Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Modbus Protocol*
10.1 Overview .......................................................................................... 10-1
History • Premise • General • Features
10.2 Modbus Protocol.............................................................................10-4
Protocol in the Abstract • Client/Server in General • Application
Protocol Data Unit • Client/Server Interactions • Data
Types • Data Models • Function Code Categories • Function
Codes • Exception Codes • Transmission Order
10.3 Modbus over Serial Line .............................................................. 10-12
General • Modbus Serial Line PDU • Modbus Transmission
Modes • RTU Transmission Mode • ASCII Transmission Mode
10.4 Modbus/TCP .................................................................................10-20
General • TCP/IP Encapsulation • Role of the Transaction
ID • Assigned Port • Protocol ID • Unit ID and
Gateways • TCP as a Streaming Protocol • Connection
Establishment and Management • State Machines • Modbus/
TCP Flowcharts • [Informative] TCP Interfaces and
Parameterization
10.5 Gateways and Similar Devices....................................................10-28
Rudy Belliardi General • Interpretation • Mappings • Tunneling and Bridging
Schneider Electric
10.6 Modbus as Part of the CIP Stack, in ODVA .............................10-29
Ralf Neubert 10.7 Modbus on Other Stacks .............................................................10-34
Schneider Electric 10.8 Conformance .................................................................................10-34
10.1 Overview
10.1.1 History
The Modbus™ protocol was created in 1978 by Modicon Inc. as a simple way for communicating control
data between controllers and sensors using an RS232 port.
The protocol became widely adopted, quickly reaching the status of de facto standard in the industrial
automation field. Today, the Modbus protocol is the single, most supported protocol among automation
devices.
Schneider Electric transferred the specifications for Modbus and Modbus/TCP (Modbus over TCP/IP)
to Modbus.org. See the web-based community www.Modbus.org.
* © 2013 Schneider Electric. All Rights Reserved. Schneider Electric and Modbus are trademarks owned by Schneider
Electric Industries SAS or its affiliated companies. All other trademarks are the property of their respective owners.
10-1
www.engbookspdf.com
10-2 Field Area and Control Networks
10.1.2 Premise
The material presented in this chapter does not contain all the details of the Modbus protocol. The
authoritative specifications are publicly available and can be found at the web-based community www.
Modbus.org.
10.1.3 General
Modbus is an application layer messaging, protocol placed at OSI layer 7, for client/server communica-
tion between devices connected on different types of buses or networks. Figure 10.1 shows the messaging
between one client and one server and the conventional names given to the messages at the source and
the destination.
Modbus is currently transported using any of the following underlying layers:
• RS232, RS422, RS485
• TCP/IP
• Modbus Plus, a token-passing network
• Many other stacks over a variety of media (e.g., fiber, radio, cellular)
This is shown in Figure 10.2.
A network example is illustrated in Figure 10.3; gateways are used to connect the underlying layers,
HMIs are human–machine interface stations, and PLCs are programmable logic controllers.
The Modbus messaging/transaction takes place exchanging application protocol data units ([APDUs]
described later). While the APDU is the same for all underlying layers, the client/server mechanism
employed by Modbus takes full advantage of the different possibilities offered by the currently used
underlying layer (one to one, one to many, error checking, pipelining, etc.).
Request Indication
Client Server
Confirmation Response
Modbus on TCP
TCP
IP
www.engbookspdf.com
Modbus Protocol 10-3
Modbus communication
Modbus on TCP/IP
Modbus on RS232
PLC
PLC
Modbus on RS485
Modbus on MB+
I/O
HMI
Device I/O
Drive
I/O Device
I/O
10.1.4 Features
The popularity of Modbus stems from a commitment to simplicity, recognizing that industrial auto-
mation applications are the most diverse and that there are advantages in delegating the handling of
diversity to the applications.
Some features are as follows:
• Simple to implement
• Can be implemented in days
• Small footprint
• Can run on any computer system, CPU, or microcontroller, allowing the networking of
simple devices
• Scalable in complexity, scope, and range
• Complexity: A device that has only a simple purpose needs only to implement the needed
message types.
• Scope: From real-time sensing to production data.
• Range: A collection of devices using Modbus/TCP to communicate can range up to 10,000
or more on a single switched Ethernet network.
• It is simple to administer and enhance
• There is no need to use complex configuration tools when adding a new node to a network.
• Open and low cost
• The specifications are freely downloadable from the www.Modbus.org website.
• In addition to being a de facto standard, it has been standardized by the International
Electrotechnical Commission (IEC), the Standardization Administration of China (SAC),
and relevant parts by the Semiconductor Equipment and Materials International (SEMI)
association.
www.engbookspdf.com
10-4 Field Area and Control Networks
• For most Modbus underlying layers, these layers—hardware and software—are commercially
available (RS232, RS422, RS485, TCP/IP) with economy of scale, and they are already pres-
ent at no extra cost to device vendors as part of the standard compendium of the devices.
• There is no vendor-proprietary equipment or software needed, and since there is no
need to modify the underlying commercial standard layers, the protocol can readily take
advantage of any improvements in those layers.
• Connectivity
• It is very easy to build Modbus networks made of different underlying layers, via widely
available flexible gateways.
• Installed base, experience, and tools
• The installed base of Modbus devices is substantial, so is the experience in their deployment
and the availability of monitoring/debugging tools.
www.engbookspdf.com
Modbus Protocol 10-5
Client Client
Server
Server
www.engbookspdf.com
10-6 Field Area and Control Networks
Code Data
www.engbookspdf.com
Modbus Protocol 10-7
The failure of a function code processing is signaled by returning the OR-ing of 0x80 with the func-
tion code value of the request in the same code field in the response. In this case, the returned value is
called an exception.
The code field size is 1 octet. Exceptions are easy to detect as the code field value will have its high bit
turned on.
Table 10.2 summarizes the usage of the code field.
www.engbookspdf.com
10-8 Field Area and Control Networks
Figure 10.7 shows a broadcast on a network having three servers. Only a subset of the possible actions
can be performed via a broadcast, as detailed later, since there is no response.
Figure 10.8 shows a unicast with successful processing, returning a normal response.
Figure 10.9 shows a unicast with unsuccessful processing, returning an exception response.
Client Servers
Initiate request
Client Server
Initiate request
Client Server
Initiate request
www.engbookspdf.com
Modbus Protocol 10-9
Request sent in
broadcast mode/
turnaround delay Idle End of error processing
is started
Waiting End of response processing
turnaround Request sent to a
delay server/ Processing
response time- response
Turnaround delay out is started Improper response
expiration
Response reception [Expected server]/
Waiting for response time-out is stopped
Response reception response Processing
[Unexpected server] Response time-out expiration error
www.engbookspdf.com
10-10 Field Area and Control Networks
www.engbookspdf.com
Modbus Protocol 10-11
Modbus access
Discretes
Input registers
Holding
registers
Modbus access
Discretes
R
W
Coils Modbus request
R
Input registers
W
Holding
registers
www.engbookspdf.com
10-12 Field Area and Control Networks
The network is a serial bus, with only one client at a time on it, by configuration.* An RS485 network
is shown in Figure 10.15 and an RS232 network is shown in Figure 10.16.
The addressing of a server by a client is fully accomplished using the unit ID previously described
in Section 10.2.3.2. There can be up to 247 servers on the network; each must have a unique unit ID
between 1 and 247. RS232 is a point-to-point network; the unit ID, even if not needed, is still required.
The messaging is performed exchanging APDUs (Figure 10.6, but augmented with error checking as
will be shown shortly).
The state machines described in Section 10.2.4.2 are in effect, with a specialization of the improper
response and improper request.
* In the RS485 case, there could be more than one client on the bus, but something must ensure, at the application above
the Modbus protocol, that only one is active at a time, across a complete client/server interaction, the synchronization
between the clients may be complicated.
www.engbookspdf.com
10-14 Field Area and Control Networks
www.engbookspdf.com
Modbus Protocol 10-15
Client
Client Server
For the client state machine, the improper response is a response with a frame error, and such a
response is just dropped.
For the server state machine, the improper request is either a frame error or a request not addressed to
the server, and in both cases, the request is dropped.
The unicast interaction is illustrated in Figure 10.17.
The broadcast interaction, obtained with unit ID = 0 for selected function codes as from Table 10.4,
is illustrated in Figure 10.18.
Client
Request
Response
Client
Request
www.engbookspdf.com
10-16 Field Area and Control Networks
www.engbookspdf.com
Modbus Protocol 10-17
The format for each character on the wire (11 bits) in RTU mode is as follows:
Coding System
8-bit binary
Two hexadecimal characters (0–9, A–F) contained in the 8-bit field of the character on the wire.
Bits per Character on the Wire
1 start bit
8 data bits, least significant bit (LSB) sent first
1 bit for even/odd parity, no bit for no parity
1 stop bit if parity is used; 2 bits if no parity
Even parity is required, other modes (odd parity, no parity) may also be used. In order to ensure a
maximum compatibility with other products, it is recommended to support also the no parity
mode. The default parity mode must be even parity. The format with parity checking is shown
in Figure 10.21.
Error Check Field
CRC
How Characters on the Wire Are Transmitted Serially
Each character on the wire is sent in this order (left to right): LSB to most significant bit (MSB)
Devices may accept by configuration both even or odd parity checking and no parity checking. If no
parity is implemented, an additional stop bit is transmitted to fill out the character on-the-wire frame.
The format without parity checking is shown in Figure 10.22.
Figure 10.23 shows the RTU message frame, complete of CRC (CRC low, CRC high).
The maximum size of the Modbus RTU frame is 256 octets.
www.engbookspdf.com
10-18 Field Area and Control Networks
3.5 char
at least 3.5 char at least 3.5 char 4.5 char
Modbus message
In the RTU mode, message frames are separated by a silent interval of at least 3.5 character (on the
wire) times. In the following sections, this time interval is called t3.5, and it is shown in Figures 10.24
and 10.25.
The entire message frame must be transmitted as a continuous stream of characters.
If a silent interval of more than 1.5 character (on the wire) times occurs between two characters
on the wire, the message frame is declared incomplete and should be discarded by the receiver. See
Figure 10.26.
Please consult the Modbus over serial line specification at www.Modbus.org for more details on
timing, on various checks, and on the CRC.
www.engbookspdf.com
Modbus Protocol 10-19
While there are time-outs involved, the ASCII transmission mode identifies the transmission element
boundaries based on character values.
The format for each character on the wire (10 bits) in ASCII mode is as follows:
Coding System
Hexadecimal, ASCII characters 0–9, A–F
One hexadecimal character contained encoded 7-bit ASCII character in the 7-bit field of the
character on the wire.
Bits per Character on the Wire
1 start bit
7 data bits, LSB sent first
1 bit for even/odd parity; no bit for no parity
1 stop bit if parity is used; 2 bits if no parity
Even parity is required; other modes (odd parity, no parity) may also be used. In order to ensure
a maximum compatibility with other products, it is recommended to support also no parity
mode. The default parity mode must be even parity. The format with parity checking is shown
in Figure 10.27.
Error Check Field
Longitudinal redundancy check (LRC)
How Characters on the Wire Are Transmitted Serially
Each character on the wire is sent in this order (left to right): LSB to MSB
Devices may accept by configuration both even or odd parity checking and no parity checking. If no
parity is implemented, an additional stop bit is transmitted to fill out the character on-the-wire frame.
The format without parity checking is shown in Figure 10.28.
www.engbookspdf.com
10-20 Field Area and Control Networks
The allowable characters transmitted for all other fields are hexadecimal 0–9, A–F (ASCII coded).
The devices monitor the bus continuously for the colon character. When this character is received, each
device decodes the next character until it detects the end of frame.
Intervals of up to one second may elapse between characters within the message. If a greater interval
occurs, the receiving device assumes that an error has occurred.
A typical ASCII message frame is shown in Figure 10.29.
Remark: Each data octet needs two characters for encoding. Thus, to ensure compatibility at the
Modbus application level between ASCII mode and RTU mode, the maximum data size for the ASCII
data field (2 × 252) is twice the maximum data size for the RTU data field (252).
Consequently, the maximum size of a Modbus ASCII frame is 513 characters.
Please consult the Modbus over serial line specification at www.Modbus.org for more details on vari-
ous checks and on the LRC.
The official specification will also provide information about the physical layer.
10.4 Modbus/TCP
10.4.1 General
This section describes Modbus/TCP in general and the client/server encapsulation when the transport
layer is TCP/IP. Figure 10.30 shows the Modbus/TCP stack and Table 10.8 shows the positioning with
respect to the OSI layers.
The material presented in this section does not contain all the details of the Modbus protocol.
The authoritative specifications are publicly available and can be found at the web-based community
www.Modbus.org.
Modbus on TCP
TCP
IP
Physical layer
www.engbookspdf.com
10-22 Field Area and Control Networks
A client requests a service on the set of its addressable servers with the help of the transaction ID,
managed (created and destroyed) by the client. The transaction mechanism is exposed at the application
layer due to the client/server possibility of having more than one outstanding request at a time, with the
consequent need to properly associate requests and confirmations. It also controls the maximum num-
ber of such requests, which could be 1. The capabilities of a client/server application layer client depend
on lower layers and on the particular implementation; these factors are captured in the configuration of
the transaction mechanism allowing programmatic adaptation.
10.4.5 Protocol ID
The protocol ID must be 0.
Note 1: All other protocol IDs are reserved.
www.engbookspdf.com
Modbus Protocol 10-23
Idle
Wait
www.engbookspdf.com
10-24 Field Area and Control Networks
Instantiate a MB
transaction
[Transaction available]
Initialize the
transaction
Encode the MB
request PDU
Encode the
MBAP header
Send a Send MB
negative request to TCP
confirmation to Mgt
the user
application
10.4.11.1.2 TCP-NODELAY
Small packets (called tinygrams) are normally not a problem on Local Area Networks (LANs), since
most LANs are not congested, but these tinygrams can lead to congestion on wide-area networks.
A simple solution, called the Nagle algorithm, is to collect small amounts of data and send them in a
single segment when the TCP acknowledgments of a previous packet arrive.
www.engbookspdf.com
Modbus Protocol 10-25
Use MB transaction to
bind with the request
Discard
response
[Modbus_protocol] [Other_protocol]
Analyse response
PDU
Send positive
confirmation to user
application
Wait
In order to have better behavior, it is recommended to send small amounts of data directly without
trying to gather them in a single segment. That is why it is recommended to force the TCP-NODELAY
option that disables the Nagle algorithm on client and server connections.
10.4.11.1.3 SO-REUSEADDR
When a server closes a TCP connection initialized by a remote client, the local port number used for
this connection cannot be reused for a new opening while that connection stays in the time-wait state
(during two maximum segment lifetime [MSL]).
It is recommended to specify the SO-REUSEADDR option for each client and server connection to
bypass this restriction. This option allows the process to assign itself a port number that is part of a con-
nection that is in the two MSL wait for client and listening socket.
10.4.11.1.4 SO-KEEPALIVE
By default on the TCP/IP protocol, there are no data sent across an idle TCP connection. Therefore, if no
process at the ends of a TCP connection is sending data to the other, nothing is exchanged.
Under the assumption that either the client application or the server application uses timers to detect
inactivity in order to close a connection, it is recommended to enable the KEEPALIVE option on both
client and server connections in order to poll the other end to know its status.
www.engbookspdf.com
10-26 Field Area and Control Networks
Idle
[Server init]
[Response from user application]
[Invocation user application done] Wait
Nevertheless, it must be considered that enabling KEEPALIVE can cause perfectly good connections
to be dropped during transient failures and that it consumes unnecessary bandwidth if the keep-alive
timer is too short.
www.engbookspdf.com
Modbus Protocol 10-27
Parse the
MBAP header
Parse The MB
PDU
[Error on MB PDU]
MB Transaction
refused
[OK]
MB Transaction
accepted
TCP manages a dynamic estimation of the RTO. For that purpose, a round-trip time (RTT) is mea-
sured after the sending of every packet that is not a retransmission. The RTT is the time taken for a
packet to reach the remote device and to get back an acknowledgment to the sending device. The RTT
of a connection is calculated dynamically; nevertheless, if TCP cannot get an estimate within 3 s, the
default value of the RTT is set to 3 s.
If the RTO has been estimated, it applies to the sending of the next packet. If the acknowledg-
ment of the next packet is not received before the estimated RTO expiration, the exponential backoff
(detailed below) is activated. A maximum number of retransmissions of the same packet are allowed
during a certain amount of time. After that if no acknowledgment has been received, the connection
is aborted.
Some TCP/IP stacks allow the setup of the maximum number of retransmissions and the maximum
amount of time before the abort of the connection.
Some retransmission algorithms are defined in TCP IETF RFCs and other papers:
Jacobson’s RTO estimation algorithm is used to estimate the RTO.
Karn’s algorithm says that the RTO estimation should not be done on a retransmitted segment.
The exponential backoff defines that the RTO is doubled for each retransmission with an upper
limit of 64 s.
The fast retransmission algorithm allows retransmitting after the reception of three duplicate
acknowledgments. This algorithm is advised because on a LAN it may lead to a quicker detec-
tion of the loss of a packet than waiting for the RTO expiration.
www.engbookspdf.com
10-28 Field Area and Control Networks
Transaction_accepted Response_from_user_App
Response
Analyse
processing
requested service
Local service
processing Send an invocation to [Completed]
User Application
through MB Backend
interface
[Processing OK]
The use of these algorithms is recommended; they are described in TCP/IP Illustrated, Volume 2, Gary
R. Wright and W. Richard Stevens, which also points to the original sources.
www.engbookspdf.com
Modbus Protocol 10-29
10.5.2 Interpretation
When using this method, the gateway is knowledgeable about Modbus and the other protocol, or about
Modbus on different stacks, and manages services and activities on both protocols, essentially by mapping
activities. An example is the aforementioned Modbus/TCP to Modbus serial gateway or various BACnet
to Modbus gateways.
10.5.3 Mappings
When using this method, two protocols share a memory mapping, where both can read and write or
communicate activities/commands. Examples are the Sunspec Alliance to Modbus register mapping
and the Wireless Cooperation Team (WCT) WirelessHART to Modbus register mapping. Once the
mapping is agreed, it is very easy to write a Modbus client that can access the other protocol’s informa-
tion with no need to know anything about the other protocol.
CIP profiles
Modbus stack
EtherNet CompoNet ControlNet DeviceNet
(TCP and
stack stack stack stack
serial link)
FIGURE 10.39 Modbus integration into CIP through the Modbus translator.
www.engbookspdf.com
10-30 Field Area and Control Networks
CIP originator
Modbus
translator
Modbus
stack
Modbus messages
Modbus
server
device
The details of the Modbus translator are located in Volume 7 of the CIP Networks Library. Volume 7
is titled Integration of Modbus Devices into the CIP Architecture and is governed by the ODVA.
A Modbus translator houses the Modbus translation functionality used for the bridging. A Modbus
translator can be located in a CIP originator (which is a client device as shown in Figure 10.40) or as
a stand-alone device (sometimes referred to as a router as shown in Figure 10.41) or embedded in a
device between the device’s Modbus functionality and the CIP network (called a CIP device with native
Modbus as shown in Figure 10.42).
The CIP originators receive the downstream Modbus data in the CIP format consistent with the
CIP communication model. The CIP originator communicates with a CIP device, and the Modbus
functionality is hidden from the CIP originator through the translation function. A Modbus translation
function for Modbus/TCP in a dual IP stack is shown in Figure 10.43.
The Modbus translation function performs the translation between the CIP protocols and the
Modbus protocols. An example of a CIP service request that is processed by the Modbus translator is
shown in Figure 10.44.
The CIP network views the Modbus devices as CIP devices, while the Modbus devices view the com-
munication as though it is from a Modbus device. The Modbus translation function housed in a Modbus
translator that sits between the CIP network and the Modbus network allows this seamless communi-
cation. Any existing Modbus serial link server device or Modbus/TCP server device can communicate
with a CIP network using the Modbus translator.
Throughout the integration of Modbus into the CIP environment, care was taken to ensure that
the impact to the CIP originator devices was minimized. There was no impact to existing CIP target
devices. Equally important, there was no impact to existing Modbus devices. Furthermore, exist-
ing vendor-specific CIP to Modbus gateway products can continue to work without any changes to
these devices.
www.engbookspdf.com
Modbus Protocol 10-31
CIP
originator
Modbus Network
(Modbus/TCP, Modbus
CIP Network Serial, etc.)
CIP
(EtherNet/IP,
messages Modbus messages
DeviceNet, etc.)
Modbus
Modbus server
stack device
CIP
routing
Modbus
translator
Standalone “Router”
CIP
originator
CIP Network
(EtherNet/IP, CIP
DeviceNet, etc.) messages
Modbus
translator
Modbus
server device
FIGURE 10.42 A Modbus translator embedded in CIP device where the CIP device has native Modbus
functionality.
www.engbookspdf.com
10-32 Field Area and Control Networks
The Application
The Application Application functions
can send CIP
can send CIP
messages to
messages to
Modbus/TCP
native EtherNet/IP Object libraries devices via the
devices
modbus translator
Connection Modbus
Management translator
Modbus/TCP
EtherNet/IP
EtherNet/IP Modbus/TCP
messages messages
EtherNet cabling
FIGURE 10.43 Diagram of the Modbus translation function in a dual EtherNet/IP and Modbus/TCP stack
implementation.
Modbus Modbus/TCP
Translator Server Device
CIP open connection
Open TCP connection
Modbus response
CIP reply
FIGURE 10.44 Sequence diagram of typical communication between a CIP originator and Modbus server
(target) device through a Modbus translator.
www.engbookspdf.com
Modbus Protocol 10-33
Simply explained, the Modbus translator translates CIP object service requests into Modbus
messages. The Modbus translator can be implemented inside a CIP originator or a CIP router or in a CIP
device with native Modbus addressing if desired. This allows for efficient engineering design. CIP object
service requests are delivered to the Modbus translator where the translator interprets these service
requests, maps the service requests to Modbus function codes, and generates Modbus transactions. For
efficient operation, the Modbus object was created inside the CIP library of objects. The Modbus object
is structured to better expose CIP services to Modbus functionality and to allow Modbus responses
to be easily placed into the CIP object format. For best operation, the CIP originator uses the Modbus
object as the basis for communication to the Modbus translator. The translator sends the appropriate
function code(s) (reads and writes) to the Modbus devices, which the translator is servicing. CIP com-
munication uses two forms of messaging called explicit messaging and implicit messaging. The Modbus
translator can handle both forms of CIP communication, each being turned into Modbus requests to the
Modbus devices. The Modbus responses to the translator are formatted into the appropriate CIP object
service replies and sent to the CIP originator.
To ease configuration, CIP uses electronic data sheet (EDS) files with CIP configuration tools.
Modbus devices can help improve the access by the CIP network to the Modbus device by providing
an EDS file for the Modbus device. In order to facilitate the use of EDS files with Modbus devices, a
generic Modbus EDS file was created. The generic Modbus EDS file is formatted to walk the Modbus
user that is not familiar with CIP through the process of creating a meaningful Modbus device EDS
file containing the significant features of the Modbus device. The CIP network manager can use this
Modbus EDS file to tailor the CIP objects and services including the Modbus object that provides an
interface to the Modbus translator to provide the best and most efficient communication to and from
that Modbus device.
Modbus integration into the CIP environment is targeted at developers of CIP originators and
at developers of CIP router devices who wish to implement the Modbus translator directly into
their CIP originators and routers. The integration is also targeted to Modbus device vendors who
wish to understand how their device can be utilized by a Modbus translator. The Modbus vendor
through the Modbus translator can access new markets where CIP protocols are the basis for network
communication.
This integration does not require a Modbus device to support specific Modbus function codes
since Modbus devices may not share a common set of function codes. There are recommended
Modbus function codes that a Modbus device supports to allow for the best communication through
a Modbus translator. The recommended Modbus function codes are read holding registers (FC 03),
write multiple registers (FC 16), read/write multiple registers (FC 23), and read device identification
(FC 43/14). Using these four function codes allows for the most efficient communication between
CIP originator and a Modbus device. Vendors designing new Modbus products or updating existing
Modbus products are encouraged to support the four recommended Modbus function codes for best
integration with CIP.
In the Modbus device, it is recommended to minimize address fragmentation when possible.
Minimization of address fragmentation in the Modbus device aids communication from CIP network.
The work in the Modbus translator is reduced and fewer Modbus transactions are needed to accomplish
particular data exchanges.
The CIP and Modbus protocol specifications differ in the architecture, features, and operations they
define. For example, the CIP protocol defines time-outs, data refresh/consumption rates, and message
sequence numbers, while the Modbus protocol does not. The Modbus translator does not manage these
differences between the two protocols. Some of these protocol differences can be mitigated using con-
figuration techniques to tailor the communication system to the application.
For example, the CIP protocol uses a refresh rate to allow for communication timing differ-
ences on a CIP network or to accommodate differences in target device performance. Modbus does
not define a refresh rate. In order for the CIP device to work best with the Modbus target device,
www.engbookspdf.com
10-34 Field Area and Control Networks
it is important that the CIP refresh rate is not faster than the speed at which the Modbus target
device can consume or process a corresponding write. Since the Modbus translator does not man-
age the refresh rate of CIP or the write processing time of the Modbus target device, it is possible to
have multiple pending writes from the CIP network to the corresponding Modbus target device on
the Modbus network.
To maintain proper ordering of CIP messages, CIP uses a sequence number on each message.
Modbus/TCP uses a similar feature called the Modbus transaction ID. There is no correlation between
the CIP sequence number and the Modbus/TCP transaction ID.
The CIP and Modbus protocols transmit multibyte data elements differently on the wire. The Modbus
protocol uses big-endian encoding and the CIP protocol uses little-endian encoding. The Modbus trans-
lator will handle the byte swapping between the CIP originator and the Modbus devices.
Changes were made to the CIP protocol to accommodate the Modbus translation function of the
Modbus translator. As stated earlier, these changes were kept to a minimum. The changes are as
follows:
• Two new port types were added to the CIP port object. The first is the Modbus/TCP port and the
second is the Modbus/SL port.
• A Modbus/TCP port is indicated in the CIP port object as Modbus/TCP and the CIP
semantic number in the object is 201.
• A Modbus serial link port is indicated in the CIP port object as Modbus/SL and has a CIP
semantic number of 202.
• The port name attribute of the CIP port object was updated to require that all CIP ports on the
same physical network have the same port name.
The Modbus protocol is managed and administered by the Modbus organization. Even though Volume
7 of the CIP Networks Library is administered by the ODVA, the ODVA only governs the Modbus trans-
lator and the Modbus translation function. The Modbus protocol is independent of the ODVA, which
remains solely the property of Modbus.
10.8 Conformance
Modbus.org provides conformance tests; see www.Modbus.org.
www.engbookspdf.com