Expanding on what @parky said,
Modbus is at its core a
wire protocol to
map memory between a
server and
clients.
The
Modbus specification and related documents are available here:
https://www.modbus.org/specs.php.
The particular type of
wire used (TCP/IP; RS-485; RS-232) will determine how the clients and server are connected, and how many clients and servers can be on the wired "network."
The
protocol definition, including dialects and details for different wire types, are available at the link above. See also Note 1 below.
The
memory map refers to memory, or data, locations on (in) the
server. The Modbus memory model recognizes four regions, or types, of memory
- Discrete Inputs: 1 bit per address; read only; examples are the states of proximity sensors or level alarms
- Note that when there is a client protocol request to read Discrete Input data, the bits will be packed into 16-bit integers
- Coils (Discrete Outputs): 1 bit per address; read and write; examples are Cooling ON/OFF or Heating ON/OFF
- Input Registers: one 16-bit integer per address; read only; examples are current temperature or device firmware revision.
- Holding Registers: one 16-bit per address; read and write; examples are temperature setpoint or a calibration constant.
See also Notes 1 and 2 below.
The
clients use the Modbus protocol to issue requests to a server read data from, or write data to, memory locations within the data regions (defined above) on the server. Such requests will identify the server with a 1-byte, 8-bit, ID with a value between 1 and 247. The server typically returns a response to the request.
Note 1) The Modbus wire protocol details are fixed, but
how any one client's software presents an interface or instruction
to that protocol
can vary widely between different manufacturers, specifically
- Whether the memory addresses in the client interface or instruction are 0-based or 1-based
- How the client interface or instruction specifies the combination of operation and data region for a request. See Note 3 below
- operation:
- reading data from the server device memory;
- writing data to the server device memory.
- data region (type):
- Discrete Inputs;
- Coils;
- Input Registers;
- Holding Register.
Note 2) The physical location of the different memory types (regions) in a Modbus server device's memory is arranged at the sole discretion of the device manufacturer. The memory regions could be contiguous with (adjacentt to) each other, discontiguous, or overlapping. The only relevant document is the published memory map of the available inputs, outputs and registers.
Note 3) Within the Modbus protocol, a client request the the
combination of operation
and data region via a single function code e.g.
- Function Code 0x01 and 0x15: these codes both access the same discrete 1-bit "Coils" region of memory of a server device, but
- Function Code 0x01 is for reading coils, i.e. the client will receive Coils' data from the server device:
- Function Code 0x15 is for writing coils, i.e. the client will send Coils' data to the server device.
A alternate approach of many clients is to specify the operation and data region (type) separately. Specifying the operation (read or write) is straightforward. However, the most common convention to specify which data region to access is to prepend a numerical prefix to the address. So configuring a client to read the first Holding Register might require specifying two separate items to create a request:
- Configure to Read
- Configure an "Address" of 400000 (or 400001)
Where that leading
4 is
not actually part of the Modbus address, but is instead a common, but non-Modbus, convention prefix to point to the Holding Register region out of the four data regions.
And as if that is not confusing enough, note that
- to read Holding Registers the Modbus protocol will use Function Code 0x03 (so function code to read "address| "4"xxxxx.
- to read Input Registers the Modbus protocol will use Function Code 0x04, and the prefix convention for Input Registers is 3.