Introduction to Modbus TCP/IP

This section goes on to describe Modbus TCP/IP and its basic operation. In the last few years it has become accepted in industry that the same components and technological principles that provide worldwide connectivity to office workstations and personal computers can also be used for distributed control and, to an extent, automation of factory line machines and PLC’s (programmable logic controllers).

Modbus/TCP is a communications protocol for automation equipment. It is a derivative of the almost universal MODBUS protocol primarily used to build point-to-point data acquisition and supervision arrangements between control devices and sensor/actuators over RS232 serial ports.

In the Modbus/TCP variant, instead of having a dedicated cable between the client (master) and server (slave), an Internet standard TCP ‘connection’ is used instead. A single device may have many such connections active at the same instant, some acting in the role of client, some acting in role of server. These connections may be established and broken on a repetitive and continual basis, or they may be left active for long periods. However they are always broken down and re-established as a method of investigating and recovering from disruptions such as those caused by power failure or loss of communication with other components.

The standard TCP frame is changed to incorporate a Modbus frame that gives information such as the address of the target device, a function code and whatever data is being transmitted. This is a connection-oriented transaction, which means every query expects a response.

Modbus TCP/IP

A diagram to illustrate this:


This query/response technique fits well with the master/slave nature of Modbus, adding to the deterministic advantage that Switched Ethernet offers industrial users. The use of OPEN Modbus within the TCP frame provides a totally scaleable solution from ten nodes to ten thousand nodes without the risk of compromise that other multicast techniques would give.

IP Aaddressing of Modbus TCP/IP

The Modbus/TCP addressing model is almost identical to that used for other Internet services such as e-mail or file transfers. A destination is selected by nominating its IP address, either in dotted decimal form (e.g. or as a host name using the Domain Name Service (DNS).

The computers receiving the ‘call’ differentiate a request for Modbus service from other services by the TCP port number used as part of the target address. As with Web email servers, the target device cannot tell whether it has been selected by numeric address or by DNS lookup. Both styles of selection will appear to be numeric.

This has significant implications on the stability of addresses needed for automation equipment, and is the primary reason why Dynamic Host Configuration Protocol (DHCP) is inappropriate for automation use as static addressing allows for easier trace-ability of devices.

Performance of a Modbus TCP/IP System

Performance of a modbus TCP/IP system is dependant on roughly two things, namely the hardware being used and the network it is being run on. If the modbus system is being run over the Internet then it is difficult to get better than typical Internet response times.

While this may be suitable for some tasks, say maintenance and de-bugging, many companies do not use this technique as this offers little range in functionality due to the slower response times. Most companies run their modbus system over their own dedicated networks. These networks are often high-performance Intranets with high-speed Ethernet switches to guarantee performance.

One of the factors hindering Ethernet’s adoption as an automation network was its apparent inability to guarantee response times. The ‘exponential back off’ built into the Ethernet media access control mechanism leads to rapidly increasing retry delays in the event of simultaneous transmission by 2 stations.

These delays can occasionally reach hundreds of milliseconds on general networks unless restrictions were imposed. Switches are sometimes deployed in specific points in the network to split up bulk data transport devices and important fast response devices and traffic. This allows fewer collisions and decreases the effect of workstations exponentially backing off thereby improving response times.

The Future?

Some companies now are working towards designing a high-performance, reliable wireless modbus server to allow even more remote locations to be accessible. A company called elite has developed a wireless system with a 300m nominal range which can control up to 256 remote relays and has built in features to ensure its continual operation such as UPS (uninterruptible power supply and ESD (electrostatic discharge) protection. Many regard this as a potentially useful tool while others are not sure in its reliability and its performance under large data transfers.