— The Mechanics of Communication
(Module 1 · Foundations – Understanding the Modbus Universe)
Learning Objectives
After completing this chapter you will be able to …
- Describe the canonical Modbus client–server architecture and its scheduling rules.
- Dissect any Modbus message into its two logical layers: PDU and ADU.
- Follow the entire request-→response transaction cycle in both serial (RTU/ASCII) and TCP networks, including framing gaps and timeouts.
- Apply correct addressing: slave IDs, broadcast ID 0, and the special Unit Identifier field used by gateways.
3.1 The Client-Server Model (a.k.a. Master-Slave)
3.1.1 Roles & Responsibilities
| Role | Obligations | Cannot do |
|---|---|---|
| Client (Master) | • Initiates every query• Manages timing & retries• Aggregates data from ≥1 servers | Receive unsolicited frames |
| Server (Slave) | • Waits silently• Executes request• Returns normal or exception response | Poll other devices |
▶ Tip Think of the client as a bus conductor: only it asks questions, validates tickets, and decides when to move on.
3.1.2 Medium Access Rules (Serial Bus)
- Only one client per RS-485 segment (strict).
- Up to 247 servers (addresses 1 – 247).
- Broadcast: address 0 — all servers act, none respond.
- Servers must wait a minimum 3.5 character times after the line becomes idle before treating the next byte as a new frame.
⚠ Pitfall Adding a second polling engine (e.g., a laptop with Modbus scanner) on the same serial trunk will corrupt traffic unless you implement arbitration outside the protocol.
3.1.3 Beyond One-Master Limits
- Multi-master token buses (e.g., Modbus Plus) rotate a hardware token; Modbus/TCP simply relies on Ethernet CSMA/CD and TCP sockets.
- Gateways can queue requests from multiple TCP clients and serialize them onto RS-485 while preserving timing gaps — but throughput collapses if you ignore inter-frame timing (see 3.3).
3.2 Message Anatomy — PDU vs ADU
Key idea: keep the Protocol-Data Unit (PDU) identical across all media; wrap it in a media-specific Application-Data Unit (ADU).
3.2.1 Protocol-Data Unit (PDU) — “What to do”
| Byte(s) | Name | Purpose |
|---|---|---|
| 1 | Function Code | Verb (read coils, write reg…) |
| N | Data | Address, length, payload, etc. |
Every PDU is stateless; it never contains the source-or-destination address.
3.2.2 Application-Data Unit (ADU) — “Who & how”
| Variant | ADU Fields (in order) | Error Check |
|---|---|---|
| RTU | Slave Addr (1) · PDU · CRC-16 (2) | CRC-16 (poly 0xA001) |
| ASCII | Start : · Slave Addr (2 ASCII) · PDU (ASCII) · LRC (2) · CR LF | LRC (8-bit) |
| TCP | MBAP Header (7) · PDU | TCP checksum (in IP) |
MBAP (Modbus-Application Protocol) Header
| Byte(s) | Field | Description |
|---|---|---|
| 0-1 | Transaction ID | Echoed so client matches replies. |
| 2-3 | Protocol ID = 0x0000 | Reserved for future multiplexing. |
| 4-5 | Length | Bytes to follow (Unit ID + PDU). |
| 6 | Unit Identifier | 0–255; 255 = broadcast; used by gateway to route to serial slave. |
(Diagram placeholder: three color-coded frame layouts stacked for RTU, ASCII, TCP.)
3.3 The Modbus Transaction Cycle
3.3.1 Serial (RTU/ASCII) Timing Diagram
(Sequence-chart placeholder with nanosecond scale for bytes, T1.5 gap, T3.5 inter-frame.)
- Client assembles frame → toggles TX-Enable, transmits.
- Bus idle ≥ T3.5 → servers know frame is complete.
- Designated server validates CRC/LRC.
- Server processing delay (
☕5 – 10 ms typical PLC). - Server replies; other servers ignore traffic.
- Client validates, copies data to tag-table, or handles exception.
- Timeout: if no frame within Timeout (e.g., 100 ms) → retry or flag alarm.
▶ Tip The #1 field failure is ignoring T3.5 when bit-rate ≠ spec default. Calculate:
Tchar = 11 bits / Baud
T3.5 = 3.5 × Tchar
3.3.2 TCP Transaction
Client TCP socket ----> Server TCP 502
|--------------- PDU ---------------->|
|<-------------- PDU/exception --------|
No timing gaps, but you must:
- Keep one outstanding query per Transaction ID (avoid head-of-line blocking).
- Design for Nagle + Delayed ACK interactions or disable Nagle if latency matters.
3.4 Addressing & Unit Management
| Context | Field | Range | Notes |
|---|---|---|---|
| Serial RS-485 | Slave Address | 1-247 | 248-255 reserved |
| Broadcast | 0 | Servers act, never respond | |
| TCP | Unit Identifier | 0-255 | Often = serial slave ID behind gateway |
| Gateway Fan-Out | IP → many RS-485 busses | Unique (IP,UnitID) must map to unique physical slave |
▶ Tip When devices appear to “shift addresses” behind a gateway, double-check the gateway’s address offset or ID remap table.
3.5 Worked Example — Byte-Level Walkthrough
Scenario PLC client wants the first six holding registers from slave 17. Baud 19 200, 8-E-1.
| Field | Hex | Comment |
|---|---|---|
| Addr | 11 | Slave 17 |
| Func | 03 | Read Holding Registers |
| Start-Hi | 00 | 40001 (0-based) high byte |
| Start-Lo | 00 | 40001 low byte |
| Qty-Hi | 00 | 6 regs |
| Qty-Lo | 06 | – |
| CRC-Lo | C5 | Calculated CRC-16 little-endian |
| CRC-Hi | C4 | – |
Server’s normal response (12 bytes + CRC) returns Byte-count = 12, then 6× 16-bit values.
(Code snippet placeholder: Python pymodbus call client.read_holding_registers(0,6,unit=17) with decoded result.)
3.6 Exception Responses
If the slave cannot fulfil a request:
| Byte | Meaning |
|---|---|
| 1 | Slave Addr |
| 2 | Function Code + 0x80 (e.g., 0x83) |
| 3 | Exception Code (02 = Illegal Data Address) |
| 4-5 | CRC |
Client must branch on fc & 0x80. Never ignore exceptions: mis-handling doubles network load via futile retries.
3.7 Key Takeaways
- One PDU, many wrappers — learn the 6-byte core once; the bus is “just plumbing.”
- Timing matters on serial links; bytes + silent gaps form the true frame.
- Transaction ID + Unit ID keep multi-client TCP and gateway scenarios sane.
- Exception frames are first-class citizens—handle them as deliberately as reads and writes.
Placeholder Assets to Create
| ID | Visual | Purpose |
|---|---|---|
| Fig-3-1 | Client–server timeline (RTU) | Show T1.5 / T3.5 gaps |
| Fig-3-2 | ADU vs PDU layer cake | Reinforce separation |
| Fig-3-3 | MBAP header call-outs | Field-length cheat-sheet |
| Fig-3-4 | Gateway address fan-out map | Clarify Unit ID use |
Coming Up Next
In Module 2 we leave theory and put bytes on the wire, starting with Chapter 4: Serial Physical Layers — RS-485, RS-232 & RS-422. You’ll learn cabling rules, scope-probe tricks, and why bias resistors prevent “ghost frames.” Prepare your oscilloscope!