You know, if I were using IPV6 I'd have all the addresses I need, or so I'm told. You know, I actually could do that. I could have a 6-to-4 address on the colo box and assign a subnet to the xen domains. I could destination-NAT through ports for the IPV4 external services like web and mail. But for management I could connect using the domain 0 as a IPV6 router for 6-to-4. Each VM would get its own IPV6 address on a 6-to-4 subnet behind domain 0. Using teredo or 6-to-4 I could guarantee that my laptop always had a useful IPV6 address, even behind a NAT. I could similarly set up 6-to-4 at my apartment so that I could easily connect to management interfaces from there.
I've done most of the work to support this. In particular, I wrote scripts to easily manage 6-to-4 on Linux. I have two prefixes at home. The first is based on the inner tunnel address of my home router. That's nice and stable, but the problem with using that prefix is that traffic goes over the tunnel. So, I created another prefix based on my comcast address. That's somewhat stable as Comcast doesn't renumber often, but not stable enough I want to put it in DNS. It does use moderately efficient routing at least for talking to other 6-to-4 nodes. I mark the stable prefix as not preferred, so that the source selection algorithm will prefer other addresses, but it will still be available for inbound connections.