PDHonline Course E497 (3 PDH)

Industrial Communications
and Control Protocols

Michael J. Hamill, P.E.

2015

PDH Online | PDH Center

5272 Meadow Estates Drive
Fairfax, VA 22030-6658
Phone & Fax: 703-988-0088
[Link]
[Link]

An Approved Continuing Education Provider

[Link] PDHonline Course E497 [Link]

Index
Introduction 3
Protocol: A definition 3
Digital Data Basics 3
Differences in Controller Types 5
Diversity in the PLC/DCS/PAC market and its problems 5
Networks, Nodes, and Topologies 6
The OSI Model and its importance 10
Hardware and Connecting Cables 11
Communication methods 13
Deterministic communications 14
Interface standards and devices 15
Common Features in Protocols 18
Some Notable Automation Companies 19
Proprietary and Open Protocols 19
The HART protocol 20
TCP/IP 20
Control protocols 21
Modbus and some of its variants 21
Modbus Plus 22
Rockwell / Allen-Bradley Protocols 22
Some Important Open Protocols 25
The Fieldbus Foundation and its work 25
FOUNDATION Fieldbus H1 26
FOUNDATION Fieldbus HSE 27
The PROFIBUS Standards 27
PROFIBUS PA 28
PROFIBUS DP 28
PROFINET 28
Protocols used with HMIs 29
Windows OS and OPC 29
Local operator terminals 30
Disadvantages of using protocols 30
Summary 31
Appendix: Overview of the Modbus RTU Protocol 32
References 34
Endnotes 34

© M.J. Hamill, Industrial Communications and Control Protocols 2

[Link] PDHonline Course E497 [Link]

Introduction

This course is intended to benefit readers by:

Explaining what protocols are
Explaining what communications and control protocols do
Explaining how use of protocols makes it easier for controllers to operate
Describing some commonly-used network topologies
Describing some hardware and cables used for digital communications
Detailing some different ways of transmitting data over networks
Condensing often confusing information about protocols
Explaining how protocols interrelate with networks and the Internet
Describing some commonly used protocols and their uses

Readers who have experience with, or some knowledge about one or more of the
following technologies will benefit most from this course: Programmable Logic
Controllers (PLCs); Distributed Control Systems (DCSs); or Programmable Automatic
Controllers (PACs).

This course also discusses networks in some detail. Protocols are best explained along
with a discussion about some basic features of networks.

Protocol: A definition
It's worthwhile to begin by defining Protocol. The author's definition is: a method for
digital data communications between two or more devices in different locations, or on a
network.

There are many protocols in use around the world. This course focuses on protocols
used by PLCs, DCSs, PACs, and devices existing on the same network as industrial
controllers. Some protocols used with controllers are for data communications only,
usually by sensors and transmitters. Others are used for both data communications and
control applications.

Digital Data Basics

Digital data is a natural choice for communications. The smallest unit of digital data is a
Bit, or binary digit, and it has just two states: Off, represented by a 0; and On,
represented by a 1. Since the 1960s, most computerized devices have relied on
miniaturized, two-state transistors that are either off or on. And a voltage associated
with the transistor is either low (0) or high (1). A bit’s value is represented using base 2,
and can only be 0 or 1. Digital data can be generated and transmitted very quickly by
electronic equipment.
© M.J. Hamill, Industrial Communications and Control Protocols 3
[Link] PDHonline Course E497 [Link]

Almost all transmitted data is at least one byte long. A byte consists of 8 consecutive
bits, or binary digits. A byte can have up to 256 (2 8) values. In reality, data is frequently
communicated in 2, 4 or 8 byte units. A data unit with 2 bytes (16 bits) is often called a
Word.

Measurements that mean something in the real world - levels, pressures, temperatures,
etc. - can easily be represented with 2 or 4 bytes. So can the ranges of set points.
Likewise the On or Off state of a device like a motor. Within computers and
microprocessors, arithmetic operations on data that has a digital equivalent is readily
done. They can easily manipulate data in binary, or base 2.

Example: Assume a tank’s level transmitter is calibrated so 0% is 0 feet, and

100% signal is 10 feet. If a 2-byte word is used to represent this data, than at 5
feet (50% level) that will be the same as 32,767, or 0111111111111111 in binary
(and 7FFF in hexadecimal, a.k.a., hex - base 16). At 100% level, that will equate
to 65,535 (hex: FFFF).

Before microprocessor-based controllers became the dominant control technology in

the early 1980s, controllers for applications like refineries, chemical plants, and power
plants mostly used analog electronic control systems. Analog signals vary in a range.
These analog systems had some serious limitations. One was that analog signals were
susceptible to being corrupted by electrical noise and unintentional grounds. Another
was that settings and calculated values in control loops tended to drift over t ime,
especially as components heated up.

Digital data communications through protocols has the advantages that it is inherently
more stable, reliable, and less susceptible to electrical noise than analog signals.

Another advantage of digital communications is that a lot of data can be communicated

on a single network or fieldbus cable. This reduces end users’ needs for installing
controller input and output modules, wiring, conduit, etc. It also lets users connect
different types of devices to the same communications cable, such as transmitters and
actuators. And it also makes it easier find the sources of problem conditions readily.

Fieldbus is defined as “a family of industrial computer network protocols used for real-
time distributed control, standardized as IEC 61158.” 1

© M.J. Hamill, Industrial Communications and Control Protocols 4

[Link] PDHonline Course E497 [Link]

This course is progressing to a discussion of protocols. But worldwide, plants are

continuing to use sensors, transmitters and actuators that transmit or respond to analog
signals. Controllers handle that by embedding Analog-to-Digital (A/D) and Digital-to-
Analog (D/A) converters in input and output modules. For example, most incoming
analog signals are converted from a voltage1 to a 16-bit integer within a controller. That
makes it easy for a controller to use the data.

Differences in Controller Types

The two primary types of controllers in use are PLCs and DCSs. The two technologies
were developed for different markets in the 1970s. PLCs were meant for mostly for
manufacturing applications where most devices were turned on and off; raised; lowered;
rotated; moved sideways; and where users wanted to compare the state of something
at the end of an operation to its beginning state. They also found many uses in
applications where a process occurred in a repeated cycle. PLC functions were (and still
are) mostly implemented using ladder logic symbols, which technicians understand.
DCSs, on the other hand, replaced earlier systems and equipment in applications that
involved mostly continuous measurement of process variables and ongoing contr ol of
processes – such as at oil refineries and power plants. DCSs replaced pneumatic
controls; analog single loop controllers; and analog control systems. DCSs
predominantly use function block programming. DCSs were (and remain) more
expensive than PLCs because the reliability requirements are more demanding, in most
cases, than in PLC applications. Also, in DCS systems, there are usually 2 or more
layers of control, in which a master controller sends set points to sub-controllers.
Typically, sub-controllers send data back to the master controller(s). DCSs often
interface with thousands of data points. DCS requirements are more difficult to meet.
Downtime of some DCS components would have a major impact on lost production.

Over time, the two technologies became more alike. That has led some manufacturers
to call their industrial controllers Programmable Automation Controllers, or PACs. There
are many applications which can be met by either a PLC or DCS, but usually a PLC will
be less costly.

Diversity in the PLC/ DCS/ PAC market and its problems

Since the 1970s, many Original Equipment Manufacturers (OEMs) have offered similar
systems for control equipment end users. As time passed, technology improved.
Processor speeds increased, sizes of components used by controller OEMS -
processors, memory modules, etc. - decreased, and new products could be offered
which were smaller and more powerful. In some cases OEMs had difficulty getting some

1
Typically the voltage across a 250 ohm resistor built into each analog input module channel.

© M.J. Hamill, Industrial Communications and Control Protocols 5

[Link] PDHonline Course E497 [Link]

components for previous generation products from their suppliers. Competitive

pressures forced controller OEMs to focus on new products to match competitors'
offerings. But most companies in the PLC/DCS/PAC market were going their own way -
developing their own unique equipment, and especially, using their own unique
protocols.

By the late 1980s it was evident there was too much diversity in this market. Devices
from one OEM could be used with the same OEM's equipment, but not with comparable
equipment from other companies. The need to standardize similar controllers and field
devices as much as possible was apparent. Some common digital communication
protocols and fieldbuses were needed. This was what customers would ultimately want.
The BMBF (Department of Education and Research) agency of the German
government recognized this need. It responded by spearheading the development of
what became the PROFIBUS (Process Field Bus) group of standards. Around the same
time, the Instrumentation Society of America (ISA) 2 formed a task group to develop
common standards for use by transmitters, actuators, and control systems. This
eventually led to the formation of the Fieldbus Foundation, which developed
specifications for “open” protocols.

Better data communications methods were also developed. Ethernet, first developed in
1973, is a good example. As networks grew in size and the Internet spread around the
world in the 1990s, the advantages of using Ethernet and its native protocols, including
TCP/IP, with industrial controllers became apparent. So Ethernet and TCP/IP variations
are now widely used by industrial controller OEMs.

Networks, Nodes, and Topologies

This course diverges for a time to an explanation of networks.

A Network is an interconnected group of computers and/or controllers, and devices that

interact with computers and controllers. A Node is a computer or other device in a
network. Networks are interconnected by many different types of conversion devices,
cables, and sometimes, by radio transceivers.

3 common topologies, or arrangements for networks, are discussed below:

Bus
Star
Ring

2
ISA is now the Instrumentation, Systems and Automation society.

© M.J. Hamill, Industrial Communications and Control Protocols 6

[Link] PDHonline Course E497 [Link]

Figures 1A, 1B and 1C are diagrams which show each topology.

The Bus topology is the simplest. Figure 1A shows a simple bus network. Note the
presence of resistors at the ends of the bus. Each node is exposed to data traffic on the
bus, but it will only respond if data is directed to it. Otherwise the data is ignored. A bus
topology has the disadvantage that failure of the bus cable will stop communications.
End resistors with identical resistances are used to improve signal quality on the bus.

A Point-to-Point connection is the simplest example of the bus topology. Point-to-point

connections are used, for example, to connect a PC and printer.

In a Star topology (Figure 1B), individual nodes are connected to a central node. Very
often the central node is a Switch. Switches allow temporary pathways to be made so
any node on the network can communicate with any other node. In a star topology, an
individual node can be disconnected without affecting communications on the rest of the
network. It’s more reliable than a bus topology. All data traffic stops if the central node
fails. However, switches are built for high reliability, and often, Uninterruptible Power
Supplies are connected to provide temporary backup power in event of loss of line
power. Sometimes redundant switches are used for improved reliability. In that case,
each node has two ports, with separate cables attached to each distributed node.

© M.J. Hamill, Industrial Communications and Control Protocols 7

[Link] PDHonline Course E497 [Link]

Figure 1C below illustrates the Ring topology. The ring doesn’t have a master device.
Each node can both send and transmit data. Data sent from one node to another is
forwarded around the ring from the originating node to the destination node to which it is
addressed. If a segment fails, data can be sent in the reverse direction.

Many different types of devices besides computers, controllers and switches can be can
be part of a network – such as printers, scanners, barcode readers, TV camera, etc.

In reality, networks are interconnected in many different ways. Some networks consist
of combinations of one or more of the three basic networks. In a properly set-up
network, data can get from one node to another as long as a path for data transmission
exists. No doubt many readers have seen or worked with networks much more complex
than those shown in this course. See References 4 and 5 for information on other types
of networks.

© M.J. Hamill, Industrial Communications and Control Protocols 8

[Link] PDHonline Course E497 [Link]

Most networks have a central computer known as a Server. Servers are computers
which meet higher standards for dependability, durability, and speed of access to data
than ordinary desktop computers. They usually have a far larger data storage capacity,
too. Servers are frequently set up in redundant pairs. Computers in a network which act
only as "dumb terminals" - which operators can use for monitoring and control, but don’t
directly interact with controllers or perform processing tasks - are referred to as Clients.
A server processes requests from its clients and interacts with controllers. Servers are
sometimes referred to as thick clients, and client PCs are sometimes called thin
clients.

Many plants and facilities have multiple client PCs and controllers in various locations.
So use of servers in process control applications is sensible for 4 reasons: first, to
centralize key databases used to monitor the site in one reliable computer (or redundant
pair of computers). Second, historical data can be placed on servers. Third, use of
servers simplifies access to shared resources such as printers. Last, a client-server
network allows appropriate delegation of roles and tasks to different entities. Each local
controller - a PLC, DCS, or PAC - can execute control over systems in a specific area of
a site, and report the status of its inputs and outputs to the server. And client operator
terminals that are networked with a server can access the server's database(s) for
several purposes:

To allow operators to monitor operations at a plant's subsystems.

To let operators start and stop equipment as needed, and adjust set points for
automatic control. 3
To view alarm screens.
To access trend screens which show how key levels, pressures, temperatures,
etc., have varied over time.
To view accumulated values such as total flow in a day, and numbers of
equipment starts.

A diagram of a sample network follows on the next page. This network is an Ethernet
network. Note how it shows a variety of components. Brief explanations of some more
network components follow in this course.

Many communication cables have one group of conductors or fibers for communication
in one direction, and another group of conductors or fibers for communication in the
other direction. Regarding such cables, two communications terms sometimes used are
Half-duplex and Full-duplex. Half-duplex refers to the transmission of data in only

3
For these purposes, the server passes on commands from client PCs to the appropriate local controller.

© M.J. Hamill, Industrial Communications and Control Protocols 9

[Link] PDHonline Course E497 [Link]

one direction at a time on a cable or other data link. Full-duplex refers to the
transmission of data in two directions simultaneously. Typical copper Ethernet cable has
separate pairs of conductors for data transfer in opposite directions.

The OSI Model and its importance

The OSI, or Open Systems Interconnect model, is the next topic. The OSI model is a
theoretical model of how communications occur on a network. It has 7 layers. It’s helpful
to refer to the OSI model to explain features of protocols, hardware and networks. The
layers are:

© M.J. Hamill, Industrial Communications and Control Protocols 10

[Link] PDHonline Course E497 [Link]

Layer 1 (Physical): This layer considers only the physical aspects of a network; the
cables, converters, interconnecting devices, etc.

Layer 2 (Data-link): This layer concerns itself with how Layers 1 and 3 work together.

Layer 3 (Network): This layer provides an addressing scheme for routing of data and
messages.

Layer 4 (Transport): This layer makes sure that messages get to their correct
destination.

Layer 5 (Session): This layer handles the actual connections between systems.

Layer 6 (Presentation): This layer deals with the way different systems represent data.

Layer 7 (Application): This layer concerns itself chiefly with the software applications
used on a computer screen.

Use of protocols involves both software and hardware, and it's hard, but sometimes
necessary, to differentiate between functions performed by hardware devices, and
functions performed by software. So it's helpful to refer to the OSI model sometimes.

Hardware and Connecting Cables

Communication and control protocols operating on a network need hardware devices

and connecting cables to work. Some common hardware devices are built into
computers and controllers - or attach directly to them. Many do not. A few of each sort
are listed below in Tables 1 and 2. Table 3 lists some network communications cables.

TABLE 1: Computer and Controller Network Devices

Device Description
Serial ports Data is transmitted one bit at a time through serial ports. RS-
232 serial ports usually either have 9, 15 or 25 pins.
Universal Serial Bus (USB) ports, which allow data at much
higher speeds than RS-232 ports, have become the dominant
type of serial port.
RJ-45 receptacles These are receptacles for cable with RJ-45 connectors.
Industry-standard RJ-45 connectors are applied to the ends
of standard twisted-pair copper Ethernet cables with 8
conductors (e.g., Cat. 6 cable.)

© M.J. Hamill, Industrial Communications and Control Protocols 11

[Link] PDHonline Course E497 [Link]

Network Interface Cards NICs allow a computer to be connected to a network. Most

(NICs) NICs have an RJ-45 receptacle. These cards also have a
built-in MAC (Media Access Card) card for the computer-to-
network interface.
Small Form-factor SFP transceivers are plug-in devices which are inserted into
Pluggage (SFP) dedicated slots of switches, routers, and some Network
Transceivers Interface Cards. Most SFPs are used for interface with fiber-
optic cables. Another less-often used type permits interface
with copper Ethernet cable.

TABLE 2: Standalone Network Devices

Device Description
Switches Switches provide connectivity for many computers on a
network, and connectivity to other network devices, including
other switches. Switches commonly have as few as 4, and as
many as 48 ports for Ethernet cables. Switches usually have
at least one port for a cable to connect to another switch or a
router. Switches are usually (but not always) managed
devices, that is, configurable by the end user. In Ethernet
networks, they reduce chances that “data collisions” will
happen if simultaneous data transmissions occur.
Media converters Media converters provide bi-directional communications by
interfacing copper Ethernet cable and fiber optic cable. Media
converters are often rack or DIN-rail mounted.
Wireless transceivers These devices facilitate wireless communication on a
network.

TABLE 3: Some Network Communications Cables

Device Description
Twisted-pair wiring Twisted-pair copper cables with varying numbers of
conductors are used in some networks, e.g., RS-485.
Resistors are applied to the far ends of some networks with
twisted-pair cables. (Twisted-pair wiring may or may not have
a shield around it – and/or individual pairs may be shielded.)
Coaxial cable Coaxial cables are also widely used. Appropriate connectors
and receptacles, and use of terminating resistors are
essential with coax.
Copper Ethernet cable Copper Ethernet cables have 4 Unshielded Twisted-Pairs
(UTPs). RJ-45 connectors are usually attached to each end.
The different types of Ethernet cables (Cat. 5, Cat. 5e, Cat. 6,

© M.J. Hamill, Industrial Communications and Control Protocols 12

[Link] PDHonline Course E497 [Link]

etc.) have subtle differences. The maximum rated length

recommended for Ethernet cables varies with the type used.
Crossover cable A crossover cable is an Ethernet cable in which the RJ-45
(copper type) end connectors are applied so the Tx (transmit) conductors of
one receptacle are connected to the Rx (receive) conductors
of the other receptacle. Normally, Tx conductors on one end
connect to Tx conductors on the opposite end, and likewise
for Rx conductors. These cables are sometimes used for
direct computer-to-computer communications without an
intermediate switch. They’re usually fairly short.
Fiber optic cable Fiber optic cable is used to transmit data over much longer
distances than copper Ethernet cable. It can carry a great
amount of data. Fiber optic cables are either “single mode” or
“multimode”, and different types of cables pass light at
different wavelengths. Individual fibers have very small
diameters, and the ends of fiber optic cables must be
prepared by a specialist before end connectors (there are
about 6 common types) are applied. They are available as
either trunk (long) cables, or patch (short) cables. Patch
cables come with end connectors applied.

Communication methods
The last topic to be covered before interface standards and protocols are discussed in
detail is communication methods. Three common methods for communications between
network are Master-Slave, Token-Ring, and Ethernet.

Master-slave communications is quite simple. It's also used often in industrial

controllers. In this technique, a master device issues commands to one or more slaves,
and the slave(s) respond. For example, a PLC which is connected to 3 external (or
remote) racks may be the master. Every 40 milliseconds, the PLC's processor first
checks for any altered inputs in the local rack (the rack where the processor is located);
then it sends a query to the 1st external rack to see if any inputs have changed, or
hardware failures have occurred. Any changes are reported back to the processor. The
process is repeated for the 2nd external rack after querying of the 1st rack is done; and
the 3rd rack after the 2nd rack has been checked. Then the processor runs its program,
changes any outputs if necessary, then it sends, or "writes" new data to the output
registers of modules in the local rack and 3 external racks. Usually, the slave devices
are not controllers – but sometimes they are. In the latter case, a master controller
might send a set point to a slave controller.

© M.J. Hamill, Industrial Communications and Control Protocols 13

[Link] PDHonline Course E497 [Link]

Token-Ring networks rely on token passing for data communications. As the name
suggest, token-ring communications is used on ring networks. "A special message,
called the token, is passed from one machine to another around the ring, and each
machine can transmit only while it is holding the token." 2 Token-ring networks never
became prevalent in business and industry. However, token-passing doesn’t require a
ring network for use – it can be, and is, used on networks of other topologies.

So, some protocols rely on token-passing but don’t use a ring network.

Since the Internet became widespread in the 1990s, the term Ethernet has become
common. Ethernet is essentially a method for communications between computers and
other devices on a network. Ethernet makes use of Carrier Sense - Multiple Access with
Collision Detection, or CSMA/CD. On an Ethernet network, any node can communicate
with any other node. It works like this: first, before a computer or controller sends data
to another (or more than one) device, it listens to see if the network is busy. If the
network is active, it will wait and try to send data later. If it senses the network is
available, it will transmit the data. However, due to network time delays, a node may
start sending data before it senses data release by another network node. In that case,
a data collision occurs, and neither node will be able to successfully transmit data.
Afterwards, each device will wait a random amount of time (usually less than a second)
before attempting data transfer again. Ethernet works better than any other method for
large networks. That's why the Internet uses Ethernet. And use of the Ethernet method
is becoming more common among industrial controllers. Furthermore, communication
speeds on Ethernet networks are fast – typically 100 megabits per second (Mbps).

Peer-to-peer communications
When any network can transmit data to any other node on the network, the network is
called a peer-to-peer network. Peer-to-peer capability is only possible if the application
layer protocol supports it. Peer-to-peer networks can be implemented on networks with
many different topologies. A master-slave network is not a peer-to-peer network.

Client-server communications
Ethernet-based protocols such as Modbus TCP/IP and EtherNet/IP use client-server
communications techniques. It’s useful to explain this briefly, because of the differences
with client-server networks. In client-server communications, a client sends outputs to
a server, and a server returns inputs to a client. Sometimes a device can be a client at
one time, and a server at another time, depending on the device’s role.

Deterministic communications

© M.J. Hamill, Industrial Communications and Control Protocols 14

[Link] PDHonline Course E497 [Link]

Communications that occur within predictable and repeated time intervals are referred
to as deterministic. In controllers, deterministic communications capability is vitally
important. Most programmable controllers check and see if any inputs from field devices
have changed many times per second. If any have, the controller responds rapidly.

Deterministic communications is also referred to as cyclic communications – notably

in the PROFIBUS standards.

Ethernet is "nondeterministic" - communications occur on an as-needed basis. But

some industrial communications protocols use deterministic adaptations of Ethernet 4.
Use of managed switches effectively makes most networks deterministic 3. However,
switches used in industrial Ethernet networks should be segregated from office
networks to ensure determinism.

Interface standards and devices

Interface standards are discussed below to minimize confusion. That's because the
same type of interface, or interfacing device, is often used by more than one protocol for
communications. Two interface standards and one interface device are mentioned
below:

RS-232: RS-232 is a Telecommunications Industry Association (TIA) standard for data

transmission at speeds up to 20,000 bits per second (bps). It is used for serial data
transmission. RS-232 is used only for data transmission from one device to another.

RS-232 interfaces are built into many computers, and devices like controllers and
printers. RS-232 ports most often have D-shell 9-pin, 15-pin, or 25-pin receptacles.
Most RS-232 cables have male ends. In cases where the numbers of pins differ
between connected devices, an appropriate cable will be needed. (These can be
obtained from electronics suppliers.) RS-232 cables can be no longer than 50 feet.

RS-232 is on the physical layer of the OSI model. Different protocols communicate on
RS-232 devices and cables.

RS-232 ports have been replaced by USB ports in contemporary use. USB allows far
faster data transmissions with a simpler cable. However, many controllers are so
reliable that they're used for 15 years or longer. So the typical reader has seen RS-232
ports and cables.

4
For example, EtherNet/IP and Modbus TCP/IP.

© M.J. Hamill, Industrial Communications and Control Protocols 15

[Link] PDHonline Course E497 [Link]

RS-485: RS-485 is an interface standard for data communications that allows much
higher data transmission speeds than RS-232 - up to 1 megabit per second (1 Mbps) on
a 100 meter cable. Data communications speed varies inversely with the total length of
an RS-485 cable; the shorter the total length, the faster the maximum speed and vice-
versa. At RS-485 terminals and on conductors, a small negative voltage represents an
off bit, and a small positive voltage represents an on bit.

The technically correct term for this standard is TIA-485. But it is still referred to as RS-
485 because the standard has existed for decades and has usually been called RS-485.

Most often RS-485 networks consist of point-to-point connections to nodes from a bus
cable. Twisted-pair wiring is used for the bus cable. It offers high immunity to electrical
noise when implemented properly. Terminating resistors are used on each end of the
network to minimize communications problems. In most RS-485 networks, one master
device communicates with slaves. It is a relative simple network to install, use, and build
into controllers. This makes it an attractive option for relatively simple networks and
applications. RS-485 is widely-used.

RS-485 is on the physical layer in the OSI model. The standard supports up to 32 nodes
on a bus. Additional nodes can be used if repeaters are used. Different protocols
operate on RS-485 networks.

Figures 3A & 3B depict RS-485 setups. Tx indicates data transmission, Rx indicates

data reception. Conventional RS-485 networks use a point-to-point 2-wire arrangement
with one master and multiple slaves.

Figure 3A – Typical 2-wire RS-485 Network

© M.J. Hamill, Industrial Communications and Control Protocols 16

[Link] PDHonline Course E497 [Link]

Figure 3B – 4-Wire RS-485 Network

Figure 3C shows how an RS-485 cable segments can be joined to a terminal strip near
an RS-485 node. In this arrangement, it’s possible to temporarily disconnect an RS-485
node without interrupting network communications.

RJ-45: RJ-45 ports and connectors have 8 conductors, and RJ-45 connectors are
attached to twisted-pair copper Ethernet cables, e.g. Category 6 cables. RJ-45 ports are
built into Network Interface Cards (NICs) in computers, controllers, Ethernet switches,
media converters and other devices. Communication speeds of 100 Mbps and higher
are often realized on Ethernet networks.

Converters: Converters can be bought to allow different types of serial devices to

interface. One example is an RS-485 to USB converter. Sometimes they’re helpful.
© M.J. Hamill, Industrial Communications and Control Protocols 17
[Link] PDHonline Course E497 [Link]

Common Features in Protocols

Many different protocols are used for data communications, but most that have found
widespread acceptance share some features. Some are mentioned below.

Data transmissions are usually done in consecutive clusters of many bytes. Each
cluster consists of parts that have either fixed or variable length, depending on the
protocol and particular situation. Many protocols have specific ways to mark the start
and end of each transmission.

In TCP, or Transmission Control Protocol, which is used on the Internet and in most
Ethernet networks, these consecutive clusters are called frames. Frames, in turn, are
broken down into smaller units called packets that are handled by routers.

Individual data transmissions on a network also typically include the address of the
source node, and address(es) of the destination node(s).

Each protocol also has its own method (or user-selectable method) for error checking.
Error checking is used in protocols to make sure the data received at a destination
node is identical to the transmitted data. Electrical noise, connection problems, or a
failed part may interfere with effective data communications. If the sending node gets a
response from the receiving node that the data was received as intended, the task is
done. But if a mismatch was detected, or no acknowledgement that the data has been
received properly is returned, than either the data will be resent, an informative
message will be generated, or another appropriate action will be taken.

Protocols exist for communicating data. But different protocols are used for different
purposes. Yet, in plant control applications, much of the data falls into four categories:

Analog inputs
Analog outputs
Discrete inputs
Discrete outputs

Sometimes other types of data, like character data, are also transmitted. Log-on names,
passwords, and text messages are examples of character data 5.

5
ASCII, extended ASCII, and Unicode are some widely-used standards used for representing character data.

© M.J. Hamill, Industrial Communications and Control Protocols 18

[Link] PDHonline Course E497 [Link]

Each protocol used in plant control applications has its own unique way of
characterizing different types of data.

Most people using communications and control protocols won't have to be concerned
about these details - but one never knows. It might, for example, become necessary to
choose between two or more error-checking methods.

Some Notable Automation Companies

Some of the most widely-used control protocols in use were developed by important
suppliers of automation equipment. Three suppliers are mentioned below.

The first is Modicon. Modicon built the first PLC ever used. It was 1 of 3 functionally
similar controllers installed at a transmission plant of a General Motors subsidiary in
1969. Modicon was an independent company for about 8 years before it was purchased
by Gould in 1977, then by AEG in 1994. Modicon has been owned by Schneider Electric
since 1996. Modicon remains active in the PLC/ PAC market around the world. It has
maintained a significant market presence for over 40 years.

The second company is Allen-Bradley. Allen-Bradley, a prominent manufacturer of

electrical equipment, was the dominant PLC supplier in the United States by the mid-
1980s. It was by far the main PLC supplier to car and truck manufacturers. Like
Modicon, it has a large international presence. In the late 1990s, Rockwell Automation
bought Allen-Bradley. It still has a sizeable market position.

The last is the German multinational company Siemens. Siemens had a large market
position in Europe by 1990. It now has a world-wide presence. Siemens collaborated
with other German companies and a bureau of the German government to develop the
PROFIBUS protocols.

Proprietary and Open Protocols

Protocols subdivide between Proprietary and Open types. Allen Bradley's DH+ (Data
Highway Plus) is an example of a proprietary protocol. It could be used with many Allen-
Bradley PLC-5s, but not with PLCs made by other OEMs. Open protocols are (or were)
developed by more than one organization acting in collaboration. Most open protocols
developed as a result of long, iterative processes of proposals, consultations, and
adjustments to proposed standards prior to release of a standard. The people involved
in development of open protocols developed them to increase standardization; to
provide reliable communications; to reduce end users’ costs; and to increase end users’
convenience. Some open protocols are revised from time to time. FOUNDATION
Fieldbus H1 protocol is an example of an open protocol.

© M.J. Hamill, Industrial Communications and Control Protocols 19

[Link] PDHonline Course E497 [Link]

The HART Protocol

In the 1970s, end users starting preferring transmitters with 4-20 milliampere (mA)
signal outputs over other options. Over 40 years later, the 4-20 mA output transmitter
remains the favorite transmitter type. A typical transmitter is connected to a DC power
supply, and sends a 4 to 20 mA signal to a controller that's linear (or adjusted to be
nearly linear) in a range between the low and high limits of a transmitter's calibrated
range. Rosemount was the most notable supplier of transmitters in the 20 th century for a
wide variety of measurement types. In the mid-2010s, it still has a large market
presence.

In 1982, Rosemount, Inc. introduced its HART (Highway Addressable Remote

Transducer) protocol.

A simplified discussion of HART follows. HART transmitters place a wave atop the 4-20
mA signal that isn't needed or sensed by a controller, and doesn't affect the output of
the transmitter. The wave’s frequency is continuously varied depending on whether a bit
is 0 or 1. The wave contains data about the circuit, measurement, and transmitter.
When a HART Handheld Terminal 6 is connected to the 4-20 mA circuit 7 with a HART-
compatible transmitter, the user can monitor the circuit and adjust key transmitter
aspects from the terminal. This simplifies the tasks of checking for problems, and
changing a transmitter's range without removing the transmitter's cover. The
superimposed wave is immune to electrical noise and ground loop currents, which can
affect a purely analog 4-20 mA signal.

HART communications can sometimes be used to represent two or more signals. For
example, the air flow measurement inferred from a differential pressure (D.P.)
transmitter depends on air temperature. If a HART-capable D.P. transmitter also
measures temperature, both measurements can be transmitted on the same cable.

HART was originally proprietary, but now it is an open protocol. HART-compatible

transmitters have been offered by many OEMs besides Rosemount for some time.

TCP/IP

6
Configured personal computers can also interface with HART transmitters.
7
Most controller analog input modules have a built-in dropping resistor for each input. Typically it follows the
negative circuit terminal. Both HART communicator connections to a 4-20 mA circuit must precede the resistor.

© M.J. Hamill, Industrial Communications and Control Protocols 20

[Link] PDHonline Course E497 [Link]

TCP (Transmission Control Protocol) & IP (Internet Protocol) – known as TCP/IP - are
key protocols. They are used together on the Internet and in Ethernet networks in
commercial and governmental organizations. "TCP/IP is a standard for transmitting data
in packets from one computer to another .... The two parts are TCP, which deals with
construction of data packets, and IP, which routes them from machine to machine." 4 IP
uses 4 "octets". The decimal equivalents of each octet range from 0 to 255, and periods
separate octets in an IP address, e.g., [Link]. There are restrictions regarding
IP addresses. Some can't be used, and Internet Protocol version 4 (IPv4) is quickly
running out of available addresses for public access.

TCP/IP is mentioned here because some protocols used in control applications are
adaptations of TCP/IP. For example, in Modbus TCP/IP, TCP/IP is like an envelope for
data transmitted per the Modbus protocol. In these adaptations of TCP/IP, data is sent
from one node to another on a network using the same node addressing scheme that IP
uses.

In the mid-2010s, IPv4 is being used around the world. IPv6 (Internet Protocol version
6) will eventually replace IPv4.

Control protocols

There are many control protocols used with controllers. Some of the most widely-used
ones are explained in the remainder of this course.

Modbus and some of its variants : The original, proprietary Modbus protocol
was developed by Modicon in 1979 for use with Modicon PLCs. It is one of the earliest
control protocols ever developed. Data transmission in Modbus is serial – one bit
follows another. In 2004 Modbus it became an open protocol managed by the Modbus
Foundation. Modbus is a relatively simple protocol that uses numbering schemes that
are familiar to those who have programmed Modicon PLCs. Some commercially
available instruments, meters, indicators, and actuators are Modbus-compatible.

It’s correct to refer to Modbus as a control protocol, but it can also be used for data
communications applications that don’t require control capability. The same is true for
FOUNDATION Fieldbus H1 and HSE, and PROFIBUS PA, which are examined later.

Modbus Characteristics
Master-slave network
Application layer protocol It isn’t hardware dependent.
Serial data communications The maximum obtainable speed varies with the

© M.J. Hamill, Industrial Communications and Control Protocols 21

[Link] PDHonline Course E497 [Link]

variant of Modbus used, and equipment on the

Modbus network.
Maximum nodes allowed 247 slaves

Modbus Variants
Modbus is used on different types of networks for different applications. Here are two of
its variants:

Modbus RTU: This variation is very widely used. It’s used on RS-485 networks.
Master-slave communications are used. It includes error checking. All devices on
a Modbus RTU network must be set to the same communications speed.
Modbus TCP/IP: This is Modbus adapted for use on an Ethernet network. It is
also known as Modbus TCP. It uses client-server communications. Process data
in messages communicated using Modbus TCP/IP are “embedded” in a TCP
frame. Nodes in a network using Modbus TCP/IP (and other protocols that use
TCP/IP) use IP addresses.

The Appendix has an overview of the Modbus RTU protocol. It is meant to help readers
understand how a communications protocol works.

Modbus Plus
Modbus Plus has similarities to Modbus but also some differences. It’s an application
layer protocol that uses token-passing, and network nodes use peer-to-peer
communications. It was developed as, and remains, a proprietary network. It is
managed by Schneider Electric. Network nodes may be PLCs, PCs, terminals,
actuators and drives.

Rockwell / Allen-Bradley Protocols

Some Rockwell/ Allen-Bradley protocols deserve attention because of the company’s
large market presence. The first two discussed are proprietary.

a. Data Highway Plus (DH+)

DH+ was probably used for communications between nodes more often in Allen-
Bradley’s PLC-5 product group 8 than any other protocol. DH+ is a token-passing
protocol. Twisted-shielded pair wiring is used for communications between nodes.
Maximum communications speed is 57.6 kilobytes per second (kbps). Rockwell/ Allen-
Bradley no longer supports the PLC-5 family, which has been superseded by other
products. DH+ is not used on new installations. A protocol converter, or gateway, is

8
The longevity of PLC-5 systems makes it worthwhile to mention DH+.

© M.J. Hamill, Industrial Communications and Control Protocols 22

[Link] PDHonline Course E497 [Link]

available from at least one firm 5 for communications between DH+ networks, and more
recent networks using the underlying Control and Information Protocol (CIP) applied in
later Rockwell/ Allen-Bradley products. DH+ networks use end-of-line resistors.

b. DF1
DF1 is a serial protocol used for communications between programming devices
(chiefly, notebook computers) and PLC-5 (and similar processors, e.g. Allen-Bradley’s
SLC-500 PLCs); and these PLCs, and devices like A-B 1990s-era operator terminals.

c. Common Industrial Protocol (CIP)

CIP is a protocol used in industrial applications which “underlies” and is common to the
next 3 next protocols discussed. CIP’s standards (and those for the next 3 protocols)
are now open protocols, managed by the non-profit organization ODVA, Inc.

d. ControlNet
ControlNet is an open protocol that’s notable for its use in Rockwell/ Allen-Bradley’s
ControlLogix group of controllers. Its functions are distributed in several layers in the
OSI model. Allen-Bradley participated in development of ControlNet (and EtherNet/IP &
DeviceNet). It’s an open protocol whose standards are managed by ODVA. Rated
communications speed is 500 kbps. Nodes in a ControlNet network are connected by
RG-6 coaxial cables and connectors. Each end of the network must have a terminating
resistor. It can support up to 99 nodes. The physical length of a ControlNet network can
be extended using repeaters and/or media converters which interface copper and fiber
optic cable.

Slave devices in a ControlNet (or EtherNet/IP) network are not limited to controller
remote racks or other controllers. The author once participated in a project where 10
drives were linked to a branch of a ControlNet network. The use of many Input and
Output (I/O) modules was avoided.

e. EtherNet/IP
EtherNet/IP is an open protocol which uses CIP and implements Ethernet
communications between nodes for communications and control. It is managed by
ODVA. ODVA will only certify EtherNet/IP hardware for use if it will work in industrial
environments. Ethernet is non-deterministic – communications occur only as needed –
but EtherNet/IP achieves deterministic communications for input & output updates,
which makes it suitable for plant control uses. Processor to remote rack and processor-
to-processor communications are possible with EtherNet/IP. Drives and Motor Control
Centers (MCCs) which interface with EtherNet/IP are also commercially available. Such
interconnections reduce the need to install conduits, cable trays, wiring, etc.

© M.J. Hamill, Industrial Communications and Control Protocols 23

[Link] PDHonline Course E497 [Link]

Ethernet-based protocols like EtherNet/IP have been gaining acceptance in applications

like motion control that require fast response times. (Ethernet communications speeds
are much higher compared to other network speeds.)

f. DeviceNet
DeviceNet is another CIP protocol. It was developed to enable interface of sensors, and
output devices with controllers. DeviceNet interfaces mainly with discrete input sensors
and discrete output devices. Physically, it is implemented with trunk lines; drop lines
which branch from trunk lines; 5-wire cables 9; appropriate connectors; and one or more
DC power supplies. Figure 4 below shows a DeviceNet network. The physical layer
abides to the Controller Area Network (CAN) protocol. Terminating resistors are used at
the ends of a trunk line. Up to 63 nodes are allowed. Its maximum communication
speed is 500 kbps. A lower speed - 125 kbps or 250 kbps – must be used in some
cases, depending on the network’s total length. DeviceNet is an open protocol that’s
managed by ODVA. Any vendor can sell DeviceNet hardware provided it has been
tested and approved by ODVA. Rockwell/ Allen-Bradley offers scanner modules that
can be added to a PLC rack for interface to DeviceNet networks.

DeviceNet is a somewhat difficult protocol to use. Potential users need to pay very close
attention to detailed requirements when setting up or changing a DeviceNet network.

9
Each cable consists of 2 DC power wires, 2 signal wires, and a drain wire.

© M.J. Hamill, Industrial Communications and Control Protocols 24

[Link] PDHonline Course E497 [Link]

Some Important Open Protocols

The Fieldbus Foundation and its work

Early work on what became the FOUNDATION Fieldbus group of protocols was done
by the ISA. In 1994, two industry groups working on similar goals merged to form the
Fieldbus Foundation. This non-profit group, which became the Fieldbus Foundation,
issued the first standards in 1996. They have since been updated (and expanded). The
foundation’s main goals all along were to develop an open protocol that users would
want; to reduce end users’ reliance on proprietary protocols; to provide standards for
high reliability; and to test manufacturers’ products to verify conformance to its
standards. Regarding the last point, if two different field devices from different
manufacturers both conform to FOUNDATION standards, either can be used in a
FOUNDATION network.

© M.J. Hamill, Industrial Communications and Control Protocols 25

[Link] PDHonline Course E497 [Link]

The FOUNDATION protocols are discussed below. Both are targeted to the DCS
market. People who work only with PLCs shouldn’t need to use FOUNDATION fieldbus
equipment and systems.

FOUNDATION Fieldbus H1
The Fieldbus Foundation participated in development of an international field bus
standard, IEC 61158. FOUNDATION Fieldbus H1 complies with IEC 61158-1. It is for
use for communications between a controller and field devices on a network - or
between field devices. FOUNDATION H1 compatible transmitters and actuators have
been offered by OEMs for some time now. Each FOUNDATION H1 communications
network requires a fieldbus linking device, a power supply, and terminating resistors.
Linking devices interface the fieldbuses with a DCS. Twisted-pair wiring that meets
certain specifications is normally used for cables. Some of its other characteristics are
listed below:

31.25 kbps communication speed.

32 network nodes supported.
The point-to-point bus is the most commonly used topology for network
segments, but other topologies, including bus with droplines & tree 10 can be
used.
Schedules control activity in, and communications activity between devices.
Regularly polls devices for process data.
Removes non-responsive devices from the link.
The maximum length of an individual fieldbus, including droplines, is 1900 feet.
The range of a FOUNDATION H1 network can be extended by using up to 4
repeaters.
Standard, Enhanced, or Vendor-Specific function blocks are used for interaction
between control systems and network devices.
FOUNDATION H1 networks can be used in applications requiring intrinsic safety
if the end user abides by certain practices.
All values are communicated as floating-point values in engineering units. 11

FOUNDATION H1 networks are often connected in an RS-485, point-to-point, multidrop

arrangement. However, communications on that network type will cease if a cable
segment connecting any 2 nodes breaks. However, good installation practices make
that issue manageable, and FOUNDATION H1 and FOUNDATION HSE networks (see
below) were developed for use with DCSs. Also, redundant buses may be used for
interfacing to the same set of field devices for greater reliability, if the network hardware
supports redundant connections. FOUNDATION H1 networks allow users to avoid
running an individual cable for every field device. Many DCSs are FOUNDATION H1
compatible. FOUNDATION H1 networks can be deployed to provide Intrinsic Safety

10
See Reference 5 for an explanation of the tree topology.
11 th
Instrument Engineers’ Handbook, Process Measurement and Analysis, Chapter 1.6. (4 Edition, 2003)

© M.J. Hamill, Industrial Communications and Control Protocols 26

[Link] PDHonline Course E497 [Link]

(I.S.) for bus-connected devices located where an explosion hazard exists, if the end
user abides by certain practices 12.

Anyone considering using FOUNDATION H1 for the first time might contact the
Fieldbus foundation, or talk with controller OEMs.

An image of a FOUNDATION Fieldbus H1 network is shown in Figure 5.

FOUNDATION Fieldbus HSE

FOUNDATION Fieldbus HSE (High Speed Ethernet) is a communications and control
protocol which merges process control and Ethernet connectivity & communications.
Deterministic communications are used. It uses redundant cabling. Communications
over distances exceeding a mile can be obtained with FOUNDATION HSE certified
equipment. Approved hardware is manufactured for industrial environments.

Figure 5 - A Fieldbus Network

The PROFIBUS STANDARDS

The PROFIBUS (Process Field Bus) standards arose from the efforts of a consortium of
German companies including Siemens Corp., and the German government. These

12
Intrinsically safe practices limit energy in circuits so explosions can’t happen. They’re applied in environments
where explosion hazards exist.

© M.J. Hamill, Industrial Communications and Control Protocols 27

[Link] PDHonline Course E497 [Link]

standards, and the FOUNDATION Fieldbus standards, have many similarities. The
PROFIBUS standards are maintained by PROFIBUS & PROFINET International (PI). PI
tests vendor equipment for conformance to the applicable standard(s). These protocols
are all open.

The PROFIBUS protocols are not as widely-used in the United States as they are in
Europe and Asia. The PROFIBUS standards conform to IEC 61158.

PROFIBUS PA
PROFIBUS PA (Process Automation) is a Profibus standard that applies to field devices
and bus cables. It is interoperable with PROFIBUS DP. Its rated communication speed
is 31.25 kbps. PROFIBUS PA and FOUNDATION Fieldbus H1 are similar. PROFIBUS
PA compatibility is offered by many instrumentation and actuator OEMs. Some of its
other characteristics are listed below:
Implemented with either twisted-pair or fiber-optic cable. If twisted-pair cables are
used, end of line resistors are required.
Bus topology used when segments of twisted-pair cable link devices.
Star, bus, and ring topologies possible when fiber optic cable is used.
Connectivity to PROFIBUS DP controllers.
Can support field devices used in environments where explosion hazard exists.
126 nodes can exist on a network.

PROFIBUS DP
PROFIBUS DP (Decentralized Peripherals) is another PROFIBUS standard which
applies to controllers. Profibus DP is marketed for PLC applications. Some of its
features include:
It supports cyclic communications.
126 network nodes supported.
Can optionally be configured with redundant cabling.

PROFINET
PROFINET is for use on high speed Ethernet networks. Two of its 3 subdivisions can be
readily used in plant settings: PROFINET IO, and PROFINET IRT. Both types optionally
allow redundant cabling. Both use cyclic communications. And approved PROFINET
hardware is approved for industrial environments (unlike conventional devices in
Ethernet networks.)
PROFINET IO is intended for use in conventional plant applications.
PROFINET IRT is intended for use in factory applications where both changes in
inputs (from devices like encoders) and very fast responses to changed
conditions (for devices like operating servo drives) are needed.

© M.J. Hamill, Industrial Communications and Control Protocols 28

[Link] PDHonline Course E497 [Link]

Anyone considering using any variation(s) of PROFIBUS for the first time might talk with
controller OEMs first.

Protocols used with HMIs

No course on control protocols would be complete without emphasizing that protocols
are also needed for communications between controllers and HMIs – Human-Machine
Interfaces. HMIs are also called Man-Machine Interfaces (MMIs) and Graphic User
Interfaces (GUIs). For plant operators, an HMI is usually desktop computer with a
monitor, keyboard and a mouse. Controllers, HMIs, and the networks which
interconnect the devices are more broadly called SCADAs - Supervisory Control and
Data Acquisition Systems. In reality, a plant with more than two HMI terminals will
usually have a server computer, or redundant server pair.

People use HMIs to monitor what controllers are doing, provide key information on plant
operations, and enable operators to operate equipment and systems from remote
locations. Operators must be able to start up and shutdown equipment and systems;
switch between automatic to manual modes; change set points of automatic control
loops; and intervene in other ways. Also, operators need to be able to view and respond
to alarms; monitor trends in processes; and access historical information. This is the
role of HMIs.

Windows OS and OPC

Microsoft Corp. developed its Windows operating system (OS) so it could be used with
programs developed by many outside firms for all sorts of applications. Companies that
developed HMI programs wanted them to be interoperable with Windows. So, HMI
developers like Intellution 13 and Wonderware 14 made their software interoperable with
Windows. HMI developers also found it useful to use some Microsoft programs –
notably its spreadsheet program, Excel.

Some key Microsoft application programs use Object Linking and Embedding, or OLE.
OLE allows two applications to operate together and share data. HMI developers and
controller OEMs alike sought to use OLE techniques so HMIs and controllers could
work together. This led to the development of OPC - Object Linking and Embedding for
Process Control. OPC is now known as Open Platform Communications.

OPC was developed for a key purpose: to provide a common set of standards, so any
OPC-compliant HMI software program would be able to interface with any controller.
13
A division of GE Intelligent Platforms, as of 2016.
14
A division of Schneider Electric, as of 2016.

© M.J. Hamill, Industrial Communications and Control Protocols 29

[Link] PDHonline Course E497 [Link]

OPC compliance is a very desirable feature and selling point for companies that offer
HMI software.

In practice, a software subprogram called a driver is needed to interface an OPC

compliant HMI with a particular controller. The development of drivers was – and
remains - time-consuming for both for the HMI vendors and controller OEMs. Many
technical issues come into play. HMI vendors usually have separate drivers, only one of
which can be selected, for interfacing with a particular OEM’s controller. (And many
controller OEMs use different software for different controllers, too!)

Sometimes the best choice for a driver is not obvious. For example: GE Intelligent
Platforms’ Intellution HMI software can use the Modbus Ethernet (MBE) driver to
interface with Rockwell/ Allen-Bradley ControlLogix processors.

Rockwell Automation has a somewhat different approach. It offers several different HMI
software programs such as RSView32 and FactoryTalk. But all of them rely on an OPC-
compliant applications program called RSLinx15 that acts as a network communications
manager. RSLinx also has drivers that can be selected to interface with programmable
controllers provided by other OEMs besides Rockwell/ Allen-Bradley PLCs and PACs.

The topic of HMI software is quite complex. This course only provides an overview.

Local operator terminals

In many plant applications, the end user’s requirements for operator monitoring or
control are fairly simple. In such cases, a single operator interface terminal is located
close to the equipment or system being controlled, and a SCADA network with multiple
remote terminals is unnecessary. Local operator terminals may have touch screens, or
a mouse with a built-in trackball (which moves an arrow on the screen) for operators. In
such cases, a single cable usually connects the controller and terminal. In applications
like these, a complex driver which requires interoperability between different
manufacturers’ equipment (such as Modbus MBE, mentioned above) is not needed for
communications between the processor and terminal.

Disadvantages of using protocols

Intelligent use of protocols has many advantages. But protocols, fieldbuses and
networks shouldn’t be used without recognizing the disadvantages.

15
RSLinx is available in different versions for different application requirements.

© M.J. Hamill, Industrial Communications and Control Protocols 30

[Link] PDHonline Course E497 [Link]

The main disadvantage is that using protocols and fieldbuses is that communications
with multiple devices (instruments and/or actuators) can be lost if a single device (like a
power supply or interface module) fails, or, for some networks, if electrical continuity is
lost in a segment of a cable.

Using conventional transmitters with 4-20 mA signals and twisted-pair wiring has
advantages over using a protocol and a communications bus. So does using typical
wiring for interfacing with discrete sensors, and controlled devices like motors.
Technicians are more familiar with conventional devices than equipment operated over
a bus - and if a problem arises, it’s often easier to find the cause of a problem and fix it.
Sometimes there is a high turnover rate among techs, so if a few key people leave and
have to be replaced, then it’s easier to find replacement staff capable of using proven
technology. This is also true for engineers.

Before choosing to use a new protocol, decision makers also need to judge the
capabilities of the installers, and in-house people who will be maintaining the system,
doing things like modifying programs, replacing failed modules, and expanding the
system. A new technology, with unfamiliar programming software and a new protocol,
shouldn’t be used unless it represents a good choice. In particular, the installers, OEM,
and software providers should have a good record of customer support.

Summary
This course discussed some widely-used industrial communications and control
protocols. It explained how use of protocols has improved reliability in plant applications.
It reviewed different types of networks, network cables, and hardware devices. And it
emphasized how reliable plant control depends on reliable networks.

© M.J. Hamill, Industrial Communications and Control Protocols 31

[Link] PDHonline Course E497 [Link]

Appendix: Overview of the Modbus RTU Protocol

The Modbus RTU protocol is a simple protocol that’s widely used both for communications only
and control applications. There is one master device and multiple slaves. Slave devices respond
if a query issued by the master is directed to it.

Each slave on a Modbus RTU network must be set to the same communications speed, and
use the same parity setting: either Even, Odd, or None. A parity bit is added by the master after
each byte in the data component of each frame transmitted (unless “None” is selected).

Each Modbus RTU frame sent by a master consists of 6 or 7 components, as tabulated below.
Addresses can be either read-only (r) or read/write (r/w), that is, they can be both read from and
written to. The function code will determine the type of operation performed.

Frame Component Description

Start Minimum 28 consecutive bits of silence
ID Slave number (1-247 decimal)
Function Code 8 of the most often used function codes are tabulated below.
(8 bits)
Address The first address in the slave device for the data of interest.
When more than 1 consecutive address is being read from or
written to, the slave is told how many registers will be
accessed. See table on the next page. (8 bits minimum)
Data (for write operations) N * 11 bits, where N is the number of addresses. This count
includes start, parity, and stop bits for each byte
CRC Cyclic Redundancy Check. This is a generated bit stream
that’s a function of the packet sent to the slave. The CRC
response from the slave device will let the master know
whether or not the transmission & response occurred error-
free. If not, the master will take appropriate action. 16 bits.
End Minimum 28 consecutive bits of silence.

Function Codes
1 Read Coil (output bit) status
2 Read Input (input bit) status
3 Read Multiple Holding Registers
4 Read Input Registers
5 Write Single Coil
6 Write Single Holding Register
15 Write Multiple Coils (bits)
16 Write Multiple Holding Registers

© M.J. Hamill, Industrial Communications and Control Protocols 32

[Link] PDHonline Course E497 [Link]

Notes on Function Codes:

Registers have 16-bit (2-byte) memory spaces that typically store AIs and AOs.
Holding registers store data that cannot be classified as a DI, DO, AI or AO, such as
adjustable parameters and elapsed flow totals.

Modbus PLC Address Ranges16

Address Range Description
000001-009999 For control applications, these are the same as discrete outputs
(DOs). 1 bit sent by master per address (r/w).
010001-019999 Same as discrete inputs (DIs). 1 bit sent per address. (r)
030001-039999 Same as analog inputs (AIs). 16 bits sent per address. (r)
040001-049999 Same as analog outputs (AOs). 16 bits sent per address. (r/w)

Modbus RTU data is stored in registers (or consecutive registers) that hold either single bits, 16
bits, 32 bits, or 64 bits.

OEMs offering Modbus-compatible devices have considerable latitude regarding what the
address ranges may be for each class of register. However, there can be no more than 65,536
(216) registers of each type. This is far more registers than are needed by Modbus-compatible
field devices like transmitters and actuators.

For slave devices, the Modbus standard doesn’t require that the lower-order byte (representing
bits from 20 and 27) must precede the higher-order byte (representing bits with values from 28 &
215). Masters will assume the lower-order byte is first. However, an OEM may not have set up
memory for the device that way. The application engineer needs to know if a Modbus device’s
data has the higher-order byte preceding the lower-order byte. If so, the master device must be
programmed to interpret the slave’s data as per the device supplier’s specs.

Replies from slave devices

The master needs to know if a frame it sent was received properly by the slave. 3 common
responses by a slave are:
If write data is received as transmitted, the frame will be echoed back to the master as it
was issued.
If a read command was successfully sent and received, data from the registers will be
included with the reply message.
In event the data received by the slave was corrupted, incomplete, or can’t be
processed, either no reply will be sent, or an exception code will be returned to the
master.

16
The address ranges shown in the table above apply to late-model Modicon PLCs.

© M.J. Hamill, Industrial Communications and Control Protocols 33

[Link] PDHonline Course E497 [Link]

References:
1. Web resource: [Link] (Wikipedia)
2. Web resource: [Link] (Wikipedia)
3. Web resource: [Link]
4. Web resource: [Link]/
5. “Introduction to Computer Networking” (Course E175, Dale E. Callahan,
[Link]/ [Link])
6. "How to Develop High Reliability Ethernet Control Systems Using Media
Redundancy" (Acromag, Inc. White Paper)
7. “An Introduction to Modbus ® Serial Communication” (Precision Digital Corp.)
8. FOUNDATION Fieldbus, 2 nd Edition (Ian Verhappen & Augusto Pereira, ©2006,
ISA)

Endnotes:
1
[Link]
2
Dictionary of Computer and Internet Terms, Ninth Edition, Barron’s Educational Series, Inc.
3
Introduction To Modbus TCP/IP, Publication 8500-765-A05C000, Acromag Inc., 2005
4
Dictionary of Computer and Internet Terms, Ninth Edition, Barron’s Educational Series, Inc.
5
Prosoft Technologies, Bakersfield, California.

© M.J. Hamill, Industrial Communications and Control Protocols 34