OpenVPN bridging

OpenVPN bridging

I have a following situation and need your help. My client has several
servers-routers in different GEO regions and some servers within one DC
which are used for a Xen virtualization each.
Routers are used to provide IPs for Xen VPS servers. At first i configured
OpenVPN on each router, divided IP list in peaces and routed specific IPs
to a specific Xen server.
The whole thing is kind of "hardcoded" so if i need to move an IP from one
Xen server to another i need to edit "iroute" section in OpenVPNs "ccd"
config file and this is really bad as i can't do live migration
automatically and it's not that flexible.
So as i understand an approach to solve this is to move to the bridges and
TAP instead of TUN. Lets say i have three server-routers. On each
XenServer i create 3 bridges. Each virtual machine is connected to a
specific bridge depending on which IP it wants to get (from a router1, or
router2 or router3). On each Xen server correspondingly bring up three TAP
devices and add each to it's bridge. Each TAP is created using OpenVPN
connecting to a server-router.
And what i do not understand is what should i do on a server-router.
Before i had a simple configuration with a "mode server", TUN and seperate
ccd's for each XenServer. Should i switch it to a TAP device? How does
OpenVPN decide where to route a package - 1st, 2nd or 3d XenServer? With
"iroute" directives it was pretty clear, but now the are removed. An
broadcast package sent?
PS. Is it possible to combine three bridges to a one? I do not understand
how will be the outgoing taffic routed. Depending on a "gateway" inside a
VM?
Sorry for such a long question.