嵌入式系統常用的通訊協定-RS485/Modbus

RS485:

• 為半雙工(同一時間只能選擇傳送或接收的動作)
• 為差動傳輸，使用纜線兩端(Ｄ＋、Ｄ－)的電壓差來表示傳遞訊號
• 常用於單機傳送(Master)，多機接收(Slave)的通訊鏈結。可將數個感應裝置的數值回傳給Master

Modbus over RS485:

• Modbus是一種串列通訊協定
• Modbus為master/slave架構。一個裝置為Master節點，其他節點為slave。
• 每一個slave裝置都有一個唯一的位址/ID (1~247)
• Since a single byte is normally used to define the slave address and each slave on a network requires a unique address, the number of slaves on a network is limited to 256. The limit defined in the modbus specification is even lower at 247.
• master和slave之間走的Modbus 協定其封包格式有分ASCII 或RTU兩種
• ASCII 為文字模式, 用character 傳送, RTU 為binary 模式傳送
• 封包格式:   Slave ID  | Function Code | Data | CRC

RTU 訊息格式

• Information is stored in the Slave device in four different tables.
• Two tables store on/off discrete values (coils) and two store numerical values (registers). The coils and registers each have a read-only table and read-write table.
• Each table has 9999 values.
  Each coil or contact is 1 bit and assigned a data address between 0000 and 270E.
  Each register is 1 word = 16 bits = 2 bytes and also has data address between 0000 and 270E.
  

Coil/Register Numbers	Data Addresses	Type	Table Name
1-9999	0000 to 270E(9999)	Read-Write	Discrete Output Coils
10001-19999	0000 to 270E	Read-Only	Discrete Input Contacts
30001-39999	0000 to 270E	Read-Only	Analog Input Registers
40001-49999	0000 to 270E	Read-Write	Analog Output Holding Registers

Coil/Register Numbers can be thought of as location names since they do not appear in the actual messages. The Data Addresses are used in the messages.For example, the first Holding Register, number 40001, has the Data Address 0000. The difference between these two values is the offset.
Each table has a different offset. 1, 10001, 30001 and 40001.

只有Data Address(Offset)才出現在送出的Message 中, 如何知道查的是那一張表呢?
答案是利用Function Code 來決定


What is a function code?

The second byte sent by the Master is the Function code. This number tells the slave which table to access and whether to read from or write to the table.

Function Code (Command) 3 is to read 4xxx registers, and  4 for 3xxx registers. 

Function Code	Action	Table Name
01 (01 hex)	Read	Discrete Output Coils
05 (05 hex)	Write single	Discrete Output Coil
15 (0F hex)	Write multiple	Discrete Output Coils
02 (02 hex)	Read	Discrete Input Contacts
04 (04 hex)	Read	Analog Input Registers
03 (03 hex)	Read	Analog Output Holding Registers
06 (06 hex)	Write single	Analog Output Holding Register
16 (10 hex)	Write multiple	Analog Output Holding Registers

Example: 

Read Holding Registers (FC=03)

Request
This command is requesting the content of analog output holding registers # 40108 to
 40110 from the slave device with address 17.
11 03 006B 0003 7687
11: The Slave Address (11 hex = address17 )
03: The Function Code 3 (read Analog Output Holding Registers)
006B: The Data Address of the first register requested.
             ( 006B hex = 107 , + 40001 offset = input #40108 )
0003: The total number of registers requested. (read 3 registers 40108 to 40110)
7687: The CRC (cyclic redundancy check) for error checking.
Response
11 03 06 AE41 5652 4340 49AD
11: The Slave Address (11 hex = address17 )
03: The Function Code 3 (read Analog Output Holding Registers)
06: The number of data bytes to follow (3 registers x 2 bytes each = 6 bytes)
AE41: The contents of register 40108
5652: The contents of register 40109
4340: The contents of register 40110
49AD: The CRC (cyclic redundancy check).


Read Coil Status (FC=01)

Request
This command is requesting the ON/OFF status of discrete coils # 20 to 56
from the slave device with address 17.
11 01 0013 0025 0E84

11: The Slave Address (11 hex = address17 )
01: The Function Code 1 (read Coil Status)
0013: The Data Address of the first coil to read.
             ( 0013 hex = 19 , + 1 offset = coil #20 )
0025: The total number of coils requested.  (25 hex = 37,  inputs 20 to 56 )
0E84: The CRC (cyclic redundancy check) for error checking.
Response
11 01 05 CD6BB20E1B 45E6
11: The Slave Address (11 hex = address17 )
01: The Function Code 1 (read Coil Status)
05: The number of data bytes to follow (37 Coils / 8 bits per byte = 5 bytes)
CD: Coils 27 - 20 (1100 1101)
6B: Coils 35 - 28 (0110 1011)
B2: Coils 43 - 36 (1011 0010)
0E: Coils 51 - 44 (0000 1110)
1B: 3 space holders & Coils 56 - 52 (0001 1011)
45E6: The CRC (cyclic redundancy check).
The more significant bits contain the higher coil variables. This shows that coil 36 is off (0) and 43 is on (1). Due to the number of coils requested, the last data field1Bcontains the status of only 5 coils.  The three most significant bits in this data field are filled in with zeroes.

RS485 模組 (MAX485)的Pin 腳定義:

• pin 1 :RO (receive out)
• pin 2 RE (receive enable) 
• pin 3 :DE (data enable) 
• pin 4 :DI (data in)
• pin 5, pin 8 :  Gnd  and Vcc onnected
• pin 6,7 : A and B  the RS485 pair

RO------->UART TX
DI<------- UART RX

把/RE and DE 短路, 然後MCU/Pi 用一根GPIO 決定 /RE 或 DE.(即是決定是在送還是在收的狀態, 因為RS485是單工)

讀出來若是以Float 表示, 則需進行轉換成十進制

須考慮 Byte ordering的問題!

http://www.61131.com/download.htm

 AQUAS-SR04

相關文章: 

[1] DYNAMIXEL Motor 控制使用TTL 

[2] UART over TTL/RS232 

多重接取(Multiple Access)技術概念整理

多重存取(Multiple Access) 談的是讓很多人共同來使用的資訊通道，而彼此不互相干擾，因此必須以多工技術（multiplex）架構來提供。依方法可分為FDMA、TDMA、CDMA三種。

頻寬可以想像是一個房間空間，有N個人要用

1. FDMA: 在相同的空間隔出很多的小間,所以N個人可以在同一時段使用 
2. TDMA: 只要時間錯開, 所以不用隔間。由1個人使用全部空間,用完再換另一個人
3. CDMA: 不隔間且時間也不必錯開，只要這N個人講不同的語言(spreading code)，而互不影響彼此的對話，各自仍然可以分辨出各自不同的語言，不會造成解讀的困擾。CDMA，將不同使用者的資料分別與特定密碼（正交展頻碼）運算以後，再傳送到資料通道，接收端以不同的密碼來分辨要接收的訊號。這種方法必須將數位訊號與密碼進行運算，故只能使用在數位通訊系統中。

我們說話的時候，不可能只有一種頻率，而會有高音（高頻）與低音（低頻）的變化；也就是說，我們其實是發出某一個頻率範圍的聲音（聲波）。因此，當我們以高頻電磁波來傳送語音訊號時，不會只用到一個「頻率」，必須使用某一個「頻率範圍」來通話才行。這個可以傳遞訊號的頻率範圍就稱為頻寬（bandwidth），單位和頻率相同為赫茲（Hz）。

通訊時，每一對通訊使用者必須使用「不同的頻率範圍」來通話，因為手機並不會分辨到底是誰和誰在說話，而是接收「某一個頻率範圍」


在通訊設備中，「調變」是指發射端將低頻訊號（聲音）處理成高頻訊號（電磁波）以後，再傳送出去；「解調」則是指接收端將高頻訊號（電磁波）接收以後，還原成低頻訊號（聲音）。

科學家發現聲音傳輸時損耗比較大，容易受到干擾，所以無法傳遞很遠；而電磁波傳輸時損耗較小，不易受到干擾，所以能夠傳遞很遠。例如：人類的聲音頻率約300~3400 Hz，僅能傳遞數百公尺；而FM 收音機的頻率約88~108 MHz，便可傳遞數百公里之遠。因此，聰明的科學家就想到要以高頻的電磁波「載著」低頻的聲音，如此一來就可以傳遞數百公里了，我們稱之為高頻載波技術。  


http://scimonth.blogspot.tw/2014/09/blog-post_3.html

TDMA 中的兩種機制

Aloha

Aloha : 沒有coordinate , 想送就送，撞了再重傳
Slotted Aloha: 加入time slot, 要大家同步在同一個time slot 傳送, 但仍然想送就送, 撞了再重傳
Aloha: G exp(-2G)  (G:  mean  arrival rate) if G=1, 1/(e^2)=0.168
Slotted Aloha: G exp(-G)  , if G=1, 1/e=0.36

Slotted Aloha 約是 Aloha 兩倍throughput

CSMA (Carrier Sense Multiple Access) 

"Listen before talk"
CSMA 可以被分類為三種：

1. non-persistent CSMA: channel busy, 等一段random backoff time, 再偵測channel idle 就送
2. 1-persistent CSMA: channel busy 不等一段random backoff time, 仍持續偵測channel , idle 就送
3.  p-Persistent CSMA: channel busy 不等一段random backoff time, 仍持續偵測channel , channle ide , 擲一骰子(機率p) 決定是否要傳送。若是落在'(1-p) 不送,

使用Wireshark 用過濾Wi-Fi 802.11的封包

使用Wireshark 用過濾Wi-Fi 802.11的封包

filter 語法: 

# 過濾 MAC 來源位址
wlan.sa == xx:xx:xx:xx:xx:xx 

# 過濾 MAC 目的位址

wlan.da == xx:xx:xx:xx:xx:xx

# 過濾 MAC 位址 (不管出現在來源或目的位址) 

wlan.addr == xx:xx:xx:xx:xx:xx

Wi-Fi 與Zigbee 的MAC Algorithm

Zigbee 的MAC Algorithm:

(1) Binary Random Backoff
(2) Channel Idle > CCA (CW=2)  ==>  如果CW減到0 則傳送否則重新再來過

CW=2 是一個固定值 , 表示idle 至少有CW以上的時間,才認為channel idle 才可以傳

若Binary Random Backoff 完後, channel仍不是idle (包含CW沒有減到0) 則再一次進行Binary Random Backoff

BP=random(0, 2^BE-1)

BP: Backoff Period
BE: Binary Exponent , 每次發生collision .  BE都會增加 ,其初始值為3, 則第一次BP為random(0,7)
NB: backoff 次數限值


Wi-Fi 的MAC  Algorithm (DCF)

DCF (Distributed Coordination Function)= CSMA/CA+ACK

程序:

(1) Channel Idle > DIFS  ? ==>  channel idle是否大於DIFS的期間,若否繼續偵側，直到大於DIFS。若大於DIFS, 則隨機選一個random backoff window, 並且每一個time slot減1, 當減到0時, 才能傳送。減1的動作只有在判斷channel 是Idle的狀態才會減1, 若channel是busy狀態, 則不減1 ("freeze Backoff window")

採用time backoff 機制讓其他人有機會可以取得medium來傳送。

(2) Binary Random Backoff ( 決定了CW的值 ) =>  當CW減到0時, 就直接傳送不用管channel idle與否。若傳了之後是發生碰撞(沒有收到ACK則視為碰撞)，則此次傳輸沒有成功, 再重傳, 從(1)再來過。

CW=2 非固定值,  CW=random(CWmin, 2^BE-1) 介於CWmin~CWmax中間,

CWmin------------ CW-------------------CWmax
CW=min(CWmax, CW)
CW=max(CWmin, CW)

若idle 長度至少有DIFS的長度才視為channel idle

----------------------------------------------------------

Wi-Fi vs  Zigbee 

• Zigbee和Wi-Fi 都是利用 Time Backoff 來創造一個公平機會的Medium Access 機制 
• Zigbee 的CW是固定值, 而Wi-Fi CW是一個變數, Wi-Fi CW 其實是Zigbee 的BP, 兩者名稱相同, 但意思不同
• Zigbee 評估 Channel Idle , 看CW, 而Wi-Fi 評估 Channel Idle , 看DIFS
• Zigbee Backoff 的 BP會一直減1不管channel 是否idel或有人傳 , 而Wi-Fi Backoff 的 CW會減1但必須channel 是 idel狀態才能減1

CCA: Clear  Channel Assessment

CW: Contention Window

DCF: Distributed Coordination Function

DIFS: DCF Inter Frame Space


 References:

1. https://www.vocal.com/networking/802-11-distributed-coordination-function-dcf/

99.9% of the time Wireless is half duplex. There are experiments that can result in a "full duplex" wireless network but that's all lab-based and not real-world.

Full-duplex is what most wired connections use which means two devices can send and receive data at the same time and can also detect collisions straight away. via CSMA/CD

With Wireless the devices cannot send and receive simultaneously and they cannot sense collisions. Instead they use CSMA/CA to detect usage on the frequency to see if it is safe to transmit data. There are a large number of factors that can affect a wireless signal and interfere with it which results in lower throughput.

LPWAN 長距離低功耗通信技術 : NB-IoT vs LoRa

IoT 遠距離通信技術 : NB-IoT、LoRa均為 LPWAN (Low Power Wide Area Network), 主要應用都在智慧城市、智慧交通(如停車場)管理，智能電錶、水錶抄表、智能農業等低數據量的採集。

WiFi和BTLE主要應用於個人設備相關的應用。蜂窩技術主要應用於需要高數據吞吐量，以及需要供電的應用場景。LPWAN的應用場景包括：長電池壽命，並且傳感器和應用在長距離下，只需要每小時只要傳遞幾次數據。

	NB-IoT	LoRa
聯盟	3GPP 2016年6月標準提出	2013年8月，Semtech公司發表一顆Lora 晶片 LoRa Alliance (2015年3月) IBM主導
技術特點	蜂巢 同步協議 (節點必須定期地連到基地台)	線性展頻 非同步協議
網路佈署	運用原本的4G/LTE基地台(升級現有)	獨立建構自家的LoRa網路, 節點構通都必須同屬LoRa網路 (不同於Internet門派)
頻段	電信營運商頻段 1GHz以下的授權頻段, 建置成本高	150MHz~1GHz的非授權頻段, 建置成本低
傳輸距離		1~20Km
速率	<100kbps	<50kbps
連接數量	200k/cell	200k~300k/hub
終端電池工作時間	約10年	約10年
模組成本	約$5~$10	約$5
	電信營運商	可由企業自行搭建

原文網址：https://read01.com/KOKgoA.html

References:

1. The Fundamentals Of Short-Range Wireless Technology
2. WiMedia Beaconing Protocol Test Considerations
3. https://read01.com/5xzLQE.html

各種車用通訊技術

車用通訊技術




行動通訊技術

• GSM (Global System for Mobile Communications) 2G -- 9.6Kbps
• GPRS (General packet radio services) 2.5G -- 35Kbps to 171kbps
• EDGE (Enhanced Data rates for GSM Evolution) 2.75G -- 120Kbps to 384Kbps
• UMTS (Universal Mobile Telecommunications System) 3G -- 384Kbps to 2Mbps
• HSPA (software upgrade to UMTS, theoretical 42Mbps) 3.5G -- 600Kbps to 10Mbps, averages 1-3Mbps
• WiMAX/LTE "4G" (theoretical 100Mbps) -- 3Mbps to 10Mbps average, 20Mbps+ peak download speeds.

什麼是RSSI、SNR、dbm ?

http://www.ti.com/product/CC2500

Low Cost, Low-Power 2.4 GHz RF Transceiver Designed for Low-Power Wireless Apps in the 2.4 GHz ISM B

Device Type	Smart RF Transceiver
Flash (KB)	0
RAM size (KB)	1^ 2^ 4
Min VCC	1.8
Max VCC	3.6
RX Current (Lowest) (mA)	13.3
Data Rate (Max) (kbps)	500
Modulation Techniques	OOK^2-FSK^GFSK
Sensitivity (Best) (dBm)	-104
TX Power (Max) (dBm)	1
USB 2.0	No
Key Software Features	SimpliciTI Supported
Rating	Catalog

Receiver Sensitivity (單位: dbm) :這個愈小表示其接收訊號靈敏度愈好。如有一個energy 是-130dbm, Sensitivity 為-140 dbm 的RF, 可以收到感知此訊號, 而Sensitivity 為-120dbm 則感知不到此訊號。



RF power : 功率單位用mW表示, 但常用log表示,在數線上才好表示 dbm 。 dBm=10*log(pf/1mw)

用來表示兩訊號的倍數/比值關係,如SNR (Signal to Noise Ratio)。可以用 Power, 但常用dB來示gain或 decay倍數關係, 如原始訊號被放大一倍, , 用log表示, 則會是說增加了3db
dB=10*log(pf/pi)

 0dBm = 1 mW, 10 dBm = 10 mW, 20 dBm = 100 mW, 30 dBm = 1 W

log2=0.3010, 10*log(2)=3db
每增加3db 就是功率增加(gain)一倍x2,  所以功率增加6db就是power x4
每滅少3db 就是功率減少(loss)一倍x0.5, 所以功率減少6db就是power /4

用成log,的另一個好處理是, 訊號可以用放大或縮小都可以用加減法來運算。

log(AB)=logA+logB
log (A/B)=logA-logB
Received Power (dbm) = Transmitted Power (dbm) + Gains (db) − Losses (db)
signal -53dbm, noise -90dbm, SNR= -53-(-90)=37db
一般Wi-Fi 品質叫做好, 那SNR 至少 20db (signal是noise旳100倍)




RSSI（Received Signal Strength Indication）是指接收的信號強度指示(in dbm )，用來判定鏈結的品質。

RSSI (Recieved Signal Strength Indicator) is a common name for the signal strength in a wireless network environment. It is a measure of the power level that a RF client device is receiving from an access point, for example. RSSI is the relative signal strength in a wireless environment and can be measured in any unit of power. It is often expressed in decibels (db), or as percentage values between 1-100, and can be either a negative, or a positive value.

The closer the figure is to zero, the better. For example, RSSI of -65 is better than -85. As a general example, a good signal would be -50 dbm, a reasonable would be -75, and a bad one would be -90, while -100 would provide no service at all.

To get a meaniful measurement of a good quality signal, you would have to subtract the noise on the line from that signal power level and consider the difference. A higher difference of signal to noise indicates better signal.



Wi-Fi 發射TX功率,美國 FCC/ 台灣NCC 規範 100mW (20dbm), 通常接收到時的功率只有-50 dbm (因為訊訊在中間傳輸時會loss)



References:

iBeacon: 用RSSI 如何推算距離? 

http://blog.ittraining.com.tw/2017/05/ibeacon-rssi.html