The rapid growth of cloud data centers has reduced the organizational cost of botnets while significantly increasing the risk of Link Flooding Attack (LFA) to network service providers. The attacker utilizes legitimate low-rate flows with non-spoofing addresses to congest the bottleneck link, which aims to disconnect the target area. To overcome certain hitches of traditional defenses, we propose an in-network collaborative link flooding attack defense scheme (ICDLFA) to implement detection and mitigation. First, an adaptive anomaly detection algorithm, namely constrained clustering inference, is proposed to detect malicious flows at line rate without pre-trained models, which improves the adaptability of the detection algorithm to different scenarios. In particular, the anomaly detection algorithm is executed independently on a programmable switch, which significantly improves the detection efficiency by escaping the global view of the controller. Second, the collaborative mitigation mechanism propagates the traffic limitation policy to the vicinity of the attack source, which alleviates the impact on legitimate flows. In addition, the distributed defense can effectively limit the flexible transformation of attack vectors and reduce the possibility of launching subsequent attacks. Simulation results demonstrate that our in-network LFA defense scheme could accurately and effectively detect and mitigate LFA, quickly adapt to attack changes, and reduce network resource overhead.