Industrial Networks & Databases

Industrial Networks & Databases - Device Bus - - Field Bus - - Data Bus - Recall An Industrial Communication Network (control network) - any group of devices (computers, controllers, meters etc.) working in a peer-to-peer fashion to monitor sensors, control actuators, communicate reliably, manage network operation, and provide complete access to network data. Type of LAN (Local Area Network) with a greater demands on reliability, immunity to interference and determination (knowledge of response time). A communications protocol is the set of standard rules for data representation, signaling, authentication and error detection required to send information over a communications channel. 2 1

Modbus Protocol MODBUS protocol is a messaging structure created by MODICON company (now part of Schneider Electric concern) in 1979 to connect PLC to programming tools. Today, this protocol is mainly used to set up master/client type communications with slaves/servers between intelligent devices. MODBUS is independent of the physical layer. It can be implemented on RS232, RS422, or RS485 links as well as on a wide variety of other media (e.g.: optical fibre, radio, etc.). 3 Modbus serial link and the OSI model MODBUS on a serial link is operating at 1200 to 56 Kbps with a master/slave access method. 7 APPLICATION Modbus 6 PRESENTATION EMPTY 5 SESSION EMPTY 4 TRANSPORT EMPTY 3 NETWORK EMPTY 2 LINK Master/Slave 1 PHYSICAL RS485 4 2

Modbus ASCII and RTU The MODBUS protocol comes in 2 versions : ASCII transmission mode Each eight-bit byte in a message is sent as 2 ASCII characters. RTU transmission mode Each eight-bit byte in a message is sent as two four-bit hexadecimal characters. The main advantage of the RTU mode is that it achieves higher throughput. ASCII mode allows time intervals of up to 1 second to occur between characters without causing an error. 5 Modbus Frame Structure The Modbus frame structure is the same for requests (master to slave messages) and responses (slave to master messages). Modbus RTU silence Address Data Checksum silence Silence >= 3,5 characters Modbus ASCII : Address Data Checksum CR LF 3A Hex 0D Hex 0A Hex 6 3

Modbus Address Field Address Data Checksum Valid slave device addresses are in the range of 0... 247 decimal. The individual slave devices are assigned addresses in the range of 1... 247. Value 0 is reserved for broadcast messages (no response). Request : A master addresses a slave by placing the slave address in the address field of the message. Response : When the slave sends its response, it places its own address in this address field of the response to let the master know which slave is responding. 7 Modbus Field Address Data Checksum Valid codes are in the range of 1... 255 decimal. Request : The function code field tells the slave what kind of action to perform. 0000 0011 (Hexadecimal 03) Response : For a normal response, the slave simply echoes the original function code. 0000 0011 (Hexadecimal 03) For an exception response, the slave returns a code that is equivalent to the original function code with its most significant bit set to a logic 1. 1000 0011 (Hexadecimal 83 8 4

Modbus Field Code 01 (0x01) Read n consecutive output bits 02 (0x02) Read n consecutive input bits 03 (0x03) Read n consecutive output words 04 (0x04) Read n consecutive input words 05 (0x05) Write 1 output bit 06 (0x06) Write 1 output word 07 (0x07) Read exception status 08 (0x08) Access diagnostic counters 15 (0x0F) Write n output bits 16 (0x10) Write n output words 23 (0x17) Read/Write n output words 43 (0x2B) Read identification The complete description of all Modbus request is freely available on the Modbus.org web site : http://www.modbus.org And also: http://kss.ia.polsl.pl/ (materials to IN&D) 9 Modbus Data Field Address Data Checksum Valid codes are in the range of 0... 255 decimal. Request : The data field contains additional information which the slave must use to take the action defined by the function code. This can include items like register addresses, quantity of items to be handled, etc... Response : If no error occurs, the data field contains the data requested. If an error occurs, the field contains an exception code that the master application can use to determine the next action to be taken. 10 5

Code 01 02 03 04 05 06 07 08 Modbus Data Field A possible exception codes: Name ILLEGAL FUNCTION ILLEGAL DATA ADDRESS ILLEGAL DATA VALUE SLAVE DEVICE FAILURE ACKNOWLEDGE SLAVE DEVICE BUSY NEGATIVE ACKNOWLEDGE MEMORY PARITY ERROR Meaning The function code received in the query is not an allowable action for the slave. If a Poll Program Complete command was issued, this code indicates that no program function preceded it. The data address received in the query is not an allowable address for the slave. A value contained in the query data field is not an allowable value for the slave An unrecoverable error occurred while the slave was attempting to perform the requested action. The slave has accepted the request and is processing it, but a long duration of time will be required to do so. This response is returned to prevent a timeout error from occurring in the master. The master can next issue a Poll Program Complete message to determine if processing is completed. The slave is engaged in processing a long duration program command. The master should retransmit the message later when the slave is free. The slave cannot perform the program function received in the query. This code is returned for an unsuccessful programming request using function code 13 or 14 decimal. The master should request diagnostic or error information from the slave. The slave attempted to read extended memory, but detected a parity error in the memory. The master can retry the request, but service may be required on the slave device. 11 Modbus Checksum Field Address Data Checksum Valid codes are in the range of 0... 255 decimal. Modbus RTU uses CRC : Modbus ASCII uses LRC : Cyclical Redundancy Check (2 byte) Longitudinal Redundancy Check (1 bytes) Request : The checksum is calculated by the master and sends to the slave. Response : The checksum is re-calculated by the slave and compared to the value sent by the master. If a difference is detected, the slave will not construct a response to the master. 12 6

Modbus Error Checking Methods Parity checking Even or odd can be optionally applied to each character. Frame checking LRC or CRC is applied to the entire message. Continuous stream The entire message frame must be transmitted as a continuous stream. If a silent interval (more than 1.5 character times RTU mode or 1 second ASCII mode) occurs before completion of the frame, the receiving device flushes the incomplete message and assumes that the next byte will be the address field of a new message. 13 Modbus Error Checking Methods The master is configured by the user to wait for a predetermined timeout interval before aborting the transaction. This interval is set to be long enough for any slave to respond normally. If the slave detects a transmission error, the message will not be acted upon. The slave will not construct a response to the master. Thus the timeout will expire and allow the master's program to handle the error. 14 7

Modbus Frame Exemple in RTU Mode code = 3: Read n words Request : 1 byte 1 byte 2 bytes 2 bytes 2 bytes Slave Address code = 3 First word address Number of words to read CRC16 Response : 1 byte 1 byte 2 bytes 2 bytes 2 bytes 2 bytes Slave Address code = 3 Number of bytes read Value of the first word Value of the last word CRC16 15 Modbus Frame Exemple in RTU Mode code = 6: Write one word Request : 1 byte 1 byte 2 bytes 2 bytes 2 bytes Slave Address code = 6 Word address Value of word CRC16 Response : 1 byte 1 byte 2 bytes 2 bytes 2 bytes Slave Address code = 6 Word address Value of word CRC16 16 8

Modbus Frame Exemple in RTU Mode code = 16 (decimal): Write n words Request : 1 byte 1 byte 2 bytes 2 bytes 1 byte 2 bytes 2 bytes Slave Address code = 16 First word address Number of Number of words to write bytes Value of the first word CRC16 Response : 1 byte 1 byte 2 bytes 2 bytes 2 bytes Slave Address code = 16 First word address Number of words to write CRC16 17 Modbus RS485 Physical Layer RS485 is the most common physical layer used on Modbus. The RS485 standard allows variants of different characteristics : polarisation line terminator distribution of a reference potential number of slaves length of the bus Maximum length of bus Maximum number of stations (without repeater) Maximum length of tap links Bus polarisation Line terminator Common polarity 120 Ω 1 nf Master D1 D0 Common 650 Ω Slave 1 Slave 2 1000 m at 19200 bps 32 (31 slaves) 20 m for one tap link 40 m divided by the number of tap links 650 Ω at 5V and common for the master 120 Ω - 0,25Wm in series with 1nF 10V Yes (Common) connected to the PG 5 V 650 Ω 18 120 Ω 1 nf 9

Modbus RS485 Physical Layer Topology: Bus with line terminations Maximum distance: 1300 m without repeater Data rate: 19200 bits/s maximum Max. no. of devices: 32 master included Method of accessing the medium: Master - slave Transmission method: Messaging Max. useful data size: 120 words Transmission security: LRC or CRC Start and stop delimiters Parity bit Continuous stream 19 Modbus Application Example The XXMIT (Transmit) function block sends Modbus messages from a master PLC to a slave PLC or sends ASCII character strings from the PLC s Modbus serial port#1 (on Momentum PLCs port#2 is also supported) to ASCII printers and terminals. XXMIT sends these messages over telephone dialup modems, radio modems, or simply direct connections. This EFB can be found in the COMM library in the RTU subgroup. Remember, the Modbus protocol is a master/slave protocol. Modbus is designed to have only one master polling multiple slaves. Therefore, when using the XXMIT block in a network with multiple masters, contention resolution and collision avoidance is your responsibility and may easily be addressed through user logic programming. 20 10

Modbus Application Example The following Modbus Master operation is a read request to a slave device connected to port 1 of the master: read slave s 4:0001 to 4:00010 into local 4:00011 to 4:00020 The Slave must be set up with the following port parameters: 9600 baud 8 data bits 1 stop bit even parity (2) Variable Name StartModbusMstr ModbusMstrActive ModbusMstrCommand ModbusMstrDone Data Type BOOL BOOL WORD BOOL Initial Value 16#0100 Bit 8 set Comment ModbusMstrError BOOL The Master uses settings from the XXMIT function block ModbusMstrSettings ModbusMstrSettings[1] ModbusMstrSettings[2] ModbusMstrSettings[3] ModbusMstrSettings[4] ModbusMstrSettings[5] ModbusMstrSettings[6] WordArr9 3 10 X 1 11 Modbus Code: Read multiple registers Amount of Registers to read Slave Modbus address Source register Destination Register not used ModbusMstrStatus INT ModbusMstrNode WORD Enter Slave address ModbusMstrErrorCounter INT ModbusMstrDoneCounter INT 21 Strengths - Weaknesses Strengths Weaknesses Low implementation cost Number of devices connected in the world A program has to be written in order to access a variable Relatively slow Level of integration in PLC software No direct communication from slave to slave 22 11

Modbus Plus MODBUS PLUS is an industrial networking system that uses token-passing peer-topeer communications at data transfer rates of one megabits per second; uses the MODBUS messaging structure. 7 APPLICATION Modbus 6 PRESENTATION EMPTY 5 SESSION EMPTY 4 TRANSPORT EMPTY 3 NETWORK EMPTY 2 LINK 802.4 Token passing 1 PHYSICAL RS485 23 Modbus Plus Flexibility Data communications Modbus compatibility enhances application solutions High speed host and operator interface connectivity Event driven peer to peer communications Reliable interlocking between controllers makes distributed control easy Bridges and repeaters allow flexible architectures Connectivity with complementary ModConnect products Programming Upload, download, and verify programs Up to eight programmers on a network enhances productivity I/O Servicing with Quantum DIO and Momentum I/O 24 12

Modbus Plus Specifications Deterministic token passing bus Based on the de facto industry standard Modbus protocol 1 Megabits/Second network speed CRC-16 error detection Number of nodes 32 without repeaters 64 with repeater(s) Choice of media 1,500 to 6,000 on inexpensive shielded twisted pair 9,000 to 45,000 on noise immune fiber optics 25 Modbus Plus Terminology Network: The grouping of nodes on a common signal path that is accessed by the passing of a token. It consists of one or more cable sections Section: A series of nodes that are joined only by cable segments. The section s signal path does not pass through any kind of node device. Sections are all part of one network, sharing the same token and address sequence. In example above, the Repeater joins two sections. Each section can be up to 450 m long, and can contain up to 32 physical node connections. 26 13

Modbus Plus Terminology Cable Segment: A single length of trunk cable between two taps. Taps are passive devices that provide connections for the trunk cable segments. The cable connection between the nodes at addresses 10 and 5 is through one cable segment. Another cable segment connects nodes 5 and 64. The minimum cable length between any pair of nodes must be at least 3 m. The maximum cable length between two nodes is the same as the maximum section length of 450 m. Node: Any device that is physically connected to the Modbus Plus cable. The term applies to any device, whether it is addressable or not. Some nodes, like programmable controllers, have addresses and can serve as sources or destinations for messages. The Bridge Plus is a separately addressable node on each of its two networks. The Repeater is a node on each of two sections, but has no address, serving only to extend the network. 27 Modbus Plus Terminology Token: A grouping of bits that is passed in sequence from one device to another on a single network, to grant access for sending messages. If two networks are joined by a Bridge Plus, each network has its own token that is passed only among the devices on that network. 28 14

Modbus Plus - Installation Nodes are connected to the cable by means of a tap device, supplied by Modicon. This provides through connections for the network trunk cable, drop connections for the cable to the node device, and a grounding terminal. The tap also contains a resistive termination that is connected by two internal jumpers. The tap at each end of a cable section requires both of its jumpers to be connected to prevent signal reflections. All of the taps that are inline on the cable section require their jumpers to be removed (open). MB+ TAP Modbus Plus Trunk Cable MB+ Drop Cable 29 Why is Modbus Plus compatible with Modbus? Modbus, the de facto industry standard since 1979 Master/slave polling protocol 19.2 kbaud maximum speed Supports up to 247 devices on a single network Read/write, programming commands Modbus can run over virtually any media enabling a wide range of applications RS-232, RS-422, RS-485 Copper, infra-red, radio, telephone lines, microwave, spread spectrum... Any device with a serial port can implement Modbus Built into every Modicon controller Integrated into products from over 300 industrial suppliers 30 15

How is Modbus Plus compatible with Modbus? Modbus Plus supports full Modbus Protocol including read/write and programming Quantum, Compact, and 984 controllers have built-in Modbus to Modbus Plus Bridge BM 85 Bridge Mux Attach four individual Modbus master or slave devices, or entire Modbus networks Integrate existing Modicon 384s, 484s, 584s, 884s, 984s Magelis Modbus Modbus Plus BM 85 Modbus to Powermeter, Inductel, and Altivar 66 31 Modbus Plus Applications Three types of communication are available to the application program for exchanging messages between networked nodes: The MSTR function block can be used for transferring, reading and clearing statistics, and accessing the network s global database. The MSTR is a general function for transacting messages with any type of networked node. It is programmed into the user logic program of the controller. Peer Cop transfers can be used to move data both globally and with specific nodes. Such transfers are specified in the controller s Peer Cop table during its initial configuration. Distributed I/O transfers can be used to move data with DIO Drop Adapter nodes. Such transfers are specified in the controller s DIO Map table during its initial configuration. 32 16

Modbus Plus Applications Simple instructions for event driven communications MSTR function block (possible to select one of 12 available network communication operations) Read/write up to 100 registers Read/write the network global database Get/clear local/remote statistics Up to 4 MSTR blocks active on any scan, with automatic queuing for additional MSTRs Same MSTR block works on the native CPU or Quantum network option module ports Other function blocks: CREADREG: Continuous register reading CWRITREG: Continuous register writing READREG: Read register area once (rising edge of the REQ input) WRITEREG: Write register area once (rising edge of the REQ input) 33 Modbus Plus Routing Path Message Frame Routing Path Field START Routing Path Data END ROUTING ADDRESS 1 = 22 ROUTING ADDRESS 2 = 20 ROUTING ADDRESS 3 = 5 ROUTING ADDRESS 4 = 0 ROUTING ADDRESS 5 = 0 NODE 1 NODE 3 NODE 22 BRIDGE PLUS NODE 9 NETWORK A ZERO MEANS NO FURTHER ROUTING NODE 25 NETWORK B Each network has got its own token BRIDGE PLUS NODE 20 NODE 3 NODE 1 NODE 2 NODE 1 NODE 5 NETWORK C 34 17

Modbus Plus - Peer Cop Transactions Point to point data can be transacted while a node holds the token and during its token pass with Modbus Plus Peer Cop. Up to 500 words (16 bits each) can be directed to specific data references in node devices prior to release of the token, and up to 32 words can be globally broadcast to all nodes as part of the token frame. Nodes can be configured to send two kinds of Peer Cop data: Global Output Up to 32 words of data can be broadcast globally from each node to all nodes. Source data references are specified in the node configuration. Specific Output Up to 32 words of data can be transmitted to any specific node. Multiple node destinations can be specified, up to the maximum of 500 data words. Any nodes on the network can be specifically addressed as destinations. A unique block of references can be specified as the data source for each targeted node. 35 Modbus Plus - Peer Cop Transactions Nodes can be configured to receive two kinds of Peer Cop data: Global Input Up to 32 words of global data can be received by each node from each other node on the network. Destination references are specified in the receiving node s configuration. Up to eight blocks of references can be specified, giving up to eight separate destinations for the data received from each source node. The incoming data can be indexed to establish the starting point and length of each block of data to be extracted from the message and delivered to each destination. Specific Input Up to 32 words of data can be received from any specific node. Each node on the network can be specifically defined as a data source, up to the maximum of 500 data words. 36 18

Modbus Plus - Peer Cop Transactions Secure, configurable communications Data protection feature provides secure read only integrity Configure time critical communications with Peer Cop Read/write Global Database Broadcast up to 32 words out to all network nodes Pick from up to 2016 words in from other nodes Map inputs to whatever data type you like Map specific inputs and outputs between nodes Up to 32 words in and out per node Up to 500 words in and 500 words out per port Data length of outputs and node address of source controller must match with config table entries on the destination controller before data is moved to inputs Map inputs to whatever data type you like 37 Modbus Plus - Peer Copping Example Node # 1 Node #3 Specific Outputs 400001-400004 Specific Inputs 100001-100512 Global Data Out 401000-401020 Node #2 Specific Outputs 000001-000064 Specific Inputs 300001-300020 Global Data Out 401000-401020 Node #1 Specific Outputs 400001-400032 Specific Inputs 100001-100064 Global Data Out 400200-400231 Node # 3 Node #1 Specific Outputs 400101-400120 Specific Inputs 100001-100064 Global Data Out 400500-400510 Node #2 Specific Outputs 000001-000064 Specific Inputs 300001-300020 Global Data Out 400200-400231 Node # 2 Node #3 Specific Outputs 400001-400020 Specific Inputs 100001-100064 Global Data Out 400500-400510 38 19

Modbus Plus - Peer Cop Transactions Because Peer Cop data is transacted as part of the token pass, it applies to each network independently of any other networks that are part of the Modbus Plus system. Tokens are not exchanged between networks, because they are not passed through Bridge Plus devices. Each network maintains its own Peer Cop database, with its own system of global broadcasting and specific node addressing. 39 Modbus Plus Applications Modbus Plus has excellent performance Predictable performance As fast as hardwired I/O Typical token rotation time of 2 milliseconds per node Transfer of 100 registers per activation MSTR instruction Maximum network throughput of 20,000 registers/sec Network Throughput Reg/Sec per Node 10000 4 MSTR's Always On 8000 6000 4000 2000 0 2 4 10 20 30 Nodes 40 20

Modbus Plus Concept Example 41 Modbus Plus - Example of Architecture 42 21

Modbus Plus - Example of Architecture Modbus/RS232 MB+1 TAP1 XBT-P021010 BUDYNEK WIELOFUNKCYJNY Interbus -S 171CCC76010 172PNN21022 170ADO35000 170INT11000 170ADI35000 170INT11000 170AAI14000 170INT11000 170AAI14000 170INT11000 170ADM35010 DYSPOZYTORNIA ifix2.6 TAP2 Modbus Plus MB+2 Interbus -S MB+3 TAP3 171CCC76010 172PNN21022 170AAI14000 170INT11000 170ADI35000 170INT11000 170ADO35000 POMPOWNIA WODY SUROWEJ TAP4 MB+4 TSX3721 TSXMBP100 TSXMBPCE030 43 22