The ModBus TCP protocol is a cornerstone in the field of industrial communication systems. It is an application layer messaging protocol that works with Ethernet to enable client/server communication between devices connected on different types of networks. ModBus originated from the ModBus serial protocol (ModBus RTU) and has now evolved to adopt modern technologies such as TCP/IP, playing a key role in areas such as building automation, energy management and industrial automation. Its simplicity, robustness, ease of use, openness and integration capabilities make it a preferred protocol.
Related article:
What is ModBus TCP?
ModBus TCP is an adaptation of the classic ModBus protocol for TCP/IP networks. It provides a standardized TCP interface that enables ModBus devices to communicate seamlessly over Ethernet for efficient and reliable data exchange. The protocol inherits the simplicity and robustness of ModBus and adds the reliability and interoperability of TCP/IP. It uses the TCP transport protocol to ensure reliable and orderly delivery of data, and is addressed and routed through the IP layer. ModBus TCP/IP works under a client-server model, with one device initiating requests as a client and other devices responding as servers. It provides an elegant solution for ModBus communication on modern network infrastructure, enhancing its relevance in digital industrial environments.
ModBus TCP/IP architecture
The ModBus TCP/IP architecture implements layered network communication, including TCP/IP stack and ModBus application protocol (MBAP). The TCP/IP protocol is responsible for data transmission at the physical layer (Ethernet), network layer (IP) and transport layer (TCP), while MBAP, as the application layer, encapsulates ModBus messages in TCP/IP packets. This architecture ensures seamless communication of ModBus data over standard network infrastructure, with the core being the ModBus message containing the MBAP header, Function code and Data field. This structure is essential for seamless interoperability between different devices while maintaining the simplicity and robustness of the ModBus protocol.
ModBus TCP frame structure
The ModBus frame structure can be divided into two parts: MBAP header + PDU.
MBAP header frame structure
The MBAP header is a 7-byte structure prefixed with a standard ModBus message, and its specific composition is as follows.
| Transaction ID | Protocol identifier | Length | Unit Identifier |
| 2 bytes | 2 bytes | 2 bytes | 1 bytes |
| Contents | Explanation |
| Transaction Identifier | It can be understood as the serial number of the message. Generally, 1 is added after each communication to distinguish different communication data messages. |
| Protocol Identifier | 0000 indicates Modbus protocol |
| Length | Indicates the length of the following data in bytes |
| Unit Identifier | It can be understood as the device address |
The ModBus TCP PDU frame structure is consistent with that of ModBus RTU, and consists of two parts: function code and data.
| Function code | Data |
| 1 bytes | The specific length of data is uncertain and depends on the specific function. |
① There are four types of ModBus operation objects: coil, discrete input, input register, and holding register.
| Objects | Meaning |
| Coil | Switch quantity, readable and writable in modbus |
| Discrete | Switch quantity, read-only in modbus |
| Input register | Register that can only be changed from analog input terminal, read-only in modbus |
| Holding register | Register used to output analog signal, readable and writable in modbus |
② Depending on the object, the function code of ModBus is divided into the following categories:
| Function code | Meaning | Bit Operation/Word Operation | Number of operations |
| 01 | Read coil status | bit operation | single or multiple |
| 02 | Read discrete input status | bit operation | single or multiple |
| 03 | Read holding registers | word operation | single or multiple |
| 04 | Read input registers | word operation | single or multiple |
| 05 | Write coil status | bit operation | single |
| 06 | With single holding register | word operation | single |
| 15 | Write multiple coils | bit operation | multiple |
| 16 | With multiple holding registers | word operation | multiple |
The data domain of ModBus TCP and serial link ModBus is consistent. For specific data domains, please refer to serial ModBus.
ModBus TCP and ModBus RTU
ModBus TCP/IP and ModBus RTU are two major branches of the ModBus protocol, each with its own advantages and application areas. TCP/IP is based on Ethernet and has high speed (100 Mbps+). It is suitable for large-scale, decentralized industrial networks. It adopts a client-server model and uses TCP/IP stack communication to support complex network topologies. ModBus RTU is a serial transmission version, which uses the RS-232/485 interface at a slower speed (up to 115200 bps), is based on a master-slave model, includes CRC error checking to ensure data integrity, and is suitable for environments with more electrical noise. When choosing, consider data speed, network topology, number of devices, and environmental conditions.
| Features | ModBus RTU | ModBus TCP |
| Communication medium | Serial link | Ethernet |
| Data format | Binary | TCP message |
| Network architecture | Star or daisy chain network | Star, ring or mesh network |
| Application scenarios | Scenarios with high real-time performance and short communication distance | High throughput and long communication distance scenarios |
ModBus TCP/IP: Practical Applications
Core Applications in Industrial Automation
ModBus TCP/IP occupies a core position in the field of industrial automation. As a universal communication protocol, it can seamlessly connect various industrial devices, including programmable logic controllers (PLCs), remote terminal units (RTUs), and sensors. This connectivity makes the communication of industrial equipment more efficient and promotes the improvement of industrial automation. The widespread application of ModBus TCP/IP not only improves production efficiency and reduces labor costs, but also strengthens the collaboration between devices and ensures the stability and reliability of industrial processes.
Key Support for Building Automation Systems
In building automation systems, ModBus TCP/IP plays a vital role. As a communication bridge between different subsystems, it can achieve seamless connection and data exchange between various systems in the building (such as HVAC, lighting control, access control system, etc.). This seamless communication not only improves the intelligence level of the building, but also enables managers to monitor and control various equipment and systems in the building in real time, thereby providing a more comfortable, safe and energy-saving living and working environment.
Core components of energy management system
ModBus TCP/IP plays the role of a core component in the energy management system. By connecting devices such as power meters, submeters and energy management software, it can provide real-time energy usage data and provide strong support for energy management. These data not only help companies identify energy waste and formulate energy-saving strategies, but also predict future energy demand and provide a scientific basis for the company's energy management. At the same time, the openness and standardization of ModBus TCP/IP enable devices from different manufacturers to be seamlessly integrated into the energy management system, improving the compatibility and scalability of the system.
Advantages of ModBus TCP/IP
ModBus TCP/IP has many advantages, making it the preferred protocol for industrial automation and other applications.
Seamless integration: Based on TCP/IP, compatible with existing network infrastructure, easy to integrate, and supports cross-network communication.
Simple and efficient: The function code set is small and well-defined, the data model is simple, easy to implement, and reduces processing overhead.
Reliable and robust: Based on the TCP protocol, it provides reliable and ordered byte stream transmission to ensure the accuracy of control commands and status updates.
Highly scalable: Supports large address space, supports broadcasting, and is suitable for large-scale applications.
Open and multifunctional: The protocol specification is free, no license is required, and it has a large ecosystem of compatible devices and software.
Limitations and challenges of ModBus TCP/IP
Although ModBus TCP/IP is popular, it also has challenges. The following are its main limitations:
Insufficient security: Network security was not fully considered at the beginning of the design, encryption and authentication are not supported, data is easily intercepted and changed, and it is easy to be accessed by unauthorized devices.
Inconvenient device configuration: Automatic device discovery is not supported, new devices need to be manually configured, and maintenance is time-consuming.
Limited functions: Only simple request/response communication is supported, which may not be applicable for complex communication or real-time performance requirements.
Impact of TCP congestion control: Reliance on TCP congestion control can lead to inefficiencies and delays on busy networks or long-distance connections.
Limited scalability: Network performance can degrade as devices are added, so keep this in mind when designing large systems.
ModBus TCP/IP is an adaptation of the proven ModBus RTU protocol designed for TCP/IP networks. It brings the simplicity and reliability of the original protocol to the world of Ethernet and Internet communications. With its open standards, it has gained wide acceptance in industrial automation and building management systems. However, there are concerns that the protocol lacks security measures and other modern network features, which may affect its suitability for some applications.
Despite these challenges, ModBus TCP/IP remains a relevant choice due to its widespread use, familiarity within the industry, and a broad library of supported devices.