ModBUS-TCP Networking

Owned by Gary Cane
Last updated: Aug 25, 2011Version comment


The MODBUS/TCP interface is an additional component of the Fairmount Automation Chameleon NIM-2 module and SmartValve embedded controller that provides support for both client(master) and server(slave) modes of the protocol. It utilizes an application protocol stack purchased from RTA adapted to Fairmount Automation systems. Configuration is similar to that of the existing Modbus RTU support, but includes an additional value for the specification of the IP address of the peer server(slave).


Modbus/TCP is an extension of the Modicon Modbus control and acquisition interface to utilize TCP/IP as a physical transport layer rather than RS485/422/232.

Modbus provides a model that supports a client/server (master/slave) exchange of data between peers. Clients may request and/or change data and initiate a transaction to do so, while a server operates in a passive role that responds to client requests. A server cannot initiate contact with a client.
Internally, a Modbus server maintains an array of data elements that fall into two basic types, each with two subtypes. The basic types are a boolean and integer. A boolean entity analogous to a switch, contact or solenoid. For booleans, the two subtypes are Coil and Discrete Input. A Discrete Input is read-only and may not be modified by a client. A Coil is read/write and may be queried or modified by a client. An integer is a 16 bit binary entity analogous to an A/D, D/A or counter. For integers, the two subtypes are Holding Register and Input Register. An Input Register is read only and may not be modified by the client. A Holding Register is read/write and may be queried or modified by a client.

The integer Modbus types are sometimes extended beyond the official Modbus specification to include additional types, including 32 bit integers and floating point values. There is no standard that describes the ordering of multiple registers to form larger types, so a client must be able to specify the register ordering if it is to accommodate them.

In Modbus, a Slave Address indicates an address on a bus that references one or more servers. Modbus supports the concept of a broadcast to multiple servers on the same physical bus serial bus. Modbus/TCP nomenclature differs from this in that the same field is referred to as a Unit Number. Whether a Modbus/TCP server supports broadcasts to the servers under its control is implementation dependent. In most cases, servers will simply replicate the received Unit Number into the response. Nothing precludes the server from virtualizing multiple servers and distinguishing them by Unit Number.


For Modbus/TCP, a TCP/IP address is also required that indicates the network (not Modbus Space) address of a Server. The TCP/IP address indicates the location on the network of the device. For those familiar with Modbus over RS485/422/232 but not TCP/IP, TCP/IP differs in that it is not a physical network as RS485 is, but a logical network TCP/IP overĀ a physical Ethernet connection. TCP/IP networks have switches, hubs and routers that permit all points anywhere on the network to be accessible, even if they are not attached to the same physical bus. The nature of TCP/IP prohibits concurrent broadcast to multiple TCP/IP servers. However, it is possible that the Server may act as a gateway to one or more servers sharing a local bus with the gateway. The Modbus/TCP specification makes no assumptions regarding this, and it is left to the implementer as to how a gateway should deal with broadcast Slave/Unit address values. In Fairmount Automation's implementation of Modbus/TCP, the server acts as a gateway with multiple virtual server units, but does not support broadcasts to the virtual server units.


In Modbus/TCP there are two basic roles to communication, a Server and a Client. A Server contains a collections of Coils, Registers, etc. that it makes available to others. It cannot send the values directly to others, it can only make it available to others should they chose to request it. A Client merely references Coils, Registers, etc. that exist on a Server somewhere else, and does so at a periodic interval called a Poll. Polling intervals, the time between when values are referenced, are definable point by point, and may vary between a fraction of a second to hours or even days.

This produces four modes of operation with subtle differences. A Broadcaster that is a Server or a Client, and a Receiver that is a Server or a Client.