I've actually seen this behavior (more specifics being
leaked and then promptly withdrawn), though the trigger
wasn't quite so obvious.
It turned out what was happening is that a bunch of gunk was
being redistributed into BGP and tagged with "keep internal"
communities to avoid advertisement to EBGP peers. Implicit
policy was being applied at the domain egress such that if
the "keep internal" community values weren't present the
routes were by default advertised externally.
In addition, BGP policies (i.e., prefix filters) that identified
"keep internal" address space (and pretty much everything else,
for that matter) were being rewritten every night on every BGP
router in the network (regardless of change).
The routers in question run a BGP redistribution process every
60 seconds and it just happened to run (quite often) just as
filters were being rewritten, resulting in "the gunk" not being
tagged as "keep internal" and therefore being advertised
externally. A subsequent run of the BGP process realized a
policy was in place withdrew the routes.
The symptoms were somewhat random as the leaked routes varied from
day to day, depending on which routers throughout the domain
happened to have a BGP redistribution process collide with a policy
rewrite -- but all in all, in a large network it seemed to occur on
at least a couple of routers every night.
My conclusions:
o Redistributing into BGP can get ugly and should be
avoided
o Blindly rewriting policies (or any configuration elements)
that haven't changed is bad
o Implicit route advertisement policies are bad
-danny