Products:

  • T/Mon LNX: a Modbus protocol example of a master station

Related Topics:

Do you Still need support?

All DPS Telecom products include comprehensive technical support. If you've purchased one of our products and are encountering any kind of issue, contact DPS Tech Support today at 559-454-1600.

At DPS Telecom, the representative who answers your call isn't an intern reading from a script. DPS Tech Support representatives are engineers who contribute to product development. And, if your problem requires additional expertise, the DPS Engineering Department that designed your product is right down the hall.

Help us connect you to the right engineer by filling out this quick questionnaire. Simply leave your contact information to get started, and we'll call you back. Most preliminary discussions are about 15 minutes, and afterward, we'll send you a custom application diagram of a recommended solution that'll make it easier to justify your project to management.