INDUSTRIAL NETWORKS AND INTERFACES IN AUTOMATION SYSTEMS Chapter VI CANBUS and MODBUS communication protocol 1.1. CANBUS communication protocol 1.1.1.Description of protocol Controller Area Network (CAN bus) is a serial interface for data transmission in real time with speed of up to 1Mbps featuring excellent possibilities for error correction. It is used in high speed data transmission ISO 11898 and low speed applications ISO 11519 as well. Interface adaptors manufactured by OKI, MICROCHIP, MOTOROLA, etc. are used for communication between devices. The physical line is a parallel-wire line (Fig. 6.1). Fig. 6.1. Data transmitted by CAN are send simultaneously along the bus toward all devices in the network (Fig. 6.2).
1.1.1. Description of protocol Controller Area Network (CAN bus) is a serial interface for data
transmission in real time with speed of up to 1Mbps featuring excellent possibilities for error correction. It is used in high speed data transmission ISO 11898 and low speed applications ISO 11519 as well. Interface adaptors manufactured by OKI, MICROCHIP, MOTOROLA, etc. are used for communication between devices.
The physical line is a parallel-wire line (Fig. 6.1).
Fig. 6.1.
Data transmitted by CAN are send simultaneously along the bus toward all devices in the network (Fig. 6.2).
1.1.2. The principle of the action The principle of operation of CAN networks is based on the fact that each
module is capable of transmitting messages should there be available free bus. Since each message carries priority, then in case of several transmitting modules, access is granted to the message of highest priority. By way of analogy, when certain module is simultaneously reached by more than one message reception is carried out depending on their priority. Each of the modules included in CAN network could require the reception of messages by sending inquiries. Each correctly received message is confirmed by sending acknowledgement message. Reply is sent in cases where in certain message is not received due to error. CAN network recognizes the occurrence of permanent errors and automatically shuts off the faulty module.
Message content is encoded by a special identifier – specific for CAN network, which carries information about what is being transmitted with this message (t, P, F). All receivers receive the information and each of them tests the identifier in order to determine the content of this message. If the message is suitable for the receiver it is received and processed, if not – it is omitted. The identifier contains information about message priority which is graded into at least two levels: high and low. Information transmission is effected through parallel wire twisted pair or a telephone line provided induced interferences are not high.
CAN network is flexible and allows new devices to be included to a network which already exists without the need of creating new additional changes in hardware or software of the existing CAN network.
CAN utilizes Non Return to Zero (NRZ) for data encoding. The usage of
NRZ encoding provides concise messages with minimum number of transitions and inconsiderable influence on behalf of external interferences.
In CAN networks priority is given to those parameters which change faster than the other ones. For example, the revolutions of an automobile engine will change with greater frequency as compared to its temperature.
Priority of parameters is established by Carrier Sense, Multiple Access with Collision Detect (CSMA/CD) method. The priority of a message is recorded in the identifier during the first phase of system designing. Highest priority is granted to the identifier with the lowest digital value.
1.1.3. Description of information package In CAN systems information is transmitted and received in the form of a
packet (Message Frame). There two versions of CAN: 2.0А and 2.0В. Version 2.0А is characterized by
11 bit identifier and the genuine protocol of Bosh whereas version 2.0В features 21 bit identifier which is developed in the USA for the needs of the American automotive industry.
CAN networks developed according to version 2.0А receive and transmit information between devices which are built up according to this particular standard only. Version 2.0В receives and transmits information in mixed networks containing controllers from both versions.
The shape of frame in version 2.0А is shown in Fig. 6.3.
DelimiterSb1
Delimiterr1
r0RTRSRR bit
DLC 15 bitsData (0-8 Bytes)11 bit Identifier
Bus IdleIntEOFACKCDR fieldData FieldControlArbitration field
Message Frame
Bus Idle
18 bit Identifier
IDE bit
Stan
dart
form
at
DelimiterSb1
Delimiterr1
r0RTRSOF
DLC 15 bitsData (0-8 Bytes)11 bit Identifier
Bus IdleIntEOFACKCDR fieldData FieldControlArbitration field
0 D d d d 1 D d d r 2 D d r d 3 D d r r 4 D r d d 5 D r d r 6 D r r d 7 D r r r 8 R d d d
Fig. 6.5.
Fig. 6.6.
Initially, a pulse from high to low potential is transmitted along the line, Start Of Frame (SOF) followed by 11 bit identifier (Arbitration) in which the content of transmission is encoded. After that follows 1 bit of information Remote Transmission Request (RTR) through which authorization is requested from the transmitter to transmit information to the receiver. Bits r0 and r1 in the protocol are blank. The Data Length Code (DLC) field is 4 bits in size and contains the
length of information which is to be transmitted during Data interval. This interval has duration from 0 to 8 pulses which is indicated in DLC. The next 15 bits of Cycle Redundancy Code (CRC) are used to check the correctness of received information, followed by DEL interval. For recognition of the information transmitting device 2 Acknowledge pulses are used (ACK). The packet ends with the End Of Frame (EOF) marker which is 7 pulses in duration. The packet end is indicated by 3 INTERMISSION bits after which the line is released.
Fig. 6.7.
Recessive and dominant bit For the sake of isolation from the transmission medium CAN avoids
description with binary values "0" and "1". Instead, the terms "recessive" and "dominant" signal are accepted. For instance, in optical connection a "recessive" signal can be dark and "dominant" may mean light. With electrical signal "Recessive" may mean high level electrical signal whereas "dominant" could mean absent.
1.1.4. Types of frames Four frames are included in CAN protocol: • Data frame – transmits data; • Remote frame – serves to request transmission of data frames for the
current identifier; • Overload frame – assures spacing between frames of data or requests;
Accepted
Choice
Receive message
Choice
Receive message
Ready
Send message
Accepted
Choice
Receive message
CAN Station 2 CAN Station 1 CAN Station 3 CAN Station 4
• Error frame – it is transmitted from the node in which error is detected.
Frames of data and requests are divided from the preceding frames by spacing.
Request frame format matches the frame for standard or extended format with two exceptions:
• In field RTR place "recessive" instead of "dominant"; • Lack of data field.
1.1.5. Arbitrage during data transmission If there is a free bus available then each node could start transmitting at any
time. Arbitrage of transmission is carried out in case of simultaneous transmission of frames from two or more nodes (Fig. 6.8).
Priority is transmitted along with the message comprising 11 bit device identifier (the device address). The identifier of lowest binary value has the highest priority. Priority is set at the time of network development and therefore cannot be dynamically changed. Collision during access to bus is resolved by means of digit comparison of the identifier appropriated at each station. Fig. 6.8 demonstrates an example which illustrates the described procedure. In this example three CAN-nodes want to transmit their data. Unlike Ethernet in CAN there is no loss of packets allowed as well as creation of collision. The possibility not to transmit a low priority message is considered a major disadvantage.
1.1.6. Error control CAN features several mechanisms for error control and prevention: • Transmission control: During transmission the bit level in the network is
compared with the bits being transmitted; • Bit stuffing: After a transmission of five identical bits in sequence there
follows automatic transmission of a bit with opposite significance. In this way all fields of the data and request frame are encoded with the exception of the distinguisher of the control sum, the EOF marker;
• Control sum: The transmitter calculates it and then adds it in the transmitted frame; the receiver reads the control circuit in real time, calculates the control sum for the received frame and compares them;
• Field value control during transmission.
1.1.7. Transfer rate and network length
Speed (rate) range All nodes in the net should operate at equal speed/rate. The CAN standard
does not determine operation speed, however most inbuilt systems use
continuous change of speed from 20 KBit/sec to 1 MBit/sec. Of course, there also are solutions which operate over that range.
Critical network length The above method of error control requires its distribution across the entire
net till the moment of its calculation. This in turn assigns the maximum network length. The higher the transfer rate the lower the network length. For example, the critical length of a network from the ISO 11898 standard corresponds approximately to:
• 1 МBit/sec 40 m; • 500 КBit/sec 100 m; • 125 КBit/sec 500 m; • 10 КBit/sec 5000 m.
1.1.8. High level/layer protocols CAN base specification offers a number of possibilities such as transmission
of data of length larger than 8 bytes; automatic distribution of identifiers between nodes, homogeneous control of devices of various type and productivity. Due to this fact protocol modifications of higher level have been under development ever since the appearance of CAN such as:
1.1.9. Advantages of CAN • Possibility for operation in fixed real time mode; • Simple implementation and minimum operational costs; • High interference immunity; • Arbitrage of access to network without carrying capacity loss; • Reliable error control during transmission and reception;
• Wide range of operating speed; • Large dissemination over a wide variety of devices.
1.1.10. Disadvantages of CAN • Network critical length is inversely proportional to transfer rate; • Large size of service data in the packet (as related to useful data); • Lack of conventional standard for protocols of higher level. Standard network provides extensive possibilities for practical safe data
transmission between nodes. The following tables contain the most frequently used connectors and the matching of pins during connection.
9 Pin (male) D-Sub CAN Bus PinOut
Pin # Signal Names Signal Description
1 Reserved Upgrade Path
2 CAN_L Dominant Low
3 CAN_GND Ground
4 Reserved Upgrade Path
5 CAN_SHLD Shield, Optional
6 GND Ground, Optional
7 CAN_H Dominant High
8 Reserved Upgrade Path
9 CAN_V+ Power, Optional
10-Pin Header CAN Bus PinOut Pin # Signal Names Signal Description 1 Reserved Upgrade Path 2 GND Ground, Optional 3 CAN_L Dominant Low 4 CAN_H Dominant High 5 CAN_GND Ground 6 Reserved Upgrade Path 7 Reserved Upgrade Path 8 CAN_V+ Power, Optional 6 Reserved Upgrade Path 7 Reserved Upgrade Path
7-Pin Open Style CAN Bus PinOut Pin # Signal Names Signal Description 1 CAN_GND Ground 2 CAN_L Dominant Low 3 CAN_SHLD Shield, Optional 4 CAN_H Dominant High 5 CAN_V+ Power, Optional
5-Pin Micro/Mini CAN Bus PinOut Pin # Signal Names Signal Description 1 CAN_SHLD Shield, Optional 2 CAN_V+ Power, Optional 3 CAN_GND Ground 4 CAN_H Dominant High 5 CAN_L Dominant Low
1.2.1. Modbus communication protocol is based on the "client-server"
architecture. It finds wide application in industry for effecting connection between controllers. Data is transmitted through serial channels such as RS-485, RS-422, RS-232 (Fig. 6.9), or network type TCP/IP (Modbus TCP) (Fig. 6.10).
A description of protocol
Fig. 6.9.
9/12-Pin Round Flange Style CAN Bus PinOut 12-Pin # 9-Pin # Signal Names Signal Description 1 - - Reserved 2 7 CAN_L Dominant Low 3 8 CAN_GND Ground 4 9 - Reserved 5 - - Reserved 6 - - Reserved 7 2 CAN_H Dominant High 8 - - Not Used 9 - - Reserved 10 - GND Ground, Optional 11 - - Reserved 12 1 CAN_V+ Power, Optional - 3 DIL-1 DIP Switch 1 connected to CAN_V+ - 4 DIL-2 DIP Switch 2 connected to CAN_V+ - 5 DIL-3 DIP Switch 3 connected to CAN_V+ - 6 DIL-4 DIP Switch 4 connected to CAN_V+
Modbus is related to the application level protocols of the OSI network model. Controllers which interact under Modbus utilize the client-server model based on transactions made up of requests and replies.
Usually in the net there are only one master device and several slave devices. The master device initializes transactions (communication requests). Slave devices return required information to the master device. The master could individually address each of the lave devices or address a group of such devices (Fig. 6.11). In turn the slave device formulates a message and returns it to the sender. Upon receipt of packet request no reply is formulated.
1.2.2. A format of frame Modbus specification describes the structure of requests and replies. The are
at the basis of elementary packet control also referred to as PDU (Protocol Data Unit). PDU structure does not depend on the type of connection line and includes code of function and data field. The function code is encoded in a single byte field and can receive values within the range 1÷127. The range 128÷255 is reserved for error code. Data field is of variable length and the size of the PDU packet is limited to 253 bytes (Fig. 6.12).
Modbus PDU Number of function Data’s
1 byte N < 253 (byte)
Fig. 6.12. PDU puts the contents of additional fields into another packet to enable
packet transmission along the physical line for connections. This packet is referred to as ADU (Application Data Unit). Its form depends on the type of connection line.
Fig. 6.13.
There are three basic implementations of Modbus protocol: two for data transmission along serial interface, modem EIA/TIA-232-E (RS-232), EIA-422, EIA/TIA-485-A (RS-485), optical and radio connection:
• Modbus RTU; • Modbus ASCII;
And for data transmission along Ethernet check TCP/IP: • Modbus TCP.
Slave address Function code Data Error Check
ADU Application Data Unit PDU Protocol Data Unit General MODBUS frame
The general structure of ADU is as follows (Fig. 6.14):
Start
≥ 3.5 char
Station Address
8 bits
Function Code
8 bits
Data
N x 8 bits
CRC Check
16 bits
End
≥ 3.5 char
at least 3.5 char 3.5 char
4.5 char
Frame 1 Frame 2 Frame 3
MODBUS RTU frame
Fig. 6.14. where: • Station address – is the address of the slave device to which the record is
addressed. Each device corresponds to only one address. Likewise, the reply begins with the address of the slave device. Devices addresses are from 1 to 247. Address 0 is used for packet addressing and is recognized by all devices; addresses in the range 248÷255 are reserved;
• Function code – one byte field in which the execution command is assigned;
• Data – it contains information which the device needs in order to carry out the command ordered by the master device or contains the information which is required in replying. The length of the form depends on the number of the function and varies in the range of 0÷252 bytes;
• Error Check (CRC Check) – control sum for error check in the frame. During line transmission the lowest order byte of the control sum is written first.
The maximum size of ADU for sequential network RS232/RS485 is 256 bytes whereas for TCP network it is 260 bytes.
Modbus ASCII information frame has the form presented in Fig. 6.15:
The function of the individual fields is given in Table 6.9. Table 6.9.
Name Length Function
Start 1 char Starts with colon ( : ) (ASCII value is 3A hex)
Address 2 chars Station Address
Function 2 chars Indicates the function codes like read coils / inputs Data n chars Data +length will be filled depending on the message type LRC Check 2 chars Error checks End 2 chars Carriage return line feed (CRLF) pair (ASCII values of 0D & 0A hex)
The TCP Modbus information frame is of the following kind:
• Transaction ID – two byte identification number of transaction; • Protocol ID – two byte identification number of protocol; • Length – two bytes containing the length of transmitted data; • Unit ID – address of device to which the request is addressed. Usually
ignored when it communicates with only one device. In TCP Modbus there is no field for control sum.
Fig. 6.18.
1.2.3. There are three categories of functions in the available protocols:
Standardized commands, User commands and Reserved commands (Fig. 6.19).
For reading of values, commands of values from 1 to 4 are used. Data reading
• 1 (0x01) (Read Coil Status) – returns the value to several status registers; • 2 (0x02) (Read Discrete Inputs) – returns the value to several discrete
inputs; • 3 (0x03) (Read Holding Registers) – returns the value to holding registers; • 4 (0x04) (Read Input Registers) – returns the value to some input
registers. The request consists of the first element address from the table; the value for
which it should be read and the number of elements for reading. Both address and size are assigned by a 16-bit number. Requested data are received in the reply. Data is preceded by a byte which contains the size of the transmitted data.
Table 6.11. Sub-function code Name
Hex Dec 00 00 Return Query Data 01 01 Restart Communications Option 02 02 Return Diagnostic Register 03 03 Change ASCII Input Delimiter 04 04 Force Listen Only Mode J 05..09 RESERVED 0A 10 Clear Counters and Diagnostic Register 0B 11 Return Bus Message Count 0C 12 Return Bus Communication Error Count 0D 13 Return Bus Exception Error Count 0E 14 Return Slave Message Count 0F 15 Return Slave No Response Count 10 16 Return Slave NAK Count 11 17 Return Slave Busy Count 12 18 Return Bus Character Overrun Count 13 14 N.A
They are contained in two ranges of codes (65 ÷ 72 and 100 ÷ 110), in which
several arbitrary functions could be implemented. However, there is no assurance that these commands will not be used by another devices for implementation of other functions.
1.2.6. Reserved commands This category of input codes for functions is not standardized, however, they
are used in the devices manufactured by different companies. These codes are: 9, 10, 13, 14, 41, 42, 90, 91, 125, 126 and 127.
1.2.7. One of the standardized activities carried out by this protocol is reading and
writing data in the controllers’ registers. The protocol specification specifies four table s of data displayed in table 6.12.
Model of data
Table 6.12 Primary tables Object type Type of
operation Comments
Discretes Input Single bit Read-Only This type of data can be provided by an I/O system.
Coils Single bit Read-Write This type of data can be alterable by an application program.
Input Registers 16-bit word Read-Only This type of data can be provided by an I/O system.
Holding Registers
16-bit word Read-Write This type of data can be alterable by an application program.
Access to elements in each table is possible through a 16-bit address; the first location corresponding to address 0. In this way each table could contain up to 65536 elements. The specification does not determine the physical length of elements from the table nor the internal address to which they correspond. For instance, it is allowed to organize overlapping tables. In this case all commands which operate with discrete data and 16-bit registers will actually address selfsame data.
1.2.8. Error control in Two types of error could arise during data exchange:
• Errors related to information distortion during data transmission; • Logic errors. Errors of the first type are detected by means of a frame symbol, parity
control and cyclic control sum CRC-16-IBM (numeric polynomial = 0xA001 is used).
For error detection of the second type the Modbus RTU protocol assumes that the device might have missed the reply or that the reply itself could contain error code (Table 6.13). A sign of the fact that the reply may contain an error message is the setting of the highest order bit in the command code. Modbus proceeds according to the scheme below in order for a logic error to be detected:
• If Slave has received correct request and is able to process it in a standard way then it returns a standard reply;
• No reply is generated if Slave has not received any value. In this case Master diagnoses timeout error;
• If Slave has received the request but has also detected an error (parity, LRC, or CRC) then no reply is generated. In this case Master diagnoses timeout error;
• If Slave has received the request, but because of some reason is unable to process it, a reply is generated which indicates the error type.
Table 6.13. Direction for
transfer Address of slave
device Function number
data (or error code)
CRC
Order (Master→Slave) 0x01 0x77 0xDD 0xC7 0xA9
Request (Slave→Master) 0x01 0xF7 0xEE 0xE6 0x7C
Table 6.14. Error # Error Message
0 No Errors 1 Illegal Funct ion 2 Illegal Data Address 3 Illegal Data Value 4 Master - Time Out 5 No Communication
