OPEN MODBUS/TCP SPECIFICATION Release 1.0, 29 March 1999 Andy Swales Schneider Electric aswales@modicon.com Contents Contents * 1. Status of this specification * 2. Overview * 2.1 Connection-oriented * 2.2 Data encoding * 2.3 Interpretation of reference numbers * 2.4 Implied length philosophy * 3. Conformance class summary * 3.1 Class 0 * 3.2 Class 1 * 3.3 Class 2 * 3.4 Machine/vendor/network specific functions * 4. Protocol structure * 5. Protocol reference by conformance class * 5.1 Class 0 commands detail * 5.1.1 Read multiple registers (FC 3) * 5.1.2 Write multiple registers (FC 16) * 5.2 Class 1 commands detail * 5.2.1 Read coils (FC 1) * 5.2.2 Read input discretes (FC 2) * 5.2.3 Read input registers (FC 4) * 5.2.4 Write coil (FC 5) * 5.2.5 Write single register (FC 6) * 5.2.6 Read exception status (FC 7) * 5.3 Class 2 commands detail * 5.3.1 Force multiple coils (FC 15) * 5.3.2 Read general reference (FC 20) * 5.3.3 Write general reference (FC 21) * 5.3.4 Mask write register (FC 22) * 5.3.5 Read/write registers (FC 23) * 5.3.6 Read FIFO queue (FC 24) * 6. Exception codes * Appendices * A. Client and Server Implementation Guidance * A.1 Client design * A.2 Server design * A.2.1 Multithreaded server * A.2.2 Single-threaded server * A.3 Required and expected performance * B. Data Encoding for non-word data * B.1 Bit numbers within a word * B.2 Multi-word quantities * B.2.1 984 Data Types * B.2.2 IEC-1131 data types * 1. Status of this specification Initial release 3 Sept 1997 Draft for public review. Re-release 29 March 1999 at Revision 1.0. No technical changes, clarifications only. Added Appendices A and B in response to common implementation questions. This specification of MODBUS/TCP is being published by being publicly visible on the World Wide Web. It is intended for the benefit of developers wishing to use MODBUS/TCP as an interoperability standard in the field of industrial automation. Since MODBUS and MODBUS/TCP are in reality ‘de-facto’ standards, in that many vendors and products implement it already, this specification primarily explains the specific encoding of MODBUS messages over the TCP communication protocol universally available on the Internet. 2. Overview MODBUS/TCP is a variant of the MODBUS family of simple, vendor-neutral communication protocols intended for supervision and control of automation equipment. Specifically, it covers the use of MODBUS messaging in an ‘Intranet’ or ‘Internet’ environment using the TCP/IP protocols. The most common use of the protocols at this time are for Ethernet attachment of PLC’s, I/O modules, and ‘gateways’ to other simple field buses or I/O networks. The MODBUS/TCP protocol is being published as a (‘de-facto’) automation standard. Since MODBUS is already widely known, there should be little information in this document which could not be obtained elsewhere. However, an attempt has been made to clarify which functions within MODBUS have value for interoperability of general automation equipment, and which parts are ‘baggage’ from the alternate use of MODBUS as a programming protocol for PLC’s. This is done below by grouping supported message types into ‘conformance classes’ which differentiate between those messages which are universally implemented and those which are optional, particularly those specific to devices such as PLC’s. 2.1 Connection-oriented In MODBUS, data transactions are traditionally stateless, making them highly resistant to disruption from noise and yet requiring minimal recovery information to be maintained at either end. Programming operations, on the other hand, expect a connection-oriented approach. This was achieved on the simpler variants by an exclusive ‘login’ token, and on the Modbus Plus variant by explic